CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 148
1. Which of the following is the FIRST phase in which security should be addressed in the development cycle of a project?
A) Design
B) Implementation
C) Application security testing
D) Feasibility
2. Which of the following is the MOST important consideration when deciding whether to continue outsourcing to a managed security service provider?
A) The business need for the function
B) The cost of the services
C) The vendor's reputation in the industry
D) The ability to meet deliverables
3. Which of the following BEST ensures timely and reliable access to services?
A) Authenticity
B) Recovery time objective
C) Availability
D) Nonrepudiation
4. Which of the following would be MOST effective in ensuring that information security is appropriately addressed in new systems?
A) Internal audit signs off on security prior to implementation
B) Information security staff perform compliance reviews before production begins
C) Information security staff take responsibility for the design of system security
D) Business requirements must include security objectives
5. An information security manager learns that a departmental system is out of compliance with the information security policy's password strength requirements.Which of the following should be the information security manager's FIRST course of action?
A) Submit the issue to the steering committee for escalation
B) Conduct an impact analysis to quantify the associated risk
C) Isolate the non-compliant system from the rest of the network
D) Request risk acceptance from senior management
A) Design
B) Implementation
C) Application security testing
D) Feasibility
2. Which of the following is the MOST important consideration when deciding whether to continue outsourcing to a managed security service provider?
A) The business need for the function
B) The cost of the services
C) The vendor's reputation in the industry
D) The ability to meet deliverables
3. Which of the following BEST ensures timely and reliable access to services?
A) Authenticity
B) Recovery time objective
C) Availability
D) Nonrepudiation
4. Which of the following would be MOST effective in ensuring that information security is appropriately addressed in new systems?
A) Internal audit signs off on security prior to implementation
B) Information security staff perform compliance reviews before production begins
C) Information security staff take responsibility for the design of system security
D) Business requirements must include security objectives
5. An information security manager learns that a departmental system is out of compliance with the information security policy's password strength requirements.Which of the following should be the information security manager's FIRST course of action?
A) Submit the issue to the steering committee for escalation
B) Conduct an impact analysis to quantify the associated risk
C) Isolate the non-compliant system from the rest of the network
D) Request risk acceptance from senior management
1. Right Answer: D
Explanation: Information security should be considered at the earliest possible stage. Security requirements must be defined before you enter into design specification, although changes in design may alter these requirements later on. Security requirements defined during system implementation are typically costly add-ons that are frequently ineffective. Application security testing occurs after security has been implemented.
2. Right Answer: D
Explanation:
3. Right Answer: C
Explanation: Reference https://www.isaca.org/Knowledge-Center/Documents/Glossary/glossary.pdf
4. Right Answer: D
Explanation:
5. Right Answer: C
Explanation:
Explanation: Information security should be considered at the earliest possible stage. Security requirements must be defined before you enter into design specification, although changes in design may alter these requirements later on. Security requirements defined during system implementation are typically costly add-ons that are frequently ineffective. Application security testing occurs after security has been implemented.
2. Right Answer: D
Explanation:
3. Right Answer: C
Explanation: Reference https://www.isaca.org/Knowledge-Center/Documents/Glossary/glossary.pdf
4. Right Answer: D
Explanation:
5. Right Answer: C
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment