CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 122
1. Which of the following presents the GREATEST threat to the security of an enterprise resource planning (ERP) system?
A) User ad hoc reporting is not logged
B) Network traffic is through a single switch
C) Operating system (OS) security patches have not been applied
D) Database security defaults to ERP settings
2. In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?
A) Implementing on-screen masking of passwords
B) Conducting periodic security awareness programs
C) Increasing the frequency of password changes
D) Requiring that passwords be kept strictly confidential
3. Which of the following will BEST ensure that management takes ownership of the decision making process for information security?
A) Security policies and procedures
B) Annual self-assessment by management
C) Security-steering committees
D) Security awareness campaigns
4. Which of the following is the MOST appropriate individual to implement and maintain the level of information security needed for a specific business application?
A) System analyst
B) Quality control manager
C) Process owner
D) Information security manager
5. What is the BEST way to ensure that contract programmers comply with organizational security policies?
A) Explicitly refer to contractors in the security standards
B) Have the contractors acknowledge in writing the security policies
C) Create penalties for noncompliance in the contracting agreement
D) Perform periodic security reviews of the contractors
A) User ad hoc reporting is not logged
B) Network traffic is through a single switch
C) Operating system (OS) security patches have not been applied
D) Database security defaults to ERP settings
2. In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?
A) Implementing on-screen masking of passwords
B) Conducting periodic security awareness programs
C) Increasing the frequency of password changes
D) Requiring that passwords be kept strictly confidential
3. Which of the following will BEST ensure that management takes ownership of the decision making process for information security?
A) Security policies and procedures
B) Annual self-assessment by management
C) Security-steering committees
D) Security awareness campaigns
4. Which of the following is the MOST appropriate individual to implement and maintain the level of information security needed for a specific business application?
A) System analyst
B) Quality control manager
C) Process owner
D) Information security manager
5. What is the BEST way to ensure that contract programmers comply with organizational security policies?
A) Explicitly refer to contractors in the security standards
B) Have the contractors acknowledge in writing the security policies
C) Create penalties for noncompliance in the contracting agreement
D) Perform periodic security reviews of the contractors
1. Right Answer: C
Explanation: The fact that operating system (OS) security patches have not been applied is a serious weakness. Routing network traffic through a single switch is not unusual.Although the lack of logging for user ad hoc reporting is not necessarily good, it does not represent as serious a security-weakness as the failure to install security patches. Database security defaulting to the ERP system's settings is not as significant.
2. Right Answer: B
Explanation: Social engineering can best be mitigated through periodic security awareness training for users who may be the target of such an attempt. Implementing on- screen masking of passwords and increasing the frequency of password changes are desirable, but these will not be effective in reducing the likelihood of a successful social engineering attack. Requiring that passwords be kept secret in security policies is a good control but is not as effective as periodic security awareness programs that will alert users of the dangers posed by social engineering.
3. Right Answer: C
Explanation: Security steering committees provide a forum for management to express its opinion and take ownership in the decision making process. Security awareness campaigns, security policies and procedures, and self- assessment exercises are all good but do not exemplify the taking of ownership by management.
4. Right Answer: C
Explanation: Process owners implement information protection controls as determined by the business' needs. Process owners have the most knowledge about security requirements for the business application for which they are responsible. The system analyst, quality control manager, and information security manager do not possess the necessary knowledge or authority to implement and maintain the appropriate level of business security.
5. Right Answer: D
Explanation: Periodic reviews are the most effective way of obtaining compliance. None of the other options detects the failure of contract programmers to comply.
Explanation: The fact that operating system (OS) security patches have not been applied is a serious weakness. Routing network traffic through a single switch is not unusual.Although the lack of logging for user ad hoc reporting is not necessarily good, it does not represent as serious a security-weakness as the failure to install security patches. Database security defaulting to the ERP system's settings is not as significant.
2. Right Answer: B
Explanation: Social engineering can best be mitigated through periodic security awareness training for users who may be the target of such an attempt. Implementing on- screen masking of passwords and increasing the frequency of password changes are desirable, but these will not be effective in reducing the likelihood of a successful social engineering attack. Requiring that passwords be kept secret in security policies is a good control but is not as effective as periodic security awareness programs that will alert users of the dangers posed by social engineering.
3. Right Answer: C
Explanation: Security steering committees provide a forum for management to express its opinion and take ownership in the decision making process. Security awareness campaigns, security policies and procedures, and self- assessment exercises are all good but do not exemplify the taking of ownership by management.
4. Right Answer: C
Explanation: Process owners implement information protection controls as determined by the business' needs. Process owners have the most knowledge about security requirements for the business application for which they are responsible. The system analyst, quality control manager, and information security manager do not possess the necessary knowledge or authority to implement and maintain the appropriate level of business security.
5. Right Answer: D
Explanation: Periodic reviews are the most effective way of obtaining compliance. None of the other options detects the failure of contract programmers to comply.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment