CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 119
1. Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs?
A) Penetration attempts investigated
B) Violation log reports produced
C) Violation log entries
D) Frequency of corrective actions taken
2. Which of the following change management activities would be a clear indicator that normal operational procedures require examination? A high percentage of:
A) similar change requests.
B) change request postponements.
C) canceled change requests.
D) emergency change requests.
3. Which of the following is the MOST important management signoff for migrating an order processing system from a test environment to a production environment?
A) User
B) Security
C) Operations
D) Database
4. Prior to having a third party perform an attack and penetration test against an organization, the MOST important action is to ensure that:
A) the third party provides a demonstration on a test system.
B) goals and objectives are clearly defined.
C) the technical staff has been briefed on what to expect.
D) special backups of production servers are taken.
5. When a departmental system continues to be out of compliance with an information security policy's password strength requirements, the BEST action to undertake is to:
A) submit the issue to the steering committee.
B) conduct an impact analysis to quantify the risks.
C) isolate the system from the rest of the network.
D) request a risk acceptance from senior management.
A) Penetration attempts investigated
B) Violation log reports produced
C) Violation log entries
D) Frequency of corrective actions taken
2. Which of the following change management activities would be a clear indicator that normal operational procedures require examination? A high percentage of:
A) similar change requests.
B) change request postponements.
C) canceled change requests.
D) emergency change requests.
3. Which of the following is the MOST important management signoff for migrating an order processing system from a test environment to a production environment?
A) User
B) Security
C) Operations
D) Database
4. Prior to having a third party perform an attack and penetration test against an organization, the MOST important action is to ensure that:
A) the third party provides a demonstration on a test system.
B) goals and objectives are clearly defined.
C) the technical staff has been briefed on what to expect.
D) special backups of production servers are taken.
5. When a departmental system continues to be out of compliance with an information security policy's password strength requirements, the BEST action to undertake is to:
A) submit the issue to the steering committee.
B) conduct an impact analysis to quantify the risks.
C) isolate the system from the rest of the network.
D) request a risk acceptance from senior management.
1. Right Answer: A
Explanation: The most useful metric is one that measures the degree to which complete follow-through has taken place. The quantity of reports, entries on reports and the frequency of corrective actions are not indicative of whether or not investigative action was taken.
2. Right Answer: D
Explanation: A high percentage of emergency change requests could be caused by changes that are being introduced at the last minute to bypass normal chance management procedures. Similar requests, postponements and canceled requests all are indicative of a properly functioning change management process.
3. Right Answer: A
Explanation: As owners of the system, user management approval would be the most important. Although the signoffs of security, operations and database management may be appropriate, they are secondary to ensuring the new system meets the requirements of the business.
4. Right Answer: B
Explanation: The most important action is to clearly define the goals and objectives of the test. Assuming that adequate backup procedures are in place, special backups should not be necessary. Technical staff should not be briefed nor should there be a demo as this will reduce the spontaneity of the test.
5. Right Answer: B
Explanation: An impact analysis is warranted to determine whether a risk acceptance should be granted and to demonstrate to the department the danger of deviating from the established policy. Isolating the system would not support the needs of the business. Any waiver should be granted only after performing an impact analysis.
Explanation: The most useful metric is one that measures the degree to which complete follow-through has taken place. The quantity of reports, entries on reports and the frequency of corrective actions are not indicative of whether or not investigative action was taken.
2. Right Answer: D
Explanation: A high percentage of emergency change requests could be caused by changes that are being introduced at the last minute to bypass normal chance management procedures. Similar requests, postponements and canceled requests all are indicative of a properly functioning change management process.
3. Right Answer: A
Explanation: As owners of the system, user management approval would be the most important. Although the signoffs of security, operations and database management may be appropriate, they are secondary to ensuring the new system meets the requirements of the business.
4. Right Answer: B
Explanation: The most important action is to clearly define the goals and objectives of the test. Assuming that adequate backup procedures are in place, special backups should not be necessary. Technical staff should not be briefed nor should there be a demo as this will reduce the spontaneity of the test.
5. Right Answer: B
Explanation: An impact analysis is warranted to determine whether a risk acceptance should be granted and to demonstrate to the department the danger of deviating from the established policy. Isolating the system would not support the needs of the business. Any waiver should be granted only after performing an impact analysis.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment