Question 146 of 160 from exam CS0-002: CompTIA CySA+

Question 146 of 160 from exam CS0-002: CompTIA CySA+

Prev Question Next Question

Question

The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues.

The steering committee wants to rank the risks based on past incidents to improve the security program for next year.

Below is the incident register for the organization:

Date Department impacted Incident Impact January 12 | IT SIEM log review was not ~ Known malicious IPs not blacklisted performed in the month of —_| - No known company impact January - Policy violation - Internal audit finding March 16 | HR Termination of employee; did | - No known impact not remove access within 48- | - Policy violation hour window - Internal audit finding April Engineering Change control ticket not = No known impact found - Policy violation - Internal audit finding July 31 Company-wide Service outage = Backups failed - Unable to restore for three days ~Policy violation September 8 | IT Quarterly scans showed = No known impact unpatched critical - Policy violation vulnerabilities (more than 90. | - Internal audit finding days old) November 24 | Company-wide Ransomware attack = Backups failed - Unable to restore for five days - Policy violation December 26 | IT Lost laptop at airport = Cost of laptop $1,250

Which of the following should the organization consider investing in FIRST due to the potential impact of availability?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

Prev Question Next Question