CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 124
1. Which of the following will BEST protect against malicious activity by a former employee?
A) Preemployment screening
B) Close monitoring of users
C) Periodic awareness training
D) Effective termination procedures
2. Which of the following represents a PRIMARY area of interest when conducting a penetration test?
A) Data mining
B) Network mapping
C) Intrusion Detection System (IDS)
D) Customer data
3. The return on investment of information security can BEST be evaluated through which of the following?
A) Support of business objectives
B) Security metrics
C) Security deliverables
D) Process improvement models
4. To help ensure that contract personnel do not obtain unauthorized access to sensitive information, an information security manager should PRIMARILY:
A) set their accounts to expire in six months or less.
B) avoid granting system administration roles.
C) ensure they successfully pass background checks.
D) ensure their access is approved by the data owner.
5. Information security policies should:
A) address corporate network vulnerabilities.
B) address the process for communicating a violation.
C) be straightforward and easy to understand.
D) be customized to specific groups and roles.
A) Preemployment screening
B) Close monitoring of users
C) Periodic awareness training
D) Effective termination procedures
2. Which of the following represents a PRIMARY area of interest when conducting a penetration test?
A) Data mining
B) Network mapping
C) Intrusion Detection System (IDS)
D) Customer data
3. The return on investment of information security can BEST be evaluated through which of the following?
A) Support of business objectives
B) Security metrics
C) Security deliverables
D) Process improvement models
4. To help ensure that contract personnel do not obtain unauthorized access to sensitive information, an information security manager should PRIMARILY:
A) set their accounts to expire in six months or less.
B) avoid granting system administration roles.
C) ensure they successfully pass background checks.
D) ensure their access is approved by the data owner.
5. Information security policies should:
A) address corporate network vulnerabilities.
B) address the process for communicating a violation.
C) be straightforward and easy to understand.
D) be customized to specific groups and roles.
1. Right Answer: D
Explanation: When an employee leaves an organization, the former employee may attempt to use their credentials to perform unauthorized or malicious activity. Accordingly, it is important to ensure timely revocation of all access at the time an individual is terminated. Security awareness training, preemployment screening and monitoring are all important, but are not as effective in preventing this type of situation.
2. Right Answer: B
Explanation: Network mapping is the process of determining the topology of the network one wishes to penetrate. This is one of the first steps toward determining points of attack in a network. Data mining is associated with ad hoc reporting and. together with customer data, they are potential targets after the network is penetrated.The intrusion detection mechanism in place is not an area of focus because one of the objectives is to determine how effectively it protects the network or how easy it is to circumvent.
3. Right Answer: A
Explanation: One way to determine the return on security investment is to illustrate how information security supports the achievement of business objectives. Security metrics measure improvement and effectiveness within the security practice but do not tie to business objectives. Similarly, listing deliverables and creating process improvement models does not necessarily tie into business objectives.
4. Right Answer: B
Explanation: Contract personnel should not be given job duties that provide them with power user or other administrative roles that they could then use to grant themselves access to sensitive files. Setting expiration dates, requiring background checks and having the data owner assign access are all positive elements, but these will not prevent contract personnel from obtaining access to sensitive information.
5. Right Answer: C
Explanation: As high-level statements, information security policies should be straightforward and easy to understand. They arc high-level and, therefore, do not address network vulnerabilities directly or the process for communicating a violation. As policies, they should provide a uniform message to all groups and user roles.
Explanation: When an employee leaves an organization, the former employee may attempt to use their credentials to perform unauthorized or malicious activity. Accordingly, it is important to ensure timely revocation of all access at the time an individual is terminated. Security awareness training, preemployment screening and monitoring are all important, but are not as effective in preventing this type of situation.
2. Right Answer: B
Explanation: Network mapping is the process of determining the topology of the network one wishes to penetrate. This is one of the first steps toward determining points of attack in a network. Data mining is associated with ad hoc reporting and. together with customer data, they are potential targets after the network is penetrated.The intrusion detection mechanism in place is not an area of focus because one of the objectives is to determine how effectively it protects the network or how easy it is to circumvent.
3. Right Answer: A
Explanation: One way to determine the return on security investment is to illustrate how information security supports the achievement of business objectives. Security metrics measure improvement and effectiveness within the security practice but do not tie to business objectives. Similarly, listing deliverables and creating process improvement models does not necessarily tie into business objectives.
4. Right Answer: B
Explanation: Contract personnel should not be given job duties that provide them with power user or other administrative roles that they could then use to grant themselves access to sensitive files. Setting expiration dates, requiring background checks and having the data owner assign access are all positive elements, but these will not prevent contract personnel from obtaining access to sensitive information.
5. Right Answer: C
Explanation: As high-level statements, information security policies should be straightforward and easy to understand. They arc high-level and, therefore, do not address network vulnerabilities directly or the process for communicating a violation. As policies, they should provide a uniform message to all groups and user roles.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment