The correct answer is D. At intervals indicated by industry best practice.
An incident response plan should be reviewed regularly to ensure that it is up-to-date and effective. While recovery time objectives (RTOs) and missing information can be important considerations for reviewing the plan, they are not the most important criteria for determining when to review it. Instead, industry best practices recommend that incident response plans should be reviewed and updated on a regular basis, such as annually or bi-annually, to ensure that they remain relevant and effective in response to the evolving threat landscape. Therefore, option D is the most appropriate choice.
B. When missing information impacts recovery from an incident
This is most important because it creates an unknown that must be verified. When there is missing information that impacts recovery from an incident it makes it very important to review the incedent response plan to ensure that everything will work accordingly to achieve the desired goals and objectives.
An incident response plan must be accurate, complete, and actionable during a real incident. If missing or outdated information (like contact details, escalation paths, or procedures) impairs the organization's ability to respond or recover, then the plan is not effective — and must be reviewed and updated immediately.
I still think the answer is A when the RTO is not met by your IRP.
Although the RTO is based on recovery but this recovery happens after an incident . It's the incident Reponse plan that dictates how recovery efforts will be done. If the recovery efforts don't satisfy the RTO it means the Restoration phase in the Incident Response Plan would need to be reviewed. Hence; i think it's A.
All answers suck and are incomplete in their own way. However, A and B are related to DR not IRP. So the closest to correct answer would be D. We can use industry best practice for this.
Industry best practices are out the window when you have missing information that prevents recovery. good choices are A and B - but RTO delay is not as critical as missing information
I'll have to find the answers to the questions with multiple responses. I don't like that there are many divided responses. I wish wrong answers could be banned.
A is correct. No one's going to wait for an annual review as suggested by some stuffy guy who writes standards and has no clue what's going on in the real world. If a company is missing their RTO's you think they will just wait until the yearly review comes around to check their plan? No way.
Any good ops org is measuring this daily in aggregate, and at an incident by incident level. If patterns arise showing consistently lacking RTO's, you better believe they're gonna be reviewing things weekly at a minimum. If not, it's going to be someone's ass.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
bambs
Highly Voted 1 year, 8 months ago[Removed]
1 year, 6 months agoCyberbug2021
1 year, 1 month agoSoleandheel
Highly Voted 1 year, 1 month agofadidab
Most Recent 2 weeks, 5 days agonezeranonymous
1 month, 4 weeks ago03allen
8 months, 2 weeks agoe891cd1
10 months agoAlexJacobson
11 months, 3 weeks agoSpaceMonkey1
1 year agoLearner76
1 year, 1 month agoCyberbug2021
1 year, 1 month agoAgamennore
1 year, 4 months agopc2502
1 year, 5 months agoAomineDaiki
1 year, 5 months agoGoseu
1 year, 5 months agosham222
1 year, 6 months agoJae_kes
1 year, 7 months agojjj378
1 year, 7 months ago