IT Certification exam information exchange, brain dumps discussions sharing.
You are not logged in. Please login or register.
Share Test → Dumps Discussions Sharing → SY0-601 topic 1 question 90
Which of the following is the BEST action to foster a consistent and auditable incident response process?
A.
Incent new hires to constantly update the document with external knowledge.
B.
Publish the document in a central repository that is easily accessible to the organization.
C.
Restrict eligibility to comment on the process to subject matter experts of each IT silo.
D.
Rotate CIRT members to foster a shared responsibility model in the organization.
I think is B, because there are 2 requirements " Consistent & Auditable".
D, will foster consistent IR process, but not auditable.
B, will ensure consistency in understanding in IR process & document is auditable.
The best action to foster a consistent and auditable incident response process is to publish the document in a central repository that is easily accessible to the organization. This will ensure that all members of the organization have access to the latest version of the document and can refer to it easily in the event of an incident. It will also enable the organization to track changes to the document over time, helping to ensure that the incident response process remains up to date and effective.
Correct!
B - Publish a document
Per https://www.comptia.org/blog/security-awareness-training-incident-response-plans - (Your incident response plan should detail the immediate actions required of employees.)
This blog also references NIST guidelines https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf - (Incident response
plan, policy, and procedure creation is an important part of establishing a team, so that incident response
is performed effectively, efficiently, and consistently, and so that the team is empowered to do what needs
to be done. )
D is good after the fact and for a company with many analysts but that's not always the case and it does not nothing for an audit. An effect response to an incident includes all employees and what needs to be done in different instances.
B. Publish the document in a central repository that is easily accessible to the organization.
Rotating members of the CIRT ensures consistency by ensuring that there is no one group that has full control of the incident response process. Separating the duties of incident response prevents single points of failure. It ensure auditability by making sure that no one group of staff has full control of the process and a member's participation in the CIRT can be checked by other personnel.
"Another important consideration is availability. Incident response will typically require 24/7 availability, which will be expensive to provide. It is also worth considering that members of the CIRT should be rotated periodically to preclude the possibility of infiltration."
By publishing the incident response document in a central repository that is easily accessible to the organization, all stakeholders, including team members, management, and relevant personnel, can have access to the latest version of the document. This ensures that everyone is on the same page and follows a consistent incident response process. Having a centralized repository also facilitates version control, making it easier to audit and track changes to the document over time.
Option D, rotating CIRT members to foster a shared responsibility model, can be a good practice to promote knowledge sharing and avoid overreliance on specific individuals. However, it might not directly address the need for a consistent and auditable incident response process.
Publishing the incident response document in a central repository that is easily accessible to the organization ensures that all relevant stakeholders have access to the latest version of the document. This promotes consistency in the incident response process as everyone is working from the same set of guidelines and procedures.
D. We have a centralized repository and thinking that'll create consistency? Don't make me laugh! No, create a team (smallish) and make them do it to tightly-defined parameters.
The BEST action to foster a consistent and auditable incident response process is to publish the document in a central repository that is easily accessible to the organization. By making the document easily accessible, all employees can access the document and understand the incident response process, ensuring consistency in the incident response process. Additionally, having a central repository makes it easier to audit the incident response process to ensure compliance with policies and regulations.
B. Publish the document in a central repository that is easily accessible to the organization is the BEST action to foster a consistent and auditable incident response process.
B. Publish the document in a central repository that is easily accessible to the organization would be the BEST action to foster a consistent and auditable incident response process. By publishing the document in a central repository that is easily accessible to the organization, all members of the organization will have access to the incident response process and will be able to refer to it as needed. This will help ensure that the process is consistent and that all incidents are handled in the same way. Additionally, by making the process easily accessible, it will be easier to audit and ensure that it is being followed properly.
i work as a CIRT and document is a must-have so that your company's future CIRTs will process any future incidents the same as we are doing today. Consistency is the key + you can audit your new resources using the document.
It´s clearly stated in the materials provided that the answer is D
Maybe quote the materials you're looking at and/or provide a reference.
B. The only way to foster a consistent response is to publish the SOP where everyone can view the procedures. Now that doesn't mean that everyone will follow the procedures competently. It is the BEST answer of the choices given.
ChatGPT says it's B
knowledge base or documentation for a consistent and auditable incident response process.
According to ChatGPT:
B. Publish the document in a central repository that is easily accessible to the organization.
Making the incident response process document easily accessible to the entire organization is the best way to foster a consistent and auditable incident response process. This ensures that everyone in the organization is aware of the process and is able to refer to it when needed. It also allows for easy updates and revisions to be made as needed, and for the document to be readily available for audits.
Option A is not the best option as it could lead to a lack of consistency and understanding of the incident response process among new hires.
Option C is not the best option as it could lead to siloed knowledge and inefficiency in incident response.
Option D is not the best option as it does not ensure that everyone in the organization is aware of the incident response process and could lead to lack of consistency."
Share Test → Dumps Discussions Sharing → SY0-601 topic 1 question 90
Note: This forum is a platform for users to share insights and discuss exam-related topics. We do not provide authentic exam questions or answers. The content here is contributed by community members and is meant for collaborative learning and discussion purposes only. Users are encouraged to refer to official sources for accurate exam materials.