Quite interesting. Thank you for such helpful technique. For the last question, I picked A initially but noticed that the question is asking what you should do RIGHT AFTER the incident occured. I would assume that, as an ISM, you should know the impact of the incident to fix the damage FIRST before doing any other things such as calculating the cost of incident or think about preserving the evidence. Would this be a correct rationale?
Nobody tell me that these aren't "trick" questions. Deceptive use of "occurance" in the last question. This doesn't reflect real life. If the questions wasn't trick question, it would safe something more close the real life which would be for example: A major security event has just taken place, what does the infosec manager have to do to determine the next course of action? the entire official ISACA manual is full of this type of convoluted language. And then they wonder why infosec pros talk funny and alienate normal people - because we freaking get tested on how well we know acronyms and how well can we decode the plain language statement behind the convoluted or even cryptic statements in these questions.
![[MONITORAPP] Application Insight Appliances AIWAF-VE Demo](http://i.ytimg.com/vi/7Urbg9sLONs/mqdefault.jpg)
I love the style of delivery. thanks.
Execellent teacher.
Thanks! Hope you found it helpful.
Quite interesting. Thank you for such helpful technique.
For the last question, I picked A initially but noticed that the question is asking what you should do RIGHT AFTER the incident occured.
I would assume that, as an ISM, you should know the impact of the incident to fix the damage FIRST before doing any other things such as calculating the cost of incident or think about preserving the evidence. Would this be a correct rationale?
Nobody tell me that these aren't "trick" questions. Deceptive use of "occurance" in the last question. This doesn't reflect real life. If the questions wasn't trick question, it would safe something more close the real life which would be for example: A major security event has just taken place, what does the infosec manager have to do to determine the next course of action? the entire official ISACA manual is full of this type of convoluted language. And then they wonder why infosec pros talk funny and alienate normal people - because we freaking get tested on how well we know acronyms and how well can we decode the plain language statement behind the convoluted or even cryptic statements in these questions.