CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 141
1. Which of the following is the MOST effective at preventing an unauthorized individual from following an authorized person through a secured entrance (tailgating or piggybacking)?
A) Card-key door locks
B) Photo identification
C) Biometric scanners
D) Awareness training
2. Data owners will determine what access and authorizations users will have by:
A) delegating authority to data custodian.
B) cloning existing user accounts.
C) determining hierarchical preferences.
D) mapping to business needs.
3. Which of the following is the MOST likely outcome of a well-designed information security awareness course?
A) Increased reporting of security incidents to the incident response function
B) Decreased reporting of security incidents to the incident response function
C) Decrease in the number of password resets
D) Increase in the number of identified system vulnerabilities
4. Which item would be the BEST to include in the information security awareness training program for new general staff employees?
A) Review of various security models
B) Discussion of how to construct strong passwords
C) Review of roles that have privileged access
D) Discussion of vulnerability assessment results
5. A critical component of a continuous improvement program for information security is:
A) measuring processes and providing feedback.
B) developing a service level agreement (SLA) for security.
C) tying corporate security standards to a recognized international standard.
D) ensuring regulatory compliance.
A) Card-key door locks
B) Photo identification
C) Biometric scanners
D) Awareness training
2. Data owners will determine what access and authorizations users will have by:
A) delegating authority to data custodian.
B) cloning existing user accounts.
C) determining hierarchical preferences.
D) mapping to business needs.
3. Which of the following is the MOST likely outcome of a well-designed information security awareness course?
A) Increased reporting of security incidents to the incident response function
B) Decreased reporting of security incidents to the incident response function
C) Decrease in the number of password resets
D) Increase in the number of identified system vulnerabilities
4. Which item would be the BEST to include in the information security awareness training program for new general staff employees?
A) Review of various security models
B) Discussion of how to construct strong passwords
C) Review of roles that have privileged access
D) Discussion of vulnerability assessment results
5. A critical component of a continuous improvement program for information security is:
A) measuring processes and providing feedback.
B) developing a service level agreement (SLA) for security.
C) tying corporate security standards to a recognized international standard.
D) ensuring regulatory compliance.
1. Right Answer: D
Explanation: Awareness training would most likely result in any attempted tailgating being challenged by the authorized employee. The other choices are physical controls which by themselves would not be effective against tailgating.
2. Right Answer: D
Explanation: Access and authorizations should be based on business needs. Data custodians implement the decisions made by data owners. Access and authorizations are not to be assigned by cloning existing user accounts or determining hierarchical preferences. By cloning, users may obtain more access rights and privileges than is required to do their job. Hierarchical preferences may be based on individual preferences and not on business needs.
3. Right Answer: A
Explanation: A well-organized information security awareness course informs all employees of existing security policies, the importance of following safe practices for data security anil the need to report any possible security incidents to the appropriate individuals in the organization. The other choices would not be the likely outcomes.
4. Right Answer: B
Explanation:
5. Right Answer: A
Explanation: If an organization is unable to take measurements that will improve the level of its safety program. then continuous improvement is not possible. Although desirable, developing a service level agreement (SLA) for security, tying corporate security standards to a recognized international standard and ensuring regulatory compliance are not critical components for a continuous improvement program.
Explanation: Awareness training would most likely result in any attempted tailgating being challenged by the authorized employee. The other choices are physical controls which by themselves would not be effective against tailgating.
2. Right Answer: D
Explanation: Access and authorizations should be based on business needs. Data custodians implement the decisions made by data owners. Access and authorizations are not to be assigned by cloning existing user accounts or determining hierarchical preferences. By cloning, users may obtain more access rights and privileges than is required to do their job. Hierarchical preferences may be based on individual preferences and not on business needs.
3. Right Answer: A
Explanation: A well-organized information security awareness course informs all employees of existing security policies, the importance of following safe practices for data security anil the need to report any possible security incidents to the appropriate individuals in the organization. The other choices would not be the likely outcomes.
4. Right Answer: B
Explanation:
5. Right Answer: A
Explanation: If an organization is unable to take measurements that will improve the level of its safety program. then continuous improvement is not possible. Although desirable, developing a service level agreement (SLA) for security, tying corporate security standards to a recognized international standard and ensuring regulatory compliance are not critical components for a continuous improvement program.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment