CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 49
1. When performing an information risk analysis, an information security manager should FIRST:
A) establish the ownership of assets.
B) evaluate the risks to the assets.
C) take an asset inventory.
D) categorize the assets.
2. The PRIMARY benefit of performing an information asset classification is to:
A) link security requirements to business objectives.
B) identify controls commensurate to risk.
C) define access rights.
D) establish ownership.
3. Which of the following is MOST essential for a risk management program to be effective?
A) Flexible security budget
B) Sound risk baseline
C) New risks detection
D) Accurate risk reporting
4. Which of the following attacks is BEST mitigated by utilizing strong passwords?
A) Man-in-the-middle attack
B) Brute force attack
C) Remote buffer overflow
D) Root kit
5. Phishing is BEST mitigated by which of the following?
A) Security monitoring software
B) Encryption
C) Two-factor authentication
D) User awareness
A) establish the ownership of assets.
B) evaluate the risks to the assets.
C) take an asset inventory.
D) categorize the assets.
2. The PRIMARY benefit of performing an information asset classification is to:
A) link security requirements to business objectives.
B) identify controls commensurate to risk.
C) define access rights.
D) establish ownership.
3. Which of the following is MOST essential for a risk management program to be effective?
A) Flexible security budget
B) Sound risk baseline
C) New risks detection
D) Accurate risk reporting
4. Which of the following attacks is BEST mitigated by utilizing strong passwords?
A) Man-in-the-middle attack
B) Brute force attack
C) Remote buffer overflow
D) Root kit
5. Phishing is BEST mitigated by which of the following?
A) Security monitoring software
B) Encryption
C) Two-factor authentication
D) User awareness
1. Right Answer: C
Explanation: Assets must be inventoried before any of the other choices can be performed.
2. Right Answer: B
Explanation: All choices are benefits of information classification. However, identifying controls that are proportional to the risk in all cases is the primary benefit of the process.
3. Right Answer: C
Explanation: All of these procedures are essential for implementing risk management. However, without identifying new risks, other procedures will only be useful for a limited period.
4. Right Answer: B
Explanation: A brute force attack is normally successful against weak passwords, whereas strong passwords would not prevent any of the other attacks. Man-in-the-middle attacks intercept network traffic, which could contain passwords, but is not naturally password-protected. Remote buffer overflows rarely require a password to exploit a remote host. Root kits hook into the operating system's kernel and, therefore, operate underneath any authentication mechanism.
5. Right Answer: D
Explanation: Phishing can best be detected by the user. It can be mitigated by appropriate user awareness. Security monitoring software would provide some protection, but would not be as effective as user awareness. Encryption and two-factor authentication would not mitigate this threat.
Explanation: Assets must be inventoried before any of the other choices can be performed.
2. Right Answer: B
Explanation: All choices are benefits of information classification. However, identifying controls that are proportional to the risk in all cases is the primary benefit of the process.
3. Right Answer: C
Explanation: All of these procedures are essential for implementing risk management. However, without identifying new risks, other procedures will only be useful for a limited period.
4. Right Answer: B
Explanation: A brute force attack is normally successful against weak passwords, whereas strong passwords would not prevent any of the other attacks. Man-in-the-middle attacks intercept network traffic, which could contain passwords, but is not naturally password-protected. Remote buffer overflows rarely require a password to exploit a remote host. Root kits hook into the operating system's kernel and, therefore, operate underneath any authentication mechanism.
5. Right Answer: D
Explanation: Phishing can best be detected by the user. It can be mitigated by appropriate user awareness. Security monitoring software would provide some protection, but would not be as effective as user awareness. Encryption and two-factor authentication would not mitigate this threat.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment