CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 130
1. What is the MOST appropriate change management procedure for the handling of emergency program changes?
A) Formal documentation does not need to be completed before the change
B) Business management approval must be obtained prior to the change
C) Documentation is completed with approval soon after the change
D) All changes must follow the same process
2. Who is ultimately responsible for ensuring that information is categorized and that protective measures are taken?
A) Information security officer
B) Security steering committee
C) Data owner
D) Data custodian
3. The PRIMARY focus of the change control process is to ensure that changes are:
A) authorized.
B) applied.
C) documented.
D) tested.
4. An information security manager has been asked to develop a change control process. What is the FIRST thing the information security manager should do?
A) Research best practices
B) Meet with stakeholders
C) Establish change control procedures
D) Identify critical systems
5. A critical device is delivered with a single user and password that is required to be shared for multiple users to access the device. An information security manager has been tasked with ensuring all access to the device is authorized. Which of the following would be the MOST efficient means to accomplish this?
A) Enable access through a separate device that requires adequate authentication
B) Implement manual procedures that require password change after each use
C) Request the vendor to add multiple user IDs
D) Analyze the logs to detect unauthorized access
A) Formal documentation does not need to be completed before the change
B) Business management approval must be obtained prior to the change
C) Documentation is completed with approval soon after the change
D) All changes must follow the same process
2. Who is ultimately responsible for ensuring that information is categorized and that protective measures are taken?
A) Information security officer
B) Security steering committee
C) Data owner
D) Data custodian
3. The PRIMARY focus of the change control process is to ensure that changes are:
A) authorized.
B) applied.
C) documented.
D) tested.
4. An information security manager has been asked to develop a change control process. What is the FIRST thing the information security manager should do?
A) Research best practices
B) Meet with stakeholders
C) Establish change control procedures
D) Identify critical systems
5. A critical device is delivered with a single user and password that is required to be shared for multiple users to access the device. An information security manager has been tasked with ensuring all access to the device is authorized. Which of the following would be the MOST efficient means to accomplish this?
A) Enable access through a separate device that requires adequate authentication
B) Implement manual procedures that require password change after each use
C) Request the vendor to add multiple user IDs
D) Analyze the logs to detect unauthorized access
1. Right Answer: C
Explanation: Even in the case of an emergency change, all change management procedure steps should be completed as in the case of normal changes. The difference lies in the timing of certain events. With an emergency change, it is permissible to obtain certain approvals and other documentation on 'the morning after' once the emergency has been satisfactorily resolved. Obtaining business approval prior to the change is ideal but not always possible.
2. Right Answer: B
Explanation: Routine administration of all aspects of security is delegated, but senior management must retain overall responsibility. The information security officer supports and implements information security for senior management. The data owner is responsible for categorizing data security requirements. The data custodian supports and implements information security as directed.
3. Right Answer: A
Explanation: All steps in the change control process must be signed off on to ensure proper authorization. It is important that changes are applied, documented and tested; however, they are not the primary focus.
4. Right Answer: B
Explanation: No new process will be successful unless it is adhered to by all stakeholders; to the extent stakeholders have input, they can be expected to follow the process.Without consensus agreement from the stakeholders, the scope of the research is too wide; input on the current environment is necessary to focus research effectively. It is premature to implement procedures without stakeholder consensus and research. Without knowing what the process will be the parameters to baseline are unknown as well.
5. Right Answer: A
Explanation: Choice A is correct because it allows authentication tokens to be provisioned and terminated for individuals and also introduces the possibility of logging activity by individual. Choice B is not effective because users can circumvent the manual procedures. Choice C is not the best option because vendor enhancements may take time and development, and this is a critical device. Choice D could, in some cases, be an effective complementary control but. because it is detective, it would not be the most effective in this instance.
Explanation: Even in the case of an emergency change, all change management procedure steps should be completed as in the case of normal changes. The difference lies in the timing of certain events. With an emergency change, it is permissible to obtain certain approvals and other documentation on 'the morning after' once the emergency has been satisfactorily resolved. Obtaining business approval prior to the change is ideal but not always possible.
2. Right Answer: B
Explanation: Routine administration of all aspects of security is delegated, but senior management must retain overall responsibility. The information security officer supports and implements information security for senior management. The data owner is responsible for categorizing data security requirements. The data custodian supports and implements information security as directed.
3. Right Answer: A
Explanation: All steps in the change control process must be signed off on to ensure proper authorization. It is important that changes are applied, documented and tested; however, they are not the primary focus.
4. Right Answer: B
Explanation: No new process will be successful unless it is adhered to by all stakeholders; to the extent stakeholders have input, they can be expected to follow the process.Without consensus agreement from the stakeholders, the scope of the research is too wide; input on the current environment is necessary to focus research effectively. It is premature to implement procedures without stakeholder consensus and research. Without knowing what the process will be the parameters to baseline are unknown as well.
5. Right Answer: A
Explanation: Choice A is correct because it allows authentication tokens to be provisioned and terminated for individuals and also introduces the possibility of logging activity by individual. Choice B is not effective because users can circumvent the manual procedures. Choice C is not the best option because vendor enhancements may take time and development, and this is a critical device. Choice D could, in some cases, be an effective complementary control but. because it is detective, it would not be the most effective in this instance.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment