CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 118
1. Which of the following is the MOST likely to change an organization's culture to one that is more security conscious?
A) Adequate security policies and procedures
B) Periodic compliance reviews
C) Security steering committees
D) Security awareness campaigns
2. The BEST way to ensure that an external service provider complies with organizational security policies is to:
A) Explicitly include the service provider in the security policies.
B) Receive acknowledgment in writing stating the provider has read all policies.
C) Cross-reference to policies in the service level agreement
D) Perform periodic reviews of the service provider.
3. When an emergency security patch is received via electronic mail, the patch should FIRST be:
A) loaded onto an isolated test machine.
B) decompiled to check for malicious code.
C) validated to ensure its authenticity.
D) copied onto write-once media to prevent tampering.
4. In a well-controlled environment, which of the following activities is MOST likely to lead to the introduction of weaknesses in security software?
A) Applying patches
B) Changing access rules
C) Upgrading hardware
D) Backing up files
5. Which of the following is the BEST indicator that security awareness training has been effective?
A) Employees sign to acknowledge the security policy
B) More incidents are being reported
C) A majority of employees have completed training
D) No incidents have been reported in three months
A) Adequate security policies and procedures
B) Periodic compliance reviews
C) Security steering committees
D) Security awareness campaigns
2. The BEST way to ensure that an external service provider complies with organizational security policies is to:
A) Explicitly include the service provider in the security policies.
B) Receive acknowledgment in writing stating the provider has read all policies.
C) Cross-reference to policies in the service level agreement
D) Perform periodic reviews of the service provider.
3. When an emergency security patch is received via electronic mail, the patch should FIRST be:
A) loaded onto an isolated test machine.
B) decompiled to check for malicious code.
C) validated to ensure its authenticity.
D) copied onto write-once media to prevent tampering.
4. In a well-controlled environment, which of the following activities is MOST likely to lead to the introduction of weaknesses in security software?
A) Applying patches
B) Changing access rules
C) Upgrading hardware
D) Backing up files
5. Which of the following is the BEST indicator that security awareness training has been effective?
A) Employees sign to acknowledge the security policy
B) More incidents are being reported
C) A majority of employees have completed training
D) No incidents have been reported in three months
1. Right Answer: D
Explanation: Security awareness campaigns will be more effective at changing an organizational culture than the creation of steering committees and security policies and procedures. Compliance reviews are helpful; however, awareness by all staff is more effective because compliance reviews are focused on certain areas groups and do not necessarily educate.
2. Right Answer: D
Explanation: Periodic reviews will be the most effective way of obtaining compliance from the external service provider. References in policies and service level agreements and requesting written acknowledgement will not be as effective since they will not trigger the detection of noncompliance.
3. Right Answer: C
Explanation: It is important to first validate that the patch is authentic. Only then should it be copied onto write-once media, decompiled to check for malicious code or loaded onto an isolated test machine.
4. Right Answer: B
Explanation: Security software will generally have a well-controlled process for applying patches, backing up files and upgrading hardware. The greatest risk occurs when access rules are changed since they are susceptible to being opened up too much, which can result in the creation of a security exposure.
5. Right Answer: B
Explanation: More incidents being reported could be an indicator that the staff is paying more attention to security. Employee signatures and training completion may or may not have anything to do with awareness levels. The number of individuals trained may not indicate they are more aware. No recent security incidents do not reflect awareness levels, but may prompt further research to confirm.
Explanation: Security awareness campaigns will be more effective at changing an organizational culture than the creation of steering committees and security policies and procedures. Compliance reviews are helpful; however, awareness by all staff is more effective because compliance reviews are focused on certain areas groups and do not necessarily educate.
2. Right Answer: D
Explanation: Periodic reviews will be the most effective way of obtaining compliance from the external service provider. References in policies and service level agreements and requesting written acknowledgement will not be as effective since they will not trigger the detection of noncompliance.
3. Right Answer: C
Explanation: It is important to first validate that the patch is authentic. Only then should it be copied onto write-once media, decompiled to check for malicious code or loaded onto an isolated test machine.
4. Right Answer: B
Explanation: Security software will generally have a well-controlled process for applying patches, backing up files and upgrading hardware. The greatest risk occurs when access rules are changed since they are susceptible to being opened up too much, which can result in the creation of a security exposure.
5. Right Answer: B
Explanation: More incidents being reported could be an indicator that the staff is paying more attention to security. Employee signatures and training completion may or may not have anything to do with awareness levels. The number of individuals trained may not indicate they are more aware. No recent security incidents do not reflect awareness levels, but may prompt further research to confirm.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment