CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 54
1. Attackers who exploit cross-site scripting vulnerabilities take advantage of:
A) a lack of proper input validation controls.
B) weak authentication controls in the web application layer.
C) flawed cryptographic secure sockets layer (SSL) implementations and short key lengths.
D) implicit web application trust relationships.
2. Which of the following would BEST address the risk of data leakage?
A) File backup procedures
B) Database integrity checks
C) Acceptable use policies
D) Incident response procedures
3. A company recently developed a breakthrough technology. Since this technology could give this company a significant competitive edge, which of the following would FIRST govern how this information is to be protected?
A) Access control policy
B) Data classification policy
C) Encryption standards
D) Acceptable use policy
4. What is the BEST technique to determine which security controls to implement with a limited budget?
A) Risk analysis
B) Annualized loss expectancy (ALE) calculations
C) Cost-benefit analysis
D) Impact analysis
5. A company's mail server allows anonymous file transfer protocol (FTP) access which could be exploited. What process should the information security manager deploy to determine the necessity for remedial action?
A) A penetration test
B) A security baseline review
C) A risk assessment
D) A business impact analysis (BIA)
A) a lack of proper input validation controls.
B) weak authentication controls in the web application layer.
C) flawed cryptographic secure sockets layer (SSL) implementations and short key lengths.
D) implicit web application trust relationships.
2. Which of the following would BEST address the risk of data leakage?
A) File backup procedures
B) Database integrity checks
C) Acceptable use policies
D) Incident response procedures
3. A company recently developed a breakthrough technology. Since this technology could give this company a significant competitive edge, which of the following would FIRST govern how this information is to be protected?
A) Access control policy
B) Data classification policy
C) Encryption standards
D) Acceptable use policy
4. What is the BEST technique to determine which security controls to implement with a limited budget?
A) Risk analysis
B) Annualized loss expectancy (ALE) calculations
C) Cost-benefit analysis
D) Impact analysis
5. A company's mail server allows anonymous file transfer protocol (FTP) access which could be exploited. What process should the information security manager deploy to determine the necessity for remedial action?
A) A penetration test
B) A security baseline review
C) A risk assessment
D) A business impact analysis (BIA)
1. Right Answer: A
Explanation: Cross-site scripting attacks inject malformed input. Attackers who exploit weak application authentication controls can gain unauthorized access to applications and this has little to do with cross-site scripting vulnerabilities. Attackers who exploit flawed cryptographic secure sockets layer (SSI.) implementations and short key lengths can sniff network traffic and crack keys to gain unauthorized access to information. This has little to do with cross-site scripting vulnerabilities. Web application trust relationships do not relate directly to the attack.
2. Right Answer: C
Explanation: Acceptable use policies are the best measure for preventing the unauthorized disclosure of confidential information. The other choices do not address confidentiality of information.
3. Right Answer: B
Explanation: Data classification policies define the level of protection to be provided for each category of data. Without this mandated ranking of degree of protection, it is difficult to determine what access controls or levels of encryption should be in place. An acceptable use policy is oriented more toward the end user and, therefore, would not specifically address what controls should be in place to adequately protect information.
4. Right Answer: C
Explanation: Cost-benefit analysis is performed to ensure that the cost of a safeguard does not outweigh its benefit and that the best safeguard is provided for the cost of implementation. Risk analysis identifies the risks and suggests appropriate mitigation. The annualized loss expectancy (ALE) is a subset of a cost-benefit analysis.Impact analysis would indicate how much could be lost if a specific threat occurred.
5. Right Answer: C
Explanation: A risk assessment will identify- the business impact of such vulnerability being exploited and is, thus, the correct process. A penetration test or a security baseline review may identify the vulnerability but not the remedy. A business impact analysis (BIA) will more likely identify the impact of the loss of the mail server.
Explanation: Cross-site scripting attacks inject malformed input. Attackers who exploit weak application authentication controls can gain unauthorized access to applications and this has little to do with cross-site scripting vulnerabilities. Attackers who exploit flawed cryptographic secure sockets layer (SSI.) implementations and short key lengths can sniff network traffic and crack keys to gain unauthorized access to information. This has little to do with cross-site scripting vulnerabilities. Web application trust relationships do not relate directly to the attack.
2. Right Answer: C
Explanation: Acceptable use policies are the best measure for preventing the unauthorized disclosure of confidential information. The other choices do not address confidentiality of information.
3. Right Answer: B
Explanation: Data classification policies define the level of protection to be provided for each category of data. Without this mandated ranking of degree of protection, it is difficult to determine what access controls or levels of encryption should be in place. An acceptable use policy is oriented more toward the end user and, therefore, would not specifically address what controls should be in place to adequately protect information.
4. Right Answer: C
Explanation: Cost-benefit analysis is performed to ensure that the cost of a safeguard does not outweigh its benefit and that the best safeguard is provided for the cost of implementation. Risk analysis identifies the risks and suggests appropriate mitigation. The annualized loss expectancy (ALE) is a subset of a cost-benefit analysis.Impact analysis would indicate how much could be lost if a specific threat occurred.
5. Right Answer: C
Explanation: A risk assessment will identify- the business impact of such vulnerability being exploited and is, thus, the correct process. A penetration test or a security baseline review may identify the vulnerability but not the remedy. A business impact analysis (BIA) will more likely identify the impact of the loss of the mail server.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment