CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 134
1. Which of the following is the MOST effective, positive method to promote security awareness?
A) Competitions and rewards for compliance
B) Lock-out after three incorrect password attempts
C) Strict enforcement of password formats
D) Disciplinary action for noncompliance
2. An information security program should focus on:
A) best practices also in place at peer companies.
B) solutions codified in international standards.
C) key controls identified in risk assessments.
D) continued process improvement.
3. Who should determine the appropriate classification of accounting ledger data located on a database server and maintained by a database administrator in the IT department?
A) Database administrator (DBA)
B) Finance department management
C) Information security manager
D) IT department management
4. Which of the following would be the MOST significant security risk in a pharmaceutical institution?
A) Compromised customer information
B) Unavailability of online transactions
C) Theft of security tokens
D) Theft of a Research and Development laptop
5. Which of the following is the BEST tool to maintain the currency and coverage of an information security program within an organization?
A) The program's governance oversight mechanisms
B) Information security periodicals and manuals
C) The program's security architecture and design
D) Training and certification of the information security team
A) Competitions and rewards for compliance
B) Lock-out after three incorrect password attempts
C) Strict enforcement of password formats
D) Disciplinary action for noncompliance
2. An information security program should focus on:
A) best practices also in place at peer companies.
B) solutions codified in international standards.
C) key controls identified in risk assessments.
D) continued process improvement.
3. Who should determine the appropriate classification of accounting ledger data located on a database server and maintained by a database administrator in the IT department?
A) Database administrator (DBA)
B) Finance department management
C) Information security manager
D) IT department management
4. Which of the following would be the MOST significant security risk in a pharmaceutical institution?
A) Compromised customer information
B) Unavailability of online transactions
C) Theft of security tokens
D) Theft of a Research and Development laptop
5. Which of the following is the BEST tool to maintain the currency and coverage of an information security program within an organization?
A) The program's governance oversight mechanisms
B) Information security periodicals and manuals
C) The program's security architecture and design
D) Training and certification of the information security team
1. Right Answer: A
Explanation: Competitions and rewards are a positive encouragement to user participation in the security program. Merely locking users out for forgetting their passwords does not enhance user awareness. Enforcement of password formats and disciplinary actions do not positively promote awareness.
2. Right Answer: C
Explanation: Risk assessment identifies the appropriate controls to mitigate identified business risks that the program should implement to protect the business. Peer industry best practices, international standards and continued process improvement can be used to support the program, but these cannot be blindly implemented without the consideration of business risk.
3. Right Answer: B
Explanation: Data owners are responsible for determining data classification; in this case, management of the finance department would be the owners of accounting ledger data. The database administrator (DBA) and IT management are the custodians of the data who would apply the appropriate security levels for the classification, while the security manager would act as an advisor and enforcer.
4. Right Answer: D
Explanation: The research and development department is usually the most sensitive area of the pharmaceutical organization, Theft of a laptop from this area could result in the disclosure of sensitive formulas and other intellectual property which could represent the greatest security breach. A pharmaceutical organization does not normally have direct contact with end customers and their transactions are not time critical: therefore, compromised customer information and unavailability of online transactions are not the most significant security risks. Theft of security tokens would not be as significant since a pin would still be required for their use.
5. Right Answer: A
Explanation: While choices B, C and D will all assist the currency and coverage of the program, its governance oversight mechanisms are the best method.
Explanation: Competitions and rewards are a positive encouragement to user participation in the security program. Merely locking users out for forgetting their passwords does not enhance user awareness. Enforcement of password formats and disciplinary actions do not positively promote awareness.
2. Right Answer: C
Explanation: Risk assessment identifies the appropriate controls to mitigate identified business risks that the program should implement to protect the business. Peer industry best practices, international standards and continued process improvement can be used to support the program, but these cannot be blindly implemented without the consideration of business risk.
3. Right Answer: B
Explanation: Data owners are responsible for determining data classification; in this case, management of the finance department would be the owners of accounting ledger data. The database administrator (DBA) and IT management are the custodians of the data who would apply the appropriate security levels for the classification, while the security manager would act as an advisor and enforcer.
4. Right Answer: D
Explanation: The research and development department is usually the most sensitive area of the pharmaceutical organization, Theft of a laptop from this area could result in the disclosure of sensitive formulas and other intellectual property which could represent the greatest security breach. A pharmaceutical organization does not normally have direct contact with end customers and their transactions are not time critical: therefore, compromised customer information and unavailability of online transactions are not the most significant security risks. Theft of security tokens would not be as significant since a pin would still be required for their use.
5. Right Answer: A
Explanation: While choices B, C and D will all assist the currency and coverage of the program, its governance oversight mechanisms are the best method.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment