CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 139
1. An information security manager wishing to establish security baselines would:
A) include appropriate measurements in the system development life cycle.
B) implement the security baselines to establish information security best practices.
C) implement the security baselines to fulfill laws and applicable regulations in different jurisdictions.
D) leverage information security as a competitive advantage.
2. Requiring all employees and contractors to meet personnel security/suitability requirements commensurate with their position sensitivity level and subject to personnel screening is an example of a security:
A) policy.
B) strategy.
C) guideline
D) baseline.
3. An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. The MOST important element of the request for proposal (RIP) is the:
A) references from other organizations.
B) past experience of the engagement team.
C) sample deliverable.
D) methodology used in the assessment.
4. Several business units reported problems with their systems after multiple security patches were deployed. The FIRST step in handling this problem would be to:
A) assess the problems and institute rollback procedures, if needed.
B) disconnect the systems from the network until the problems are corrected.
C) immediately uninstall the patches from these systems.
D) immediately contact the vendor regarding the problems that occurred.
5. When defining a service level agreement (SLA) regarding the level of data confidentiality that is handled by a third-party service provider, the BEST indicator of compliance would be the:
A) access control matrix.
B) encryption strength.
C) authentication mechanism.
D) data repository.
A) include appropriate measurements in the system development life cycle.
B) implement the security baselines to establish information security best practices.
C) implement the security baselines to fulfill laws and applicable regulations in different jurisdictions.
D) leverage information security as a competitive advantage.
2. Requiring all employees and contractors to meet personnel security/suitability requirements commensurate with their position sensitivity level and subject to personnel screening is an example of a security:
A) policy.
B) strategy.
C) guideline
D) baseline.
3. An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. The MOST important element of the request for proposal (RIP) is the:
A) references from other organizations.
B) past experience of the engagement team.
C) sample deliverable.
D) methodology used in the assessment.
4. Several business units reported problems with their systems after multiple security patches were deployed. The FIRST step in handling this problem would be to:
A) assess the problems and institute rollback procedures, if needed.
B) disconnect the systems from the network until the problems are corrected.
C) immediately uninstall the patches from these systems.
D) immediately contact the vendor regarding the problems that occurred.
5. When defining a service level agreement (SLA) regarding the level of data confidentiality that is handled by a third-party service provider, the BEST indicator of compliance would be the:
A) access control matrix.
B) encryption strength.
C) authentication mechanism.
D) data repository.
1. Right Answer: B
Explanation: While including appropriate measurements in the system development life cycle may indicate a security baseline practice; these are wider in scope and, thus, implementing security baselines to establish information security best practices is the appropriate answer. Implementing security baselines to fulfill laws and applicable regulations in different jurisdictions, and leveraging information security as a competitive advantage may be supplementary benefits of using security baselines.
2. Right Answer: A
Explanation: A security policy is a general statement to define management objectives with respect to security. The security strategy addresses higher level issues. Guidelines are optional actions and operational tasks. A security baseline is a set of minimum requirements that is acceptable to an organization.
3. Right Answer: D
Explanation: Methodology illustrates the process and formulates the basis to align expectations and the execution of the assessment. This also provides a picture of what is required of all parties involved in the assessment. References from other organizations are important, but not as important as the methodology used in the assessment. Past experience of the engagement team is not as important as the methodology used. Sample deliverables only tell how the assessment is presented, not the process.
4. Right Answer: A
Explanation: Assessing the problems and instituting rollback procedures as needed would be the best course of action. Choices B and C would not identify where the problem was, and may in fact make the problem worse. Choice D is part of the assessment.
5. Right Answer: A
Explanation: The access control matrix is the best indicator of the level of compliance with the service level agreement (SLA) data confidentiality clauses. Encryption strength, authentication mechanism and data repository might be defined in the SLA but are not confidentiality compliance indicators.
Explanation: While including appropriate measurements in the system development life cycle may indicate a security baseline practice; these are wider in scope and, thus, implementing security baselines to establish information security best practices is the appropriate answer. Implementing security baselines to fulfill laws and applicable regulations in different jurisdictions, and leveraging information security as a competitive advantage may be supplementary benefits of using security baselines.
2. Right Answer: A
Explanation: A security policy is a general statement to define management objectives with respect to security. The security strategy addresses higher level issues. Guidelines are optional actions and operational tasks. A security baseline is a set of minimum requirements that is acceptable to an organization.
3. Right Answer: D
Explanation: Methodology illustrates the process and formulates the basis to align expectations and the execution of the assessment. This also provides a picture of what is required of all parties involved in the assessment. References from other organizations are important, but not as important as the methodology used in the assessment. Past experience of the engagement team is not as important as the methodology used. Sample deliverables only tell how the assessment is presented, not the process.
4. Right Answer: A
Explanation: Assessing the problems and instituting rollback procedures as needed would be the best course of action. Choices B and C would not identify where the problem was, and may in fact make the problem worse. Choice D is part of the assessment.
5. Right Answer: A
Explanation: The access control matrix is the best indicator of the level of compliance with the service level agreement (SLA) data confidentiality clauses. Encryption strength, authentication mechanism and data repository might be defined in the SLA but are not confidentiality compliance indicators.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment