CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 116
1. What is the role of the information security manager in finalizing contract negotiations with service providers?
A) To update security standards for the outsourced process
B) To ensure that clauses for periodic audits are included
C) To obtain a security standard certification from the provider
D) To perform a risk analysis on the outsourcing process
2. Authorization can BEST be accomplished by establishing:
A) the ownership of the data.
B) what users can do when they are granted system access.
C) whether users are who they say they are.
D) how users identify themselves to information systems.
3. Which of the following would provide the MOST effective security outcome in an organization's contract management process?
A) Extending security assessment to include random penetration testing
B) Extending security assessment to cover asset disposal on contract termination
C) Performing vendor security benchmark analyses at the request-for-proposal stage
D) Ensuring security requirements are defined at the request-for-proposal stage
4. An organization's outsourced firewall was poorly configured and allowed unauthorized access that resulted in downtime of 48 hours. Which of the following should be the information security manager's NEXT course of action?
A) Reconfigure the firewall in accordance with best practices.
B) Obtain supporting evidence that the problem has been corrected.
C) Revisit the contract and improve accountability of the service provider.
D) Seek damages from the service provider.
5. The PRIMARY advantage of involving end users in continuity planning is that they:
A) are more objective than information security management.
B) can balance the technical and business risks.
C) have a better understanding of specific business needs.
D) can see the overall impact to the business.
A) To update security standards for the outsourced process
B) To ensure that clauses for periodic audits are included
C) To obtain a security standard certification from the provider
D) To perform a risk analysis on the outsourcing process
2. Authorization can BEST be accomplished by establishing:
A) the ownership of the data.
B) what users can do when they are granted system access.
C) whether users are who they say they are.
D) how users identify themselves to information systems.
3. Which of the following would provide the MOST effective security outcome in an organization's contract management process?
A) Extending security assessment to include random penetration testing
B) Extending security assessment to cover asset disposal on contract termination
C) Performing vendor security benchmark analyses at the request-for-proposal stage
D) Ensuring security requirements are defined at the request-for-proposal stage
4. An organization's outsourced firewall was poorly configured and allowed unauthorized access that resulted in downtime of 48 hours. Which of the following should be the information security manager's NEXT course of action?
A) Reconfigure the firewall in accordance with best practices.
B) Obtain supporting evidence that the problem has been corrected.
C) Revisit the contract and improve accountability of the service provider.
D) Seek damages from the service provider.
5. The PRIMARY advantage of involving end users in continuity planning is that they:
A) are more objective than information security management.
B) can balance the technical and business risks.
C) have a better understanding of specific business needs.
D) can see the overall impact to the business.
1. Right Answer: A
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: B
Explanation:
5. Right Answer: B
Explanation:
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: B
Explanation:
5. Right Answer: B
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment