Exam ISO-IEC-27035-Lead-Incident-Manager Topic 1 Question 55 Discussion
Actual exam question for PECB's ISO-IEC-27035-Lead-Incident-Manager exam
Question #: 55
Topic #: 1
Question #: 55
Topic #: 1
Scenario 7: Located in central London, Konzolo has become a standout innovator in the cryptocurrency field.
By introducing its unique cryptocurrency, Konzolo has contributed to the variety of digital currencies and prioritized enhancing the security and reliability of its offerings.
Konzolo aimed to enhance its systems but faced challenges in monitoring the security of its own and third- party systems. These issues became especially evident during an incident that caused several hours of server downtime This downtime was primarily caused by a third-party service provider that failed to uphold strong security measures, allowing unauthorized access.
In response to this critical situation, Konzolo strengthened its information security infrastructure. The company initiated a comprehensive vulnerability scan of its cryptographic wallet software, a cornerstone of its digital currency offerings The scan revealed a critical vulnerability due to the software using outdated encryption algorithms that are susceptible to decryption by modern methods that posed a significant risk of asset exposure Noah, the IT manager, played a central role in this discovery With careful attention to detail, he documented the vulnerability and communicated the findings to the incident response team and management.
Acknowledging the need for expertise in navigating the complexities of information security incident management. Konzolo welcomed Paulina to the team. After addressing the vulnerability and updating the cryptographic algorithms, they recognized the importance of conducting a thorough investigation to prevent future vulnerabilities. This marked the stage for Paulina s crucial involvement. She performed a detailed forensic analysis of the incident, employing automated and manual methods during the collection phase. Her analysis provided crucial insights into the security breach, enabling Konzolo to understand the depth of the vulnerability and the actions required to mitigate it.
Paulina also played a crucial role in the reporting phase, as her comprehensive approach extended beyond analysis. By defining clear and actionable steps for future prevention and response, she contributed significantly to developing a resilient information security incident management system based on ISO/IEC
27035-1 and 27035-2 guidelines. This strategic initiative marked a significant milestone in Konzolo's quest to strengthen its defenses against cyber threats Referring to scenario 7, Konzolo conducted a forensic analysis after all systems had been fully restored and normal operations resumed. Is this recommended?
By introducing its unique cryptocurrency, Konzolo has contributed to the variety of digital currencies and prioritized enhancing the security and reliability of its offerings.
Konzolo aimed to enhance its systems but faced challenges in monitoring the security of its own and third- party systems. These issues became especially evident during an incident that caused several hours of server downtime This downtime was primarily caused by a third-party service provider that failed to uphold strong security measures, allowing unauthorized access.
In response to this critical situation, Konzolo strengthened its information security infrastructure. The company initiated a comprehensive vulnerability scan of its cryptographic wallet software, a cornerstone of its digital currency offerings The scan revealed a critical vulnerability due to the software using outdated encryption algorithms that are susceptible to decryption by modern methods that posed a significant risk of asset exposure Noah, the IT manager, played a central role in this discovery With careful attention to detail, he documented the vulnerability and communicated the findings to the incident response team and management.
Acknowledging the need for expertise in navigating the complexities of information security incident management. Konzolo welcomed Paulina to the team. After addressing the vulnerability and updating the cryptographic algorithms, they recognized the importance of conducting a thorough investigation to prevent future vulnerabilities. This marked the stage for Paulina s crucial involvement. She performed a detailed forensic analysis of the incident, employing automated and manual methods during the collection phase. Her analysis provided crucial insights into the security breach, enabling Konzolo to understand the depth of the vulnerability and the actions required to mitigate it.
Paulina also played a crucial role in the reporting phase, as her comprehensive approach extended beyond analysis. By defining clear and actionable steps for future prevention and response, she contributed significantly to developing a resilient information security incident management system based on ISO/IEC
27035-1 and 27035-2 guidelines. This strategic initiative marked a significant milestone in Konzolo's quest to strengthen its defenses against cyber threats Referring to scenario 7, Konzolo conducted a forensic analysis after all systems had been fully restored and normal operations resumed. Is this recommended?
Suggested Answer: A Vote an answer
Comprehensive and Detailed Explanation From Exact Extract:
Forensic analysis is most effective when conducted during or immediately following the detection and containment phases-before recovery processes begin-so that critical evidence is preserved. ISO/IEC 27035-
2:2016, Clause 6.4.2 emphasizes the importance of conducting evidence collection early in the incident lifecycle to maintain integrity and avoid contamination.
Performing forensic analysis after systems are restored risks overwriting or losing crucial data such as logs, memory states, and malicious artifacts. Therefore, Paulina should have conducted the analysis concurrently with or directly after containment, not post-recovery.
Reference:
* ISO/IEC 27035-2:2016, Clause 6.4.2: "Evidence collection should begin as early as possible during incident detection and containment to preserve forensic integrity."
* ISO/IEC 27043:2015 (Digital Forensics), Clause 7.2.1: "Evidence should be collected prior to recovery to maintain chain of custody and ensure integrity." Correct answer: A
-
Forensic analysis is most effective when conducted during or immediately following the detection and containment phases-before recovery processes begin-so that critical evidence is preserved. ISO/IEC 27035-
2:2016, Clause 6.4.2 emphasizes the importance of conducting evidence collection early in the incident lifecycle to maintain integrity and avoid contamination.
Performing forensic analysis after systems are restored risks overwriting or losing crucial data such as logs, memory states, and malicious artifacts. Therefore, Paulina should have conducted the analysis concurrently with or directly after containment, not post-recovery.
Reference:
* ISO/IEC 27035-2:2016, Clause 6.4.2: "Evidence collection should begin as early as possible during incident detection and containment to preserve forensic integrity."
* ISO/IEC 27043:2015 (Digital Forensics), Clause 7.2.1: "Evidence should be collected prior to recovery to maintain chain of custody and ensure integrity." Correct answer: A
-
by Matt at Jan 21, 2026, 03:48 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).