CompTIA Security Plus Mock Test Q262

A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?

A. Procedure and policy management
B. Chain of custody management
C. Change management
D. Incident management


Correct Answer: D
Section: Compliance and Operational Security

Explanation:
incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). The events that could occur include security breaches.

Incorrect Answers:
A: Procedure and Policy management is in essence methods that need to be followed to ensure business continuity.
B: When working with incident then chain of custody management , i.e. how evidence is secured, where it is stored and who has access to it, is observed, but this is but a step in
incident management.
C: Change management refers to the structured approach that is followed to secure a company’s assets.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 10, 448