CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 253
1. After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools?
A) Differential reporting
B) False-positive reporting
C) False-negative reporting
D) Less-detail reporting
2. The FIRST step in managing the risk of a cyber-attack is to:
A) assess the vulnerability impact.
B) evaluate the likelihood of threats.
C) identify critical information assets.
D) estimate potential damage.
3. Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits vulnerability in a protocol?
A) Install the vendor's security fix for the vulnerability.
B) Block the protocol traffic in the perimeter firewall.
C) Block the protocol traffic between internal network segments.
D) Stop the service until an appropriate security fix is installed.
4. The PRIMARY objective of performing a postincident review is that it presents an opportunity to:
A) improve internal control procedures.
B) harden the network to industry best practices.
C) highlight the importance of incident response management to management.
D) improve employee awareness of the incident response process.
5. The computer security incident response team (CSIRT) of an organization disseminates detailed descriptions of recent threats. An IS auditor's GREATEST concern should be that the users might:
A) use this information to launch attacks.
B) forward the security alert.
C) implement individual solutions.
D) fail to understand the threat.
A) Differential reporting
B) False-positive reporting
C) False-negative reporting
D) Less-detail reporting
2. The FIRST step in managing the risk of a cyber-attack is to:
A) assess the vulnerability impact.
B) evaluate the likelihood of threats.
C) identify critical information assets.
D) estimate potential damage.
3. Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits vulnerability in a protocol?
A) Install the vendor's security fix for the vulnerability.
B) Block the protocol traffic in the perimeter firewall.
C) Block the protocol traffic between internal network segments.
D) Stop the service until an appropriate security fix is installed.
4. The PRIMARY objective of performing a postincident review is that it presents an opportunity to:
A) improve internal control procedures.
B) harden the network to industry best practices.
C) highlight the importance of incident response management to management.
D) improve employee awareness of the incident response process.
5. The computer security incident response team (CSIRT) of an organization disseminates detailed descriptions of recent threats. An IS auditor's GREATEST concern should be that the users might:
A) use this information to launch attacks.
B) forward the security alert.
C) implement individual solutions.
D) fail to understand the threat.
1. Right Answer: C
Explanation: False-negative reporting on weaknesses means the control weaknesses in the network are not identified and therefore may not be addressed, leaving the network vulnerable to attack. False- positive reporting is one in which the controls are in place, but are evaluated as weak, which should prompt a rechecking of the controls. Less-detail reporting and differential reporting functions provided by these tools compare scan results over a period of time.
2. Right Answer: C
Explanation: The first step in the managing risk is the identification and classification of critical information resources (assets). Once the assets have been identified, the process moves onto the identification of threats, vulnerabilities and calculation of potential damages.
3. Right Answer: D
Explanation: Stopping the service and installing the security fix is the safest way to prevent the worm from spreading, if the service is not stopped, installing the fix is not the most effective method because the worm continues spreading until the fix becomes effective. Blocking the protocol on the perimeter does not stop the worm from spreading to the internal network(s). Blocking the protocol helps to slow down the spreading but also prohibits any software that utilizes it from working between segments.
4. Right Answer: A
Explanation: A postincident review examines both the cause and response to an incident. The lessons learned from the review can be used to improve internal controls.Understanding the purpose and structure of postincident reviews and follow-up procedures enables the information security manager to continuously improve the security program. Improving the incident response plan based on the incident review is an internal (corrective) control. The network may already be hardened to industry best practices. Additionally, the network may not be the source of the incident. The primary objective is to improve internal control procedures, not to highlight the importance of incident response management (IRM), and an incident response (IR) review does not improve employee awareness.
5. Right Answer: A
Explanation: An organization's computer security incident response team (CSIRT) should disseminate recent threats, security guidelines and security updates to the users to assist them in understanding the security risk of errors and omissions. However, this introduces the risk that the users may use this information to launch attacks, directly or indirectly. An IS auditor should ensure that the CSIRT is actively involved with users to assist them in mitigation of risks arising from security failures and to prevent additional security incidents resulting from the same threat. Forwarding the security alert is not harmful to the organization, implementing individual solutions is unlikely and users failing to understand the threat would not be a serious concern.
Explanation: False-negative reporting on weaknesses means the control weaknesses in the network are not identified and therefore may not be addressed, leaving the network vulnerable to attack. False- positive reporting is one in which the controls are in place, but are evaluated as weak, which should prompt a rechecking of the controls. Less-detail reporting and differential reporting functions provided by these tools compare scan results over a period of time.
2. Right Answer: C
Explanation: The first step in the managing risk is the identification and classification of critical information resources (assets). Once the assets have been identified, the process moves onto the identification of threats, vulnerabilities and calculation of potential damages.
3. Right Answer: D
Explanation: Stopping the service and installing the security fix is the safest way to prevent the worm from spreading, if the service is not stopped, installing the fix is not the most effective method because the worm continues spreading until the fix becomes effective. Blocking the protocol on the perimeter does not stop the worm from spreading to the internal network(s). Blocking the protocol helps to slow down the spreading but also prohibits any software that utilizes it from working between segments.
4. Right Answer: A
Explanation: A postincident review examines both the cause and response to an incident. The lessons learned from the review can be used to improve internal controls.Understanding the purpose and structure of postincident reviews and follow-up procedures enables the information security manager to continuously improve the security program. Improving the incident response plan based on the incident review is an internal (corrective) control. The network may already be hardened to industry best practices. Additionally, the network may not be the source of the incident. The primary objective is to improve internal control procedures, not to highlight the importance of incident response management (IRM), and an incident response (IR) review does not improve employee awareness.
5. Right Answer: A
Explanation: An organization's computer security incident response team (CSIRT) should disseminate recent threats, security guidelines and security updates to the users to assist them in understanding the security risk of errors and omissions. However, this introduces the risk that the users may use this information to launch attacks, directly or indirectly. An IS auditor should ensure that the CSIRT is actively involved with users to assist them in mitigation of risks arising from security failures and to prevent additional security incidents resulting from the same threat. Forwarding the security alert is not harmful to the organization, implementing individual solutions is unlikely and users failing to understand the threat would not be a serious concern.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment