CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 123
1. Which of the following activities is MOST likely to increase the difficulty of totally eradicating malicious code that is not immediately detected?
A) Applying patches
B) Changing access rules
C) Upgrading hardware
D) Backing up files
2. Security awareness training should be provided to new employees:
A) on an as-needed basis.
B) during system user training.
C) before they have access to data.
D) along with department staff.
3. What is the BEST method to verify that all security patches applied to servers were properly documented?
A) Trace change control requests to operating system (OS) patch logs
B) Trace OS patch logs to OS vendor's update documentation
C) Trace OS patch logs to change control requests
D) Review change control documentation for key servers
4. A security awareness program should:
A) present top management's perspective.
B) address details on specific exploits.
C) address specific groups and roles.
D) promote security department procedures.
5. The PRIMARY objective of security awareness is to:
A) ensure that security policies are understood.
B) influence employee behavior.
C) ensure legal and regulatory compliance
D) notify of actions for noncompliance.
A) Applying patches
B) Changing access rules
C) Upgrading hardware
D) Backing up files
2. Security awareness training should be provided to new employees:
A) on an as-needed basis.
B) during system user training.
C) before they have access to data.
D) along with department staff.
3. What is the BEST method to verify that all security patches applied to servers were properly documented?
A) Trace change control requests to operating system (OS) patch logs
B) Trace OS patch logs to OS vendor's update documentation
C) Trace OS patch logs to change control requests
D) Review change control documentation for key servers
4. A security awareness program should:
A) present top management's perspective.
B) address details on specific exploits.
C) address specific groups and roles.
D) promote security department procedures.
5. The PRIMARY objective of security awareness is to:
A) ensure that security policies are understood.
B) influence employee behavior.
C) ensure legal and regulatory compliance
D) notify of actions for noncompliance.
1. Right Answer: D
Explanation: If malicious code is not immediately detected, it will most likely be backed up as a part of the normal tape backup process. When later discovered, the code may be eradicated from the device but still remain undetected ON a backup tape. Any subsequent restores using that tape may reintroduce the malicious code.Applying patches, changing access rules and upgrading hardware does not significantly increase the level of difficulty.
2. Right Answer: C
Explanation: Security awareness training should occur before access is granted to ensure the new employee understands that security is part of the system and business process. All other choices imply that security awareness training is delivered subsequent to the granting of system access, which may place security as a secondary step.
3. Right Answer: C
Explanation: To ensure that all patches applied went through the change control process, it is necessary to use the operating system (OS) patch logs as a starting point and then check to see if change control documents are on file for each of these changes. Tracing from the documentation to the patch log will not indicate if some patches were applied without being documented. Similarly, reviewing change control documents for key servers or comparing patches applied to those recommended by the OS vendor's web site does not confirm that these security patches were properly approved and documented.
4. Right Answer: C
Explanation: Different groups of employees have different levels of technical understanding and need awareness training that is customized to their needs; it should not be presented from a specific perspective. Specific details on technical exploits should be avoided since this may provide individuals with knowledge they might misuse or it may confuse the audience. This is also not the best forum in which to present security department procedures.
5. Right Answer: B
Explanation: It is most important that security-conscious behavior be encouraged among employees through training that influences expected responses to security incidents.Ensuring that policies are read and understood, giving employees fair warning of potential disciplinary action, or meeting legal and regulatory requirements is important but secondary.
Explanation: If malicious code is not immediately detected, it will most likely be backed up as a part of the normal tape backup process. When later discovered, the code may be eradicated from the device but still remain undetected ON a backup tape. Any subsequent restores using that tape may reintroduce the malicious code.Applying patches, changing access rules and upgrading hardware does not significantly increase the level of difficulty.
2. Right Answer: C
Explanation: Security awareness training should occur before access is granted to ensure the new employee understands that security is part of the system and business process. All other choices imply that security awareness training is delivered subsequent to the granting of system access, which may place security as a secondary step.
3. Right Answer: C
Explanation: To ensure that all patches applied went through the change control process, it is necessary to use the operating system (OS) patch logs as a starting point and then check to see if change control documents are on file for each of these changes. Tracing from the documentation to the patch log will not indicate if some patches were applied without being documented. Similarly, reviewing change control documents for key servers or comparing patches applied to those recommended by the OS vendor's web site does not confirm that these security patches were properly approved and documented.
4. Right Answer: C
Explanation: Different groups of employees have different levels of technical understanding and need awareness training that is customized to their needs; it should not be presented from a specific perspective. Specific details on technical exploits should be avoided since this may provide individuals with knowledge they might misuse or it may confuse the audience. This is also not the best forum in which to present security department procedures.
5. Right Answer: B
Explanation: It is most important that security-conscious behavior be encouraged among employees through training that influences expected responses to security incidents.Ensuring that policies are read and understood, giving employees fair warning of potential disciplinary action, or meeting legal and regulatory requirements is important but secondary.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment