CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 137
1. Which of the following would be the MOST appropriate physical security solution for the main entrance to a data center'?
A) Mantrap
B) Biometric lock
C) Closed-circuit television (CCTV)
D) Security guard
2. What is the GREATEST advantage of documented guidelines and operating procedures from a security perspective?
A) Provide detailed instructions on how to carry out different types of tasks
B) Ensure consistency of activities to provide a more stable environment
C) Ensure compliance to security standards and regulatory requirements
D) Ensure reusability to meet compliance to quality requirements
3. What is the BEST way to ensure data protection upon termination of employment?
A) Retrieve identification badge and card keys
B) Retrieve all personal computer equipment
C) Erase all of the employee's folders
D) Ensure all logical access is removed
4. The MOST important reason for formally documenting security procedures is to ensure:
A) processes are repeatable and sustainable.
B) alignment with business objectives.
C) auditability by regulatory agencies.
D) objective criteria for the application of metrics.
5. Which of the following is the BEST approach for an organization desiring to protect its intellectual property?
A) Conduct awareness sessions on intellectual property policy
B) Require all employees to sign a nondisclosure agreement
C) Promptly remove all access when an employee leaves the organization
D) Restrict access to a need-to-know basis
A) Mantrap
B) Biometric lock
C) Closed-circuit television (CCTV)
D) Security guard
2. What is the GREATEST advantage of documented guidelines and operating procedures from a security perspective?
A) Provide detailed instructions on how to carry out different types of tasks
B) Ensure consistency of activities to provide a more stable environment
C) Ensure compliance to security standards and regulatory requirements
D) Ensure reusability to meet compliance to quality requirements
3. What is the BEST way to ensure data protection upon termination of employment?
A) Retrieve identification badge and card keys
B) Retrieve all personal computer equipment
C) Erase all of the employee's folders
D) Ensure all logical access is removed
4. The MOST important reason for formally documenting security procedures is to ensure:
A) processes are repeatable and sustainable.
B) alignment with business objectives.
C) auditability by regulatory agencies.
D) objective criteria for the application of metrics.
5. Which of the following is the BEST approach for an organization desiring to protect its intellectual property?
A) Conduct awareness sessions on intellectual property policy
B) Require all employees to sign a nondisclosure agreement
C) Promptly remove all access when an employee leaves the organization
D) Restrict access to a need-to-know basis
1. Right Answer: B
Explanation: A biometric device will ensure that only the authorized user can access the data center. A mantrap, by itself, would not be effective. Closed-circuit television(CCTV) and a security guard provide a detective control, but would not be as effective in authenticating the access rights of each individual.
2. Right Answer: B
Explanation: Developing procedures and guidelines to ensure that business processes address information security risk is critical to the management of an information security program. Developing procedures and guidelines establishes a baseline for security program performance and consistency of security activities.
3. Right Answer: D
Explanation: Ensuring all logical access is removed will guarantee that the former employee will not be able to access company data and that the employee's credentials will not be misused. Retrieving identification badge and card keys would only reduce the capability to enter the building. Retrieving the personal computer equipment and the employee's folders are necessary tasks, but that should be done as a second step.
4. Right Answer: A
Explanation: Without formal documentation, it would be difficult to ensure that security processes are performed in the proper manner every time that they are performed.Alignment with business objectives is not a function of formally documenting security procedures. Processes should not be formally documented merely to satisfy an audit requirement. Although potentially useful in the development of metrics, creating formal documentation to assist in the creation of metrics is a secondary objective.
5. Right Answer: D
Explanation: Security awareness regarding intellectual property policy will not prevent violations of this policy. Requiring all employees to sign a nondisclosure agreement and promptly removing all access when an employee leaves the organization are good controls, but not as effective as restricting access to a need-to- know basis.
Explanation: A biometric device will ensure that only the authorized user can access the data center. A mantrap, by itself, would not be effective. Closed-circuit television(CCTV) and a security guard provide a detective control, but would not be as effective in authenticating the access rights of each individual.
2. Right Answer: B
Explanation: Developing procedures and guidelines to ensure that business processes address information security risk is critical to the management of an information security program. Developing procedures and guidelines establishes a baseline for security program performance and consistency of security activities.
3. Right Answer: D
Explanation: Ensuring all logical access is removed will guarantee that the former employee will not be able to access company data and that the employee's credentials will not be misused. Retrieving identification badge and card keys would only reduce the capability to enter the building. Retrieving the personal computer equipment and the employee's folders are necessary tasks, but that should be done as a second step.
4. Right Answer: A
Explanation: Without formal documentation, it would be difficult to ensure that security processes are performed in the proper manner every time that they are performed.Alignment with business objectives is not a function of formally documenting security procedures. Processes should not be formally documented merely to satisfy an audit requirement. Although potentially useful in the development of metrics, creating formal documentation to assist in the creation of metrics is a secondary objective.
5. Right Answer: D
Explanation: Security awareness regarding intellectual property policy will not prevent violations of this policy. Requiring all employees to sign a nondisclosure agreement and promptly removing all access when an employee leaves the organization are good controls, but not as effective as restricting access to a need-to- know basis.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment