CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 143
1. An organization plans to outsource its customer relationship management (CRM) to a third-party service provider. Which of the following should the organization do FIRST?
A) Request that the third-party provider perform background checks on their employees.
B) Perform an internal risk assessment to determine needed controls.
C) Audit the third-party provider to evaluate their security controls.
D) Perform a security assessment to detect security vulnerabilities.
2. Which of the following would raise security awareness among an organization's employees?
A) Distributing industry statistics about security incidents
B) Monitoring the magnitude of incidents
C) Encouraging employees to behave in a more conscious manner
D) Continually reinforcing the security policy
3. Which of the following is the MOST appropriate method of ensuring password strength in a large organization?
A) Attempt to reset several passwords to weaker values
B) Install code to capture passwords for periodic audit
C) Sample a subset of users and request their passwords for review
D) Review general security settings on each platform
4. What is the MOST cost-effective method of identifying new vendor vulnerabilities?
A) External vulnerability reporting sources
B) Periodic vulnerability assessments performed by consultants
C) Intrusion prevention software
D) honey pots located in the DMZ
5. Which of the following is the BEST approach for improving information security management processes?
A) Conduct periodic security audits.
B) Perform periodic penetration testing.
C) Define and monitor security metrics.
D) Survey business units for feedback.
A) Request that the third-party provider perform background checks on their employees.
B) Perform an internal risk assessment to determine needed controls.
C) Audit the third-party provider to evaluate their security controls.
D) Perform a security assessment to detect security vulnerabilities.
2. Which of the following would raise security awareness among an organization's employees?
A) Distributing industry statistics about security incidents
B) Monitoring the magnitude of incidents
C) Encouraging employees to behave in a more conscious manner
D) Continually reinforcing the security policy
3. Which of the following is the MOST appropriate method of ensuring password strength in a large organization?
A) Attempt to reset several passwords to weaker values
B) Install code to capture passwords for periodic audit
C) Sample a subset of users and request their passwords for review
D) Review general security settings on each platform
4. What is the MOST cost-effective method of identifying new vendor vulnerabilities?
A) External vulnerability reporting sources
B) Periodic vulnerability assessments performed by consultants
C) Intrusion prevention software
D) honey pots located in the DMZ
5. Which of the following is the BEST approach for improving information security management processes?
A) Conduct periodic security audits.
B) Perform periodic penetration testing.
C) Define and monitor security metrics.
D) Survey business units for feedback.
1. Right Answer: B
Explanation: An internal risk assessment should be performed to identify the risk and determine needed controls. A background check should be a standard requirement for the service provider. Audit objectives should be determined from the risk assessment results. Security assessment does not cover the operational risks.
2. Right Answer: D
Explanation: Employees must be continually made aware of the policy and expectations of their behavior. Choice A would have little relevant bearing on the employee's behavior. Choice B does not involve the employees. Choice C could be an aspect of continual reinforcement of the security policy.
3. Right Answer: D
Explanation: Reviewing general security settings on each platform will be the most efficient method for determining password strength while not compromising the integrity of the passwords. Attempting to reset several passwords to weaker values may not highlight certain weaknesses. Installing code to capture passwords for periodic audit, and sampling a subset of users and requesting their passwords for review, would compromise the integrity of the passwords.
4. Right Answer: A
Explanation: External vulnerability sources are going to be the most cost-effective method of identifying these vulnerabilities. The cost involved in choices B and C would be much higher, especially if performed at regular intervals. Honeypots would not identify all vendor vulnerabilities. In addition, honeypots located in the DMZ can create a security risk if the production network is not well protected from traffic from compromised honey pots.
5. Right Answer: C
Explanation: Defining and monitoring security metrics is a good approach to analyze the performance of the security management process since it determines the baseline and evaluates the performance against the baseline to identify an opportunity for improvement. This is a systematic and structured approach to process improvement.Audits will identify deficiencies in established controls; however, they are not effective in evaluating the overall performance for improvement. Penetration testing will only uncover technical vulnerabilities, and cannot provide a holistic picture of information security management, feedback is subjective and not necessarily reflective of true performance.
Explanation: An internal risk assessment should be performed to identify the risk and determine needed controls. A background check should be a standard requirement for the service provider. Audit objectives should be determined from the risk assessment results. Security assessment does not cover the operational risks.
2. Right Answer: D
Explanation: Employees must be continually made aware of the policy and expectations of their behavior. Choice A would have little relevant bearing on the employee's behavior. Choice B does not involve the employees. Choice C could be an aspect of continual reinforcement of the security policy.
3. Right Answer: D
Explanation: Reviewing general security settings on each platform will be the most efficient method for determining password strength while not compromising the integrity of the passwords. Attempting to reset several passwords to weaker values may not highlight certain weaknesses. Installing code to capture passwords for periodic audit, and sampling a subset of users and requesting their passwords for review, would compromise the integrity of the passwords.
4. Right Answer: A
Explanation: External vulnerability sources are going to be the most cost-effective method of identifying these vulnerabilities. The cost involved in choices B and C would be much higher, especially if performed at regular intervals. Honeypots would not identify all vendor vulnerabilities. In addition, honeypots located in the DMZ can create a security risk if the production network is not well protected from traffic from compromised honey pots.
5. Right Answer: C
Explanation: Defining and monitoring security metrics is a good approach to analyze the performance of the security management process since it determines the baseline and evaluates the performance against the baseline to identify an opportunity for improvement. This is a systematic and structured approach to process improvement.Audits will identify deficiencies in established controls; however, they are not effective in evaluating the overall performance for improvement. Penetration testing will only uncover technical vulnerabilities, and cannot provide a holistic picture of information security management, feedback is subjective and not necessarily reflective of true performance.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment