CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 105
1. In the event that a password policy cannot be implemented for a legacy application, which of the following is the BEST course of action?
A) Update the application security policy.
B) Implement compensating control.
C) Submit a waiver for the legacy application.
D) Perform an application security assessment.
2. To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?
A) Review samples of service level reports from the service provider.
B) Assess the level of security awareness of the service provider.
C) Request that the service provider comply with information security policy.
D) Review the security status of the service provider.
3. Management decisions concerning information security investments will be MOST effective when they are based on:
A) an annual loss expectancy (ALE) determined from the history of security events.
B) the formalized acceptance of risk analysis by management.
C) the reporting of consistent and periodic assessments of risks.
D) a process for identifying and analyzing threats and vulnerabilities.
4. The contribution of recovery point objective (RPO) to disaster recovery is to:
A) define backup strategy.
B) eliminate single points of failure.
C) reduce mean time between failures (MTBF).
D) minimize outage period.
5. The BEST way to establish a recovery time objective (RTO) that balances cost with a realistic recovery time frame is to:
A) perform a business impact analysis.
B) determine daily downtime cost.
C) analyze cost metrics.
D) conduct a risk assessment.
A) Update the application security policy.
B) Implement compensating control.
C) Submit a waiver for the legacy application.
D) Perform an application security assessment.
2. To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?
A) Review samples of service level reports from the service provider.
B) Assess the level of security awareness of the service provider.
C) Request that the service provider comply with information security policy.
D) Review the security status of the service provider.
3. Management decisions concerning information security investments will be MOST effective when they are based on:
A) an annual loss expectancy (ALE) determined from the history of security events.
B) the formalized acceptance of risk analysis by management.
C) the reporting of consistent and periodic assessments of risks.
D) a process for identifying and analyzing threats and vulnerabilities.
4. The contribution of recovery point objective (RPO) to disaster recovery is to:
A) define backup strategy.
B) eliminate single points of failure.
C) reduce mean time between failures (MTBF).
D) minimize outage period.
5. The BEST way to establish a recovery time objective (RTO) that balances cost with a realistic recovery time frame is to:
A) perform a business impact analysis.
B) determine daily downtime cost.
C) analyze cost metrics.
D) conduct a risk assessment.
1. Right Answer: B
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: A
Explanation:
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: A
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment