Q). Out of the options below, which one of the following should be performed first to ensure the execution of response and recovery plans will be as required?

A. Review of archived logs.
B. Penetration tests.
C. Vulnerability tests.
D. Calculate annual loss expectancy .

Answer:

The answer is "C". Response and recovery are always planned around a vulnerability assessment. The other answrs are incorrect. Logs simply provide a historical view, penetration tests highlight specific weaknesses and the annual loss expectancy if used for anything, provides a feel for what is a reasonable cost to incur.