Reporting and Communication

A CISO wants a concise incident update during active containment. Which elements should be included? (Choose three.)

A vulnerability dashboard for executives should avoid raw technical overload. Which views are useful? (Choose two.)

When briefing legal and privacy teams after a suspected data exposure, which details matter? (Choose two.)

A remediation report shows repeated SLA breaches by one business unit. Which recommendations are appropriate? (Choose two.)

Which items help make a post-incident report useful for technical teams? (Choose two.)

A third-party supplier needs incident information to fix an integration. What should be shared? (Choose two.)

Which metrics best show SOC detection and response effectiveness? (Choose two.)

The board asks whether cyber risk is decreasing after a vulnerability-management investment. Which presentation is strongest?

A post-incident report finds that no one owned a failed alert integration. What should the corrective action include?

A critical vulnerability affected the customer portal, but no evidence of exploitation was found. What should the executive summary emphasize? If the primary audience is SOC manager, which content choice is most appropriate?

A server team needs to fix an OpenSSL vulnerability across Linux hosts. What should the technical remediation section include? If the primary audience is executive leadership, which content choice is most appropriate?

A vulnerability report is going to system owners. Which elements make it actionable? (Choose three.)

The CISO asks whether incident response is improving quarter over quarter. Which metric is most relevant? If the primary audience is legal/privacy stakeholder, which content choice is most appropriate?

A vulnerability programme wants to show whether critical findings are fixed within policy timelines. Which report is best? If the primary audience is business service owner, which content choice is most appropriate?

A business owner accepts delayed remediation for a production system. What must the report include? If the primary audience is SOC manager, which content choice is most appropriate?

A third-party provider caused an outage during remediation. What should the communication to the vendor focus on? If the primary audience is executive leadership, which content choice is most appropriate?

The board asks whether cyber risk is decreasing after a vulnerability-management investment. Which presentation is strongest? If the primary audience is technical remediation owner, which content choice is most appropriate?

A post-incident report finds that no one owned a failed alert integration. What should the corrective action include? If the primary audience is legal/privacy stakeholder, which content choice is most appropriate?

A critical vulnerability affected the customer portal, but no evidence of exploitation was found. What should the executive summary emphasize? If the primary audience is business service owner, which content choice is most appropriate?

A server team needs to fix an OpenSSL vulnerability across Linux hosts. What should the technical remediation section include? If the primary audience is SOC manager, which content choice is most appropriate?

An incident may involve regulated personal data. Who should be engaged early to determine notification obligations? If the primary audience is executive leadership, which content choice is most appropriate?

The CISO asks whether incident response is improving quarter over quarter. Which metric is most relevant? If the primary audience is technical remediation owner, which content choice is most appropriate?

A vulnerability programme wants to show whether critical findings are fixed within policy timelines. Which report is best? If the primary audience is legal/privacy stakeholder, which content choice is most appropriate?

A business owner accepts delayed remediation for a production system. What must the report include? If the primary audience is business service owner, which content choice is most appropriate?

A third-party provider caused an outage during remediation. What should the communication to the vendor focus on? If the primary audience is SOC manager, which content choice is most appropriate?

The board asks whether cyber risk is decreasing after a vulnerability-management investment. Which presentation is strongest? If the primary audience is executive leadership, which content choice is most appropriate?

A post-incident report finds that no one owned a failed alert integration. What should the corrective action include? If the primary audience is technical remediation owner, which content choice is most appropriate?

A critical vulnerability affected the customer portal, but no evidence of exploitation was found. What should the executive summary emphasize? If the primary audience is legal/privacy stakeholder, which content choice is most appropriate?

A server team needs to fix an OpenSSL vulnerability across Linux hosts. What should the technical remediation section include? If the primary audience is business service owner, which content choice is most appropriate?

An incident may involve regulated personal data. Who should be engaged early to determine notification obligations? If the primary audience is SOC manager, which content choice is most appropriate?

The CISO asks whether incident response is improving quarter over quarter. Which metric is most relevant? If the primary audience is executive leadership, which content choice is most appropriate?

A vulnerability programme wants to show whether critical findings are fixed within policy timelines. Which report is best? If the primary audience is technical remediation owner, which content choice is most appropriate?

A business owner accepts delayed remediation for a production system. What must the report include? If the primary audience is legal/privacy stakeholder, which content choice is most appropriate?

A third-party provider caused an outage during remediation. What should the communication to the vendor focus on? If the primary audience is business service owner, which content choice is most appropriate?

The board asks whether cyber risk is decreasing after a vulnerability-management investment. Which presentation is strongest? If the primary audience is SOC manager, which content choice is most appropriate?

A post-incident report finds that no one owned a failed alert integration. What should the corrective action include? If the primary audience is executive leadership, which content choice is most appropriate?

A regulator asks for incident evidence after a data exposure. Which items should be coordinated before disclosure? (Choose two.)

A server team needs to fix an OpenSSL vulnerability across Linux hosts. What should the technical remediation section include? If the primary audience is legal/privacy stakeholder, which content choice is most appropriate?

An incident may involve regulated personal data. Who should be engaged early to determine notification obligations? If the primary audience is business service owner, which content choice is most appropriate?

The CISO asks whether incident response is improving quarter over quarter. Which metric is most relevant? If the primary audience is SOC manager, which content choice is most appropriate?

A vulnerability programme wants to show whether critical findings are fixed within policy timelines. Which report is best? If the primary audience is executive leadership, which content choice is most appropriate?

A business owner accepts delayed remediation for a production system. What must the report include? If the primary audience is technical remediation owner, which content choice is most appropriate?

A third-party provider caused an outage during remediation. What should the communication to the vendor focus on? If the primary audience is legal/privacy stakeholder, which content choice is most appropriate?

The board asks whether cyber risk is decreasing after a vulnerability-management investment. Which presentation is strongest? If the primary audience is business service owner, which content choice is most appropriate?

A post-incident report finds that no one owned a failed alert integration. What should the corrective action include? If the primary audience is SOC manager, which content choice is most appropriate?

A critical vulnerability affected the customer portal, but no evidence of exploitation was found. What should the executive summary emphasize? If the primary audience is executive leadership, which content choice is most appropriate?

A server team needs to fix an OpenSSL vulnerability across Linux hosts. What should the technical remediation section include? If the primary audience is technical remediation owner, which content choice is most appropriate?

An incident may involve regulated personal data. Who should be engaged early to determine notification obligations? If the primary audience is legal/privacy stakeholder, which content choice is most appropriate?

The CISO asks whether incident response is improving quarter over quarter. Which metric is most relevant? If the primary audience is business service owner, which content choice is most appropriate?

A vulnerability programme wants to show whether critical findings are fixed within policy timelines. Which report is best? If the primary audience is SOC manager, which content choice is most appropriate?

A business owner accepts delayed remediation for a production system. What must the report include? If the primary audience is executive leadership, which content choice is most appropriate?