CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 184
1. Which of the following is the MOST important element to ensure the success of a disaster recovery test at a vendor-provided hot site?
A) Tests are scheduled on weekends
B) Network IP addresses are predefined
C) Equipment at the hot site is identical
D) Business management actively participates
2. At the conclusion of a disaster recovery test, which of the following should ALWAYS be performed prior to leaving the vendor's hot site facility?
A) Erase data and software from devices
B) Conduct a meeting to evaluate the test
C) Complete an assessment of the hot site provider
D) Evaluate the results from all test scripts
3. An incident response policy must contain:
A) updated call trees.
B) escalation criteria.
C) press release templates.
D) critical backup files inventory.
4. The BEST approach in managing a security incident involving a successful penetration should be to:
A) allow business processes to continue during the response.
B) allow the security team to assess the attack profile.
C) permit the incident to continue to trace the source.
D) examine the incident response process for deficiencies.
5. A post-incident review should be conducted by an incident management team to determine:
A) relevant electronic evidence.
B) lessons learned.
C) hacker's identity.
D) areas affected.
A) Tests are scheduled on weekends
B) Network IP addresses are predefined
C) Equipment at the hot site is identical
D) Business management actively participates
2. At the conclusion of a disaster recovery test, which of the following should ALWAYS be performed prior to leaving the vendor's hot site facility?
A) Erase data and software from devices
B) Conduct a meeting to evaluate the test
C) Complete an assessment of the hot site provider
D) Evaluate the results from all test scripts
3. An incident response policy must contain:
A) updated call trees.
B) escalation criteria.
C) press release templates.
D) critical backup files inventory.
4. The BEST approach in managing a security incident involving a successful penetration should be to:
A) allow business processes to continue during the response.
B) allow the security team to assess the attack profile.
C) permit the incident to continue to trace the source.
D) examine the incident response process for deficiencies.
5. A post-incident review should be conducted by an incident management team to determine:
A) relevant electronic evidence.
B) lessons learned.
C) hacker's identity.
D) areas affected.
1. Right Answer: D
Explanation: Disaster recovery testing requires the allocation of sufficient resources to be successful. Without the support of management, these resources will not be available, and testing will suffer as a result. Testing on weekends can be advantageous but this is not the most important choice. As vendor-provided hot sites are in a state of constant change, it is not always possible to have network addresses defined in advance. Although it would be ideal to provide for identical equipment at the hot site, this is not always practical as multiple customers must be served and equipment specifications will therefore vary.
2. Right Answer: A
Explanation: For security and privacy reasons, all organizational data and software should be erased prior to departure. Evaluations can occur back at the office after everyone is rested, and the overall results can be discussed and compared objectively.
3. Right Answer: B
Explanation: Escalation criteria, indicating the circumstances under which specific actions are to be undertaken, should be contained within an incident response policy.Telephone trees, press release templates and lists of critical backup files are too detailed to be included in a policy document.
4. Right Answer: A
Explanation: Since information security objectives should always be linked to the objectives of the business, it is imperative that business processes be allowed to continue whenever possible. Only when there is no alternative should these processes be interrupted. Although it is important to allow the security team to assess the characteristics of an attack, this is subordinate to the needs of the business. Permitting an incident to continue may expose the organization to additional damage.Evaluating the incident management process for deficiencies is valuable but it, too. is subordinate to allowing business processes to continue.
5. Right Answer: B
Explanation: Post-incident reviews are beneficial in determining ways to improve the response process through lessons learned from the attack. Evaluating the relevance of evidence, who launched the attack or what areas were affected are not the primary purposes for such a meeting because these should have been already established during the response to the incident.
Explanation: Disaster recovery testing requires the allocation of sufficient resources to be successful. Without the support of management, these resources will not be available, and testing will suffer as a result. Testing on weekends can be advantageous but this is not the most important choice. As vendor-provided hot sites are in a state of constant change, it is not always possible to have network addresses defined in advance. Although it would be ideal to provide for identical equipment at the hot site, this is not always practical as multiple customers must be served and equipment specifications will therefore vary.
2. Right Answer: A
Explanation: For security and privacy reasons, all organizational data and software should be erased prior to departure. Evaluations can occur back at the office after everyone is rested, and the overall results can be discussed and compared objectively.
3. Right Answer: B
Explanation: Escalation criteria, indicating the circumstances under which specific actions are to be undertaken, should be contained within an incident response policy.Telephone trees, press release templates and lists of critical backup files are too detailed to be included in a policy document.
4. Right Answer: A
Explanation: Since information security objectives should always be linked to the objectives of the business, it is imperative that business processes be allowed to continue whenever possible. Only when there is no alternative should these processes be interrupted. Although it is important to allow the security team to assess the characteristics of an attack, this is subordinate to the needs of the business. Permitting an incident to continue may expose the organization to additional damage.Evaluating the incident management process for deficiencies is valuable but it, too. is subordinate to allowing business processes to continue.
5. Right Answer: B
Explanation: Post-incident reviews are beneficial in determining ways to improve the response process through lessons learned from the attack. Evaluating the relevance of evidence, who launched the attack or what areas were affected are not the primary purposes for such a meeting because these should have been already established during the response to the incident.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment