CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 117
1. The BEST way to ensure that security settings on each platform are in compliance with information security policies and procedures is to:
A) perform penetration testing.
B) establish security baselines.
C) implement vendor default settings.
D) link policies to an independent standard.
2. A web-based business application is being migrated from test to production. Which of the following is the MOST important management signoff for this migration?
A) User
B) Network
C) Operations
D) Database
3. The BEST way to ensure that information security policies are followed is to:
A) distribute printed copies to all employees.
B) perform periodic reviews for compliance.
C) include escalating penalties for noncompliance.
D) establish an anonymous hotline to report policy abuses.
4. The MOST appropriate individual to determine the level of information security needed for a specific business application is the:
A) system developer.
B) information security manager.
C) steering committee.
D) system data owner.
5. Which of the following will MOST likely reduce the chances of an unauthorized individual gaining access to computing resources by pretending to be an authorized individual needing to have his, her password reset?
A) Performing reviews of password resets
B) Conducting security awareness programs
C) Increasing the frequency of password changes
D) Implementing automatic password syntax checking
A) perform penetration testing.
B) establish security baselines.
C) implement vendor default settings.
D) link policies to an independent standard.
2. A web-based business application is being migrated from test to production. Which of the following is the MOST important management signoff for this migration?
A) User
B) Network
C) Operations
D) Database
3. The BEST way to ensure that information security policies are followed is to:
A) distribute printed copies to all employees.
B) perform periodic reviews for compliance.
C) include escalating penalties for noncompliance.
D) establish an anonymous hotline to report policy abuses.
4. The MOST appropriate individual to determine the level of information security needed for a specific business application is the:
A) system developer.
B) information security manager.
C) steering committee.
D) system data owner.
5. Which of the following will MOST likely reduce the chances of an unauthorized individual gaining access to computing resources by pretending to be an authorized individual needing to have his, her password reset?
A) Performing reviews of password resets
B) Conducting security awareness programs
C) Increasing the frequency of password changes
D) Implementing automatic password syntax checking
1. Right Answer: B
Explanation: Security baselines will provide the best assurance that each platform meets minimum criteria. Penetration testing will not be as effective and can only be performed periodically. Vendor default settings will not necessarily meet the criteria set by the security policies, while linking policies to an independent standard will not provide assurance that the platforms meet these levels of security.
2. Right Answer: A
Explanation: As owners of the system, user management signoff is the most important. If a system does not meet the needs of the business, then it has not met its primary objective. The needs of network, operations and database management are secondary to the needs of the business.
3. Right Answer: B
Explanation: The best way to ensure that information security policies are followed is to periodically review levels of compliance. Distributing printed copies, advertising an abuse hotline or linking policies to an international standard will not motivate individuals as much as the consequences of being found in noncompliance.Escalating penalties will first require a compliance review.
4. Right Answer: D
Explanation: Data owners are the most knowledgeable of the security needs of the business application for which they are responsible. The system developer, security manager and system custodian will have specific knowledge on limited areas but will not have full knowledge of the business issues that affect the level of security required. The steering committee does not perform at that level of detail on the operation.
5. Right Answer: B
Explanation: Social engineering can be mitigated best through periodic security awareness training for staff members who may be the target of such an attempt. Changing the frequency of password changes, strengthening passwords and checking the number of password resets may be desirable, but they will not be as effective in reducing the likelihood of a social engineering attack.
Explanation: Security baselines will provide the best assurance that each platform meets minimum criteria. Penetration testing will not be as effective and can only be performed periodically. Vendor default settings will not necessarily meet the criteria set by the security policies, while linking policies to an independent standard will not provide assurance that the platforms meet these levels of security.
2. Right Answer: A
Explanation: As owners of the system, user management signoff is the most important. If a system does not meet the needs of the business, then it has not met its primary objective. The needs of network, operations and database management are secondary to the needs of the business.
3. Right Answer: B
Explanation: The best way to ensure that information security policies are followed is to periodically review levels of compliance. Distributing printed copies, advertising an abuse hotline or linking policies to an international standard will not motivate individuals as much as the consequences of being found in noncompliance.Escalating penalties will first require a compliance review.
4. Right Answer: D
Explanation: Data owners are the most knowledgeable of the security needs of the business application for which they are responsible. The system developer, security manager and system custodian will have specific knowledge on limited areas but will not have full knowledge of the business issues that affect the level of security required. The steering committee does not perform at that level of detail on the operation.
5. Right Answer: B
Explanation: Social engineering can be mitigated best through periodic security awareness training for staff members who may be the target of such an attempt. Changing the frequency of password changes, strengthening passwords and checking the number of password resets may be desirable, but they will not be as effective in reducing the likelihood of a social engineering attack.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment