CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 195
1. In addition to backup data, which of the following is the MOST important to store offsite in the event of a disaster?
A) Copies of critical contracts and service level agreements (SLAs)
B) Copies of the business continuity plan
C) Key software escrow agreements for the purchased systems
D) List of emergency numbers of service providers
2. An organization has learned of a security breach at another company that utilizes similar technology. The FIRST thing the information security manager should do is:
A) assess the likelihood of incidents from the reported cause.
B) discontinue the use of the vulnerable technology.
C) report to senior management that the organization is not affected.
D) remind staff that no similar security breaches have taken place.
3. Which of the following is the MOST important consideration for an organization interacting with the media during a disaster?
A) Communicating specially drafted messages by an authorized person
B) Refusing to comment until recovery
C) Referring the media to the authorities
D) Reporting the losses and recovery strategy to the media
4. During the security review of organizational servers, it was found that a file server containing confidential human resources (HR) data was accessible to all userIDs. As a FIRST step, the security manager should:
A) copy sample files as evidence.
B) remove access privileges to the folder containing the data.
C) report this situation to the data owner.
D) train the HR team on properly controlling file permissions.
5. If an organization considers taking legal action on a security incident, the information security manager should focus PRIMARILY on:
A) obtaining evidence as soon as possible.
B) preserving the integrity of the evidence.
C) disconnecting all IT equipment involved.
D) reconstructing the sequence of events.
A) Copies of critical contracts and service level agreements (SLAs)
B) Copies of the business continuity plan
C) Key software escrow agreements for the purchased systems
D) List of emergency numbers of service providers
2. An organization has learned of a security breach at another company that utilizes similar technology. The FIRST thing the information security manager should do is:
A) assess the likelihood of incidents from the reported cause.
B) discontinue the use of the vulnerable technology.
C) report to senior management that the organization is not affected.
D) remind staff that no similar security breaches have taken place.
3. Which of the following is the MOST important consideration for an organization interacting with the media during a disaster?
A) Communicating specially drafted messages by an authorized person
B) Refusing to comment until recovery
C) Referring the media to the authorities
D) Reporting the losses and recovery strategy to the media
4. During the security review of organizational servers, it was found that a file server containing confidential human resources (HR) data was accessible to all userIDs. As a FIRST step, the security manager should:
A) copy sample files as evidence.
B) remove access privileges to the folder containing the data.
C) report this situation to the data owner.
D) train the HR team on properly controlling file permissions.
5. If an organization considers taking legal action on a security incident, the information security manager should focus PRIMARILY on:
A) obtaining evidence as soon as possible.
B) preserving the integrity of the evidence.
C) disconnecting all IT equipment involved.
D) reconstructing the sequence of events.
1. Right Answer: B
Explanation: Without a copy of the business continuity plan, recovery efforts would be severely hampered or may not be effective. All other choices would not be as immediately critical as the business continuity plan itself. The business continuity plan would contain a list of the emergency numbers of service providers.
2. Right Answer: A
Explanation: The security manager should first assess the likelihood of a similar incident occurring, based on available information. Discontinuing the use of the vulnerable technology would not necessarily be practical since it would likely be needed to support the business. Reporting to senior management that the organization is not affected due to controls already in place would be premature until the information security manager can first assess the impact of the incident. Until this has been researched, it is not certain that no similar security breaches have taken place.
3. Right Answer: A
Explanation: Proper messages need to be sent quickly through a specific identified person so that there are no rumors or statements made that may damage reputation.Choices B, C and D are not recommended until the message to be communicated is made clear and the spokesperson has already spoken to the media.
4. Right Answer: C
Explanation: The data owner should be notified prior to any action being taken. Copying sample files as evidence is not advisable since it breaches confidentiality requirements on the file. Removing access privileges to the folder containing the data should be done by the data owner or by the security manager in consultation with the data owner, however, this would be done only after formally reporting the incident. Training the human resources (MR) team on properly controlling file permissions is the method to prevent such incidents in the future, but should take place once the incident reporting and investigation activities are completed.
5. Right Answer: B
Explanation: The integrity of evidence should be kept, following the appropriate forensic techniques to obtain the evidence and a chain of custody procedure to maintain the evidence (in order to be accepted in a court of law). All other options are pan of the investigative procedure, but they are not as important as preserving the integrity of the evidence.
Explanation: Without a copy of the business continuity plan, recovery efforts would be severely hampered or may not be effective. All other choices would not be as immediately critical as the business continuity plan itself. The business continuity plan would contain a list of the emergency numbers of service providers.
2. Right Answer: A
Explanation: The security manager should first assess the likelihood of a similar incident occurring, based on available information. Discontinuing the use of the vulnerable technology would not necessarily be practical since it would likely be needed to support the business. Reporting to senior management that the organization is not affected due to controls already in place would be premature until the information security manager can first assess the impact of the incident. Until this has been researched, it is not certain that no similar security breaches have taken place.
3. Right Answer: A
Explanation: Proper messages need to be sent quickly through a specific identified person so that there are no rumors or statements made that may damage reputation.Choices B, C and D are not recommended until the message to be communicated is made clear and the spokesperson has already spoken to the media.
4. Right Answer: C
Explanation: The data owner should be notified prior to any action being taken. Copying sample files as evidence is not advisable since it breaches confidentiality requirements on the file. Removing access privileges to the folder containing the data should be done by the data owner or by the security manager in consultation with the data owner, however, this would be done only after formally reporting the incident. Training the human resources (MR) team on properly controlling file permissions is the method to prevent such incidents in the future, but should take place once the incident reporting and investigation activities are completed.
5. Right Answer: B
Explanation: The integrity of evidence should be kept, following the appropriate forensic techniques to obtain the evidence and a chain of custody procedure to maintain the evidence (in order to be accepted in a court of law). All other options are pan of the investigative procedure, but they are not as important as preserving the integrity of the evidence.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment