CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 128
1. Which of the following is MOST important for measuring the effectiveness of a security awareness program?
A) Reduced number of security violation reports
B) A quantitative evaluation to ensure user comprehension
C) Increased interest in focus groups on security issues
D) Increased number of security violation reports
2. Which of the following is the MOST important action to take when engaging third-party consultants to conduct an attack and penetration test?
A) Request a list of the software to be used
B) Provide clear directions to IT staff
C) Monitor intrusion detection system (IDS) and firewall logs closely
D) Establish clear rules of engagement
3. Which of the following will BEST prevent an employee from using a USB drive to copy files from desktop computers?
A) Restrict the available drive allocation on all PCs
B) Disable universal serial bus (USB) ports on all desktop devices
C) Conduct frequent awareness training with noncompliance penalties
D) Establish strict access controls to sensitive information
4. Which of the following is the MOST important area of focus when examining potential security compromise of a new wireless network?
A) Signal strength
B) Number of administrators
C) Bandwidth
D) Encryption strength
5. Good information security standards should:
A) define precise and unambiguous allowable limits.
B) describe the process for communicating violations.
C) address high-level objectives of the organization.
D) be updated frequently as new software is released.
A) Reduced number of security violation reports
B) A quantitative evaluation to ensure user comprehension
C) Increased interest in focus groups on security issues
D) Increased number of security violation reports
2. Which of the following is the MOST important action to take when engaging third-party consultants to conduct an attack and penetration test?
A) Request a list of the software to be used
B) Provide clear directions to IT staff
C) Monitor intrusion detection system (IDS) and firewall logs closely
D) Establish clear rules of engagement
3. Which of the following will BEST prevent an employee from using a USB drive to copy files from desktop computers?
A) Restrict the available drive allocation on all PCs
B) Disable universal serial bus (USB) ports on all desktop devices
C) Conduct frequent awareness training with noncompliance penalties
D) Establish strict access controls to sensitive information
4. Which of the following is the MOST important area of focus when examining potential security compromise of a new wireless network?
A) Signal strength
B) Number of administrators
C) Bandwidth
D) Encryption strength
5. Good information security standards should:
A) define precise and unambiguous allowable limits.
B) describe the process for communicating violations.
C) address high-level objectives of the organization.
D) be updated frequently as new software is released.
1. Right Answer: B
Explanation: To truly judge the effectiveness of security awareness training, some means of measurable testing is necessary to confirm user comprehension. Focus groups may or may not provide meaningful feedback but, in and of themselves, do not provide metrics. An increase or reduction in the number of violation reports may not be indicative of a high level of security awareness.
2. Right Answer: D
Explanation: It is critical to establish a clear understanding on what is permissible during the engagement. Otherwise, the tester may inadvertently trigger a system outage or inadvertently corrupt files. Not as important, but still useful, is to request a list of what software will be used. As for monitoring the intrusion detection system (IDS) and firewall, and providing directions to IT staff, it is better not to alert those responsible for monitoring (other than at the management level), so that the effectiveness of that monitoring can be accurately assessed.
3. Right Answer: A
Explanation: Restricting the ability of a PC to allocate new drive letters ensures that universal serial bus (USB) drives or even CD-writers cannot be attached as they would not be recognized by the operating system. Disabling USB ports on all machines is not practical since mice and other peripherals depend on these connections.Awareness training and sanctions do not prevent copying of information nor do access controls.
4. Right Answer: B
Explanation: The number of individuals with access to the network configuration presents a security risk. Encryption strength is an area where wireless networks tend to fall short; however, the potential to compromise the entire network is higher when an inappropriate number of people can alter the configuration. Signal strength and network bandwidth are secondary issues.
5. Right Answer: A
Explanation: A security standard should clearly state what is allowable; it should not change frequently. The process for communicating violations would be addressed by a security procedure, not a standard. High-level objectives of an organization would normally be addressed in a security policy.
Explanation: To truly judge the effectiveness of security awareness training, some means of measurable testing is necessary to confirm user comprehension. Focus groups may or may not provide meaningful feedback but, in and of themselves, do not provide metrics. An increase or reduction in the number of violation reports may not be indicative of a high level of security awareness.
2. Right Answer: D
Explanation: It is critical to establish a clear understanding on what is permissible during the engagement. Otherwise, the tester may inadvertently trigger a system outage or inadvertently corrupt files. Not as important, but still useful, is to request a list of what software will be used. As for monitoring the intrusion detection system (IDS) and firewall, and providing directions to IT staff, it is better not to alert those responsible for monitoring (other than at the management level), so that the effectiveness of that monitoring can be accurately assessed.
3. Right Answer: A
Explanation: Restricting the ability of a PC to allocate new drive letters ensures that universal serial bus (USB) drives or even CD-writers cannot be attached as they would not be recognized by the operating system. Disabling USB ports on all machines is not practical since mice and other peripherals depend on these connections.Awareness training and sanctions do not prevent copying of information nor do access controls.
4. Right Answer: B
Explanation: The number of individuals with access to the network configuration presents a security risk. Encryption strength is an area where wireless networks tend to fall short; however, the potential to compromise the entire network is higher when an inappropriate number of people can alter the configuration. Signal strength and network bandwidth are secondary issues.
5. Right Answer: A
Explanation: A security standard should clearly state what is allowable; it should not change frequently. The process for communicating violations would be addressed by a security procedure, not a standard. High-level objectives of an organization would normally be addressed in a security policy.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment