Incident management, logging, monitoring, and disaster recovery This domain is about 13% of the CISSP exam. Every question below is cross-checked by two AI models and grounded in public NIST sources.
Answer them right here — no signup. Pick an option and you'll see the correct answer and a full explanation instantly.
Try it now — no signup. Answer and get instant feedback.
Question 1
advanced
What is the BEST approach for a security team to perform logging and monitoring activities in a large, distributed environment?
Why: Understand logging and monitoring best practices
A centralized logging system allows for efficient collection, analysis, and correlation of logs from all devices and systems, providing a comprehensive view of the security posture.
Question 2
beginner
A security manager discovers a potential security incident. What is the BEST course of action to take immediately?
Why: Containing an incident is crucial to prevent further damage
Containing the incident is the best course of action to take immediately, as it helps to prevent further damage and minimize the impact of the incident.
Question 3
beginner
What should be done FIRST when conducting configuration management?
Why: Importance of establishing a baseline configuration
Creating a baseline configuration provides a reference point for future changes and ensures that all systems are configured consistently.
Question 4
beginner
What is the MOST important consideration when implementing a disaster recovery plan?
Why: Importance of data integrity in disaster recovery
Ensuring data integrity is crucial in disaster recovery, as it ensures that data is not lost or corrupted during the recovery process.
Question 5
intermediate
An organization is experiencing a significant increase in security incidents, and the security team is having trouble keeping up with the volume of alerts. What should be done FIRST to improve the incident response process?
Why: Understand the importance of reviewing and updating incident response plans
Conducting a thorough review of the incident response plan and procedures is the first step in improving the incident response process. This review will help identify areas for improvement, such as inefficient processes, inadequate training, or insufficient resources.
Question 6
intermediate
An organization is implementing a logging and monitoring program to detect and respond to security incidents. What is the MOST important consideration when selecting logging and monitoring tools?
Why: Understand the importance of compliance with regulatory requirements
Compliance with regulatory requirements is the most important consideration when selecting logging and monitoring tools. The tools must be able to collect and store log data in a way that meets regulatory requirements, such as PCI DSS or HIPAA.
Question 7
intermediate
A security team is responding to a ransomware attack and needs to prioritize activities. What should be done FIRST to minimize data loss and prevent further damage?
Why: Prioritizing incident response activities to minimize damage
Isolating affected systems from the network is the first step to prevent the ransomware from spreading and causing further damage. This action helps to contain the incident and minimize data loss.
Question 8
intermediate
A security manager is responsible for monitoring system logs to detect potential security incidents. What is the BEST approach to ensure effective log monitoring?
Why: Understanding the importance of centralized log management in effective log monitoring
Implementing a centralized log management system is the best approach to ensure effective log monitoring. This approach helps to collect and analyze logs from all systems, providing a comprehensive view of the security posture.
Question 9
intermediate
An organization is planning to implement a configuration management process to ensure the security and integrity of its systems. What is the BEST approach to ensure the effectiveness of this process?
Why: Understanding the importance of a comprehensive configuration management plan
Developing a comprehensive configuration management plan is the best approach to ensure the effectiveness of the process. This approach helps to establish a baseline configuration for systems, manage changes to the configuration, and ensure compliance with security policies.
Question 10
advanced
An organization is experiencing a significant increase in false positives from its security information and event management (SIEM) system. What is the MOST important step to take to address this issue?
Why: Understand SIEM system management and optimization
Tuning the SIEM system's rules and filters is the most effective way to reduce false positives and improve its accuracy, allowing for more efficient incident response and reduced analyst fatigue.
Question 11
advanced
A security team is conducting a post-incident review of a recent security breach. What is the MOST important aspect to focus on during this review?
Why: Understand post-incident review and improvement
Identifying the root cause of the breach is crucial to understanding what went wrong and how to prevent similar incidents in the future, allowing for targeted improvements to security controls and procedures.
Question 12
beginner
What is the BEST way to ensure that security operations are aligned with organizational objectives?
Why: Importance of aligning security operations with organizational objectives
Developing a security strategy that aligns with organizational objectives ensures that security operations are focused on supporting the organization's overall goals and mission.
Like this? There's a full CISSP bank behind it.
Create a free account to take a real adaptive CISSPexam, track every domain, and get a readiness score that tells you when you're ready.
How many CISSP Security Operations practice questions does CramKit have?+
CramKit's Security Operations domain has verified CISSP practice questions, each blind re-answered by two independent AI models and grounded in public NIST sources before it goes live. This page shows 12 of them free; the full set is available after a free sign-up.
What percentage of the CISSP exam is Security Operations?+
Security Operations accounts for about 13% of the CISSP exam blueprint, so CramKit weights its question bank to match that emphasis.
Are these Security Operations questions verified?+
Yes. Every question is independently re-answered by two different AI model families and only goes live if both agree it is correct and unambiguous, so you are not practicing on wrong-keyed questions.