CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 132
1. In organizations where availability is a primary concern, the MOST critical success factor of the patch management procedure would be the:
A) testing time window prior to deployment.
B) technical skills of the team responsible.
C) certification of validity for deployment.
D) automated deployment to all the servers.
2. To ensure that all information security procedures are functional and accurate, they should be designed with the involvement of:
A) end users.
B) legal counsel.
C) operational units.
D) audit management.
3. An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?
A) Review the procedures for granting access
B) Establish procedures for granting emergency access
C) Meet with data owners to understand business needs
D) Redefine and implement proper access rights
4. When security policies are strictly enforced, the initial impact is that:
A) they may have to be modified more frequently.
B) they will be less subject to challenge.
C) the total cost of security is increased.
D) the need for compliance reviews is decreased.
5. A business partner of a factory has remote read-only access to material inventory to forecast future acquisition orders. An information security manager shouldPRIMARILY ensure that there is:
A) an effective control over connectivity and continuity.
B) a service level agreement (SLA) including code escrow.
C) a business impact analysis (BIA).
D) a third-party certification.
A) testing time window prior to deployment.
B) technical skills of the team responsible.
C) certification of validity for deployment.
D) automated deployment to all the servers.
2. To ensure that all information security procedures are functional and accurate, they should be designed with the involvement of:
A) end users.
B) legal counsel.
C) operational units.
D) audit management.
3. An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?
A) Review the procedures for granting access
B) Establish procedures for granting emergency access
C) Meet with data owners to understand business needs
D) Redefine and implement proper access rights
4. When security policies are strictly enforced, the initial impact is that:
A) they may have to be modified more frequently.
B) they will be less subject to challenge.
C) the total cost of security is increased.
D) the need for compliance reviews is decreased.
5. A business partner of a factory has remote read-only access to material inventory to forecast future acquisition orders. An information security manager shouldPRIMARILY ensure that there is:
A) an effective control over connectivity and continuity.
B) a service level agreement (SLA) including code escrow.
C) a business impact analysis (BIA).
D) a third-party certification.
1. Right Answer: A
Explanation: Having the patch tested prior to implementation on critical systems is an absolute prerequisite where availability is a primary concern because deploying patches that could cause a system to fail could be worse than the vulnerability corrected by the patch. It makes no sense to deploy patches on every system. Vulnerable systems should be the only candidate for patching. Patching skills are not required since patches are more often applied via automated tools.
2. Right Answer: C
Explanation: Procedures at the operational level must be developed by or with the involvement of operational units that will use them. This will ensure that they are functional and accurate. End users and legal counsel are normally not involved in procedure development. Audit management generally oversees information security operations but does not get involved at the procedural level.
3. Right Answer: C
Explanation: An information security manager must understand the business needs that motivated the change prior to taking any unilateral action. Following this, all other choices could be correct depending on the priorities set by the business unit.
4. Right Answer: C
Explanation: When security policies are strictly enforced, more resources are initially required, thereby increasing, the total cost of security. There would be less need for frequent modification. Challenges would be rare and the need for compliance reviews would not necessarily be less.
5. Right Answer: A
Explanation: The principal risk focus is the connection procedures to maintain continuity in case of any contingency. Although an information security manager may be interested in the service level agreement (SLA), code escrow is not a concern. A business impact analysis (BIA) refers to contingency planning and not to system access. Third-party certification does not provide any assurance of controls over connectivity to maintain continuity.
Explanation: Having the patch tested prior to implementation on critical systems is an absolute prerequisite where availability is a primary concern because deploying patches that could cause a system to fail could be worse than the vulnerability corrected by the patch. It makes no sense to deploy patches on every system. Vulnerable systems should be the only candidate for patching. Patching skills are not required since patches are more often applied via automated tools.
2. Right Answer: C
Explanation: Procedures at the operational level must be developed by or with the involvement of operational units that will use them. This will ensure that they are functional and accurate. End users and legal counsel are normally not involved in procedure development. Audit management generally oversees information security operations but does not get involved at the procedural level.
3. Right Answer: C
Explanation: An information security manager must understand the business needs that motivated the change prior to taking any unilateral action. Following this, all other choices could be correct depending on the priorities set by the business unit.
4. Right Answer: C
Explanation: When security policies are strictly enforced, more resources are initially required, thereby increasing, the total cost of security. There would be less need for frequent modification. Challenges would be rare and the need for compliance reviews would not necessarily be less.
5. Right Answer: A
Explanation: The principal risk focus is the connection procedures to maintain continuity in case of any contingency. Although an information security manager may be interested in the service level agreement (SLA), code escrow is not a concern. A business impact analysis (BIA) refers to contingency planning and not to system access. Third-party certification does not provide any assurance of controls over connectivity to maintain continuity.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment