CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 136
1. When a new key business application goes into production, the PRIMARY reason to update relevant business impact analysis (BIA) and business continuity/ disaster recovery plans is because:
A) this is a requirement of the security policy.
B) software licenses may expire in the future without warning.
C) the asset inventory must be maintained.
D) service level agreements may not otherwise be met.
2. To reduce the possibility of service interruptions, an entity enters into contracts with multiple Internet service providers (ISPs). Which of the following would be theMOST important item to include?
A) Service level agreements (SLAs)
B) Right to audit clause
C) Intrusion detection system (IDS) services
D) Spam filtering services
3. To mitigate a situation where one of the programmers of an application requires access to production data, the information security manager could BEST recommend to.
A) create a separate account for the programmer as a power user.
B) log all of the programmers' activity for review by supervisor.
C) have the programmer sign a letter accepting full responsibility.
D) perform regular audits of the application.
4. Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:
A) are compatible with the provider's own classification.
B) are communicated to the provider.
C) exceed those of the outsourcer.
D) are stated in the contract.
5. What is the GREATEST risk when there is an excessive number of firewall rules?
A) One rule may override another rule in the chain and create a loophole
B) Performance degradation of the whole network
C) The firewall may not support the increasing number of rules due to limitations
D) The firewall may show abnormal behavior and may crash or automatically shut down
A) this is a requirement of the security policy.
B) software licenses may expire in the future without warning.
C) the asset inventory must be maintained.
D) service level agreements may not otherwise be met.
2. To reduce the possibility of service interruptions, an entity enters into contracts with multiple Internet service providers (ISPs). Which of the following would be theMOST important item to include?
A) Service level agreements (SLAs)
B) Right to audit clause
C) Intrusion detection system (IDS) services
D) Spam filtering services
3. To mitigate a situation where one of the programmers of an application requires access to production data, the information security manager could BEST recommend to.
A) create a separate account for the programmer as a power user.
B) log all of the programmers' activity for review by supervisor.
C) have the programmer sign a letter accepting full responsibility.
D) perform regular audits of the application.
4. Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:
A) are compatible with the provider's own classification.
B) are communicated to the provider.
C) exceed those of the outsourcer.
D) are stated in the contract.
5. What is the GREATEST risk when there is an excessive number of firewall rules?
A) One rule may override another rule in the chain and create a loophole
B) Performance degradation of the whole network
C) The firewall may not support the increasing number of rules due to limitations
D) The firewall may show abnormal behavior and may crash or automatically shut down
1. Right Answer: D
Explanation: The key requirement is to preserve availability of business operations. Choice A is a correct compliance requirement, but is not the main objective in this case.Choices B and C are supplementary requirements for business continuity/disaster recovery planning.
2. Right Answer: A
Explanation: Service level agreements (SLA) will be most effective in ensuring that Internet service providers (ISPs) comply with expectations for service availability. Intrusion detection system (IDS) and spam filtering services would not mitigate (as directly) the potential for service interruptions. A right-to-audit clause would not be effective in mitigating the likelihood of a service interruption.
3. Right Answer: B
Explanation: It is not always possible to provide adequate segregation of duties between programming and operations in order to meet certain business requirements. A mitigating control is to record all of the programmers' actions for later review by their supervisor, which would reduce the likelihood of any inappropriate action on the part of the programmer. Choices A, C and D do not solve the problem.
4. Right Answer: D
Explanation: The most effective mechanism to ensure that the organization's security standards are met by a third party, would be a legal agreement. Choices A. B and C are acceptable options, but not as comprehensive or as binding as a legal contract.
5. Right Answer: A
Explanation: If there are many firewall rules, there is a chance that a particular rule may allow an external connection although other associated rules are overridden. Due to the increasing number of rules, it becomes complex to test them and. over time, a loophole may occur.
Explanation: The key requirement is to preserve availability of business operations. Choice A is a correct compliance requirement, but is not the main objective in this case.Choices B and C are supplementary requirements for business continuity/disaster recovery planning.
2. Right Answer: A
Explanation: Service level agreements (SLA) will be most effective in ensuring that Internet service providers (ISPs) comply with expectations for service availability. Intrusion detection system (IDS) and spam filtering services would not mitigate (as directly) the potential for service interruptions. A right-to-audit clause would not be effective in mitigating the likelihood of a service interruption.
3. Right Answer: B
Explanation: It is not always possible to provide adequate segregation of duties between programming and operations in order to meet certain business requirements. A mitigating control is to record all of the programmers' actions for later review by their supervisor, which would reduce the likelihood of any inappropriate action on the part of the programmer. Choices A, C and D do not solve the problem.
4. Right Answer: D
Explanation: The most effective mechanism to ensure that the organization's security standards are met by a third party, would be a legal agreement. Choices A. B and C are acceptable options, but not as comprehensive or as binding as a legal contract.
5. Right Answer: A
Explanation: If there are many firewall rules, there is a chance that a particular rule may allow an external connection although other associated rules are overridden. Due to the increasing number of rules, it becomes complex to test them and. over time, a loophole may occur.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment