CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 81
1. Which of the following is the BEST method for ensuring that security procedures and guidelines are known and understood?
A) Periodic focus group meetings
B) Periodic compliance reviews
C) Computer-based certification training (CBT)
D) Employee's signed acknowledgement
2. When contracting with an outsourcer to provide security administration, the MOST important contractual element is the:
A) right-to-terminate clause.
B) limitations of liability.
C) service level agreement (SLA).
D) financial penalties clause.
3. Which of the following is the BEST metric for evaluating the effectiveness of an intrusion detection mechanism?
A) Number of attacks detected
B) Number of successful attacks
C) Ratio of false positives to false negatives
D) Ratio of successful to unsuccessful attacks
4. Which of the following is MOST effective in preventing weaknesses from being introduced into existing production systems?
A) Patch management
B) Change management
C) Security baselines
D) Virus detection
5. Which of the following tools is MOST appropriate for determining how long a security project will take to implement?
A) Gantt chart
B) Waterfall chart
C) Critical path
D) Rapid Application Development (RAD)
A) Periodic focus group meetings
B) Periodic compliance reviews
C) Computer-based certification training (CBT)
D) Employee's signed acknowledgement
2. When contracting with an outsourcer to provide security administration, the MOST important contractual element is the:
A) right-to-terminate clause.
B) limitations of liability.
C) service level agreement (SLA).
D) financial penalties clause.
3. Which of the following is the BEST metric for evaluating the effectiveness of an intrusion detection mechanism?
A) Number of attacks detected
B) Number of successful attacks
C) Ratio of false positives to false negatives
D) Ratio of successful to unsuccessful attacks
4. Which of the following is MOST effective in preventing weaknesses from being introduced into existing production systems?
A) Patch management
B) Change management
C) Security baselines
D) Virus detection
5. Which of the following tools is MOST appropriate for determining how long a security project will take to implement?
A) Gantt chart
B) Waterfall chart
C) Critical path
D) Rapid Application Development (RAD)
1. Right Answer: C
Explanation: Using computer-based training (CBT) presentations with end-of-section reviews provides feedback on how well users understand what has been presented.Periodic compliance reviews are a good tool to identify problem areas but do not ensure that procedures are known or understood. Focus groups may or may not provide meaningful detail. Although a signed employee acknowledgement is good, it does not indicate whether the material has been read and/or understood.
2. Right Answer: C
Explanation: Service level agreements (SLAs) provide metrics to which outsourcing firms can be held accountable. This is more important than a limitation on the outsourcing firm's liability, a right-to-terminate clause or a hold- harmless agreement which involves liabilities to third parties.
3. Right Answer: C
Explanation: The ratio of false positives to false negatives will indicate whether an intrusion detection system (IDS) is properly tuned to minimize the number of false alarms while, at the same time, minimizing the number of omissions. The number of attacks detected, successful attacks or the ratio of successful to unsuccessful attacks would not indicate whether the IDS is properly configured.
4. Right Answer: B
Explanation: Change management controls the process of introducing changes to systems. This is often the point at which a weakness will be introduced. Patch management involves the correction of software weaknesses and would necessarily follow change management procedures. Security baselines provide minimum recommended settings and do not prevent introduction of control weaknesses. Virus detection is an effective tool but primarily focuses on malicious code from external sources, and only for those applications that are online.
5. Right Answer: C
Explanation: The critical path method is most effective for determining how long a project will take. A waterfall chart is used to understand the flow of one process into another.A Gantt chart facilitates the proper estimation and allocation of resources. The Rapid Application Development (RAD) method is used as an aid to facilitate and expedite systems development.
Explanation: Using computer-based training (CBT) presentations with end-of-section reviews provides feedback on how well users understand what has been presented.Periodic compliance reviews are a good tool to identify problem areas but do not ensure that procedures are known or understood. Focus groups may or may not provide meaningful detail. Although a signed employee acknowledgement is good, it does not indicate whether the material has been read and/or understood.
2. Right Answer: C
Explanation: Service level agreements (SLAs) provide metrics to which outsourcing firms can be held accountable. This is more important than a limitation on the outsourcing firm's liability, a right-to-terminate clause or a hold- harmless agreement which involves liabilities to third parties.
3. Right Answer: C
Explanation: The ratio of false positives to false negatives will indicate whether an intrusion detection system (IDS) is properly tuned to minimize the number of false alarms while, at the same time, minimizing the number of omissions. The number of attacks detected, successful attacks or the ratio of successful to unsuccessful attacks would not indicate whether the IDS is properly configured.
4. Right Answer: B
Explanation: Change management controls the process of introducing changes to systems. This is often the point at which a weakness will be introduced. Patch management involves the correction of software weaknesses and would necessarily follow change management procedures. Security baselines provide minimum recommended settings and do not prevent introduction of control weaknesses. Virus detection is an effective tool but primarily focuses on malicious code from external sources, and only for those applications that are online.
5. Right Answer: C
Explanation: The critical path method is most effective for determining how long a project will take. A waterfall chart is used to understand the flow of one process into another.A Gantt chart facilitates the proper estimation and allocation of resources. The Rapid Application Development (RAD) method is used as an aid to facilitate and expedite systems development.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment