Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

1. A. Compromise of critical assets via third-party resources
2. B. Unavailability of services provided by a supplier
3. C. Loss of customers due to unavailability of products
4. D. Unreliable delivery of hardware and software resources by a supplier

Correct Answer: C

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

1. A. Lack of encryption for backup data in transit
2. B. Undefined or undocumented backup retention policies
3. C. Ineffective alert configurations for backup operations
4. D. Unavailable or corrupt data backups

Correct Answer: D
According to the Certified Information Security Manager (CISM) Study Guide, the greatest challenge to the recovery of critical systems and data following a ransomware incident is the availability and integrity of backups. If the backups are unavailable or corrupt, it becomes much more difficult, if not impossible, to recover the systems and data. This highlights the importance of regularly testing and verifying the backup and recovery process to ensure that the backups are available and can be used in the event of an incident. Additionally, it is important to ensure that backups are stored securely and off-line to prevent them from being encrypted or deleted by an attacker.

An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. What is the information security manager's BEST course of action?

1. A. Enforce the policy.
2. B. Modify the policy.
3. C. Present the risk to senior management.
4. D. Create an exception for the deviation.

Correct Answer: C

The PRIMARY advantage of involving end users in continuity planning is that they:

1. A. have a better understanding of specific business needs.
2. B. are more objective than information security management.
3. C. can see the overall impact to the business.
4. D. can balance the technical and business risks.

Correct Answer: A

When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?

1. A. Business impact analysis (BIA) results
2. B. Key performance indicators (KPIs)
3. C. Recovery procedures
4. D. Systems inventory

Correct Answer: A
A BIA is an important part of Disaster Recovery Planning (DRP). It helps identify the impact of a disruption on the organization, including the critical systems and processes that must be recovered in order to minimize that impact. The BIA results are used to prioritize system restoration and determine the resources needed to get the organization back into operation as quickly as possible.