CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 103
1. An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:
A) document and report the root cause of the incidents for senior management.
B) identify security program gaps or systemic weaknesses that need correction.
C) prepare properly vetted notifications regarding the incidents to external parties.
D) identify who should be held accountable for the security incidents.
2. An information security manager is implementing a bring your own device (BYOD) program. Which of the following would BEST ensure that users adhere to the security standards?
A) Monitor user activities on the network
B) Publish the standards on the intranet landing page
C) Establish an acceptable use policy
D) Deploy a device management solution
3. An organization is in the process of adopting a hybrid data infrastructure, transferring all non-core applications to cloud service providers and maintaining all core business functions house. The information security manager has determined a defense in depth strategy should be used. Which of the following BEST describes this strategy?
A) Multi-factor login requirements for cloud service applications, timeouts, and complex passwords
B) Deployments of nested firewalls within the infrastructure
C) Separate security controls for applications, platforms, programs, and endpoints
D) Strict enforcement of role-based access control (RBAC)
4. When supporting an organization's privacy officer, which of the following is the information security manager's PRIMARY role regarding primacy requirements?
A) Monitoring the transfer of private data
B) Conducting privacy awareness programs
C) Ensuring appropriate controls are in place
D) Determining data classification
5. Which of the following metrics would provide management with the MOST useful information about the progress of a security awareness program?
A) Increased number of downloads of the organization's security policy
B) Increased reported of security incidents
C) Completion rate of user awareness training within each business unit
D) Decreased number of security incidents
A) document and report the root cause of the incidents for senior management.
B) identify security program gaps or systemic weaknesses that need correction.
C) prepare properly vetted notifications regarding the incidents to external parties.
D) identify who should be held accountable for the security incidents.
2. An information security manager is implementing a bring your own device (BYOD) program. Which of the following would BEST ensure that users adhere to the security standards?
A) Monitor user activities on the network
B) Publish the standards on the intranet landing page
C) Establish an acceptable use policy
D) Deploy a device management solution
3. An organization is in the process of adopting a hybrid data infrastructure, transferring all non-core applications to cloud service providers and maintaining all core business functions house. The information security manager has determined a defense in depth strategy should be used. Which of the following BEST describes this strategy?
A) Multi-factor login requirements for cloud service applications, timeouts, and complex passwords
B) Deployments of nested firewalls within the infrastructure
C) Separate security controls for applications, platforms, programs, and endpoints
D) Strict enforcement of role-based access control (RBAC)
4. When supporting an organization's privacy officer, which of the following is the information security manager's PRIMARY role regarding primacy requirements?
A) Monitoring the transfer of private data
B) Conducting privacy awareness programs
C) Ensuring appropriate controls are in place
D) Determining data classification
5. Which of the following metrics would provide management with the MOST useful information about the progress of a security awareness program?
A) Increased number of downloads of the organization's security policy
B) Increased reported of security incidents
C) Completion rate of user awareness training within each business unit
D) Decreased number of security incidents
1. Right Answer: A
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: C
Explanation:
5. Right Answer: D
Explanation:
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: C
Explanation:
5. Right Answer: D
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment