CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 82
1. Which of the following is MOST effective in preventing security weaknesses in operating systems?
A) Patch management
B) Change management
C) Security baselines
D) Configuration management
2. When a proposed system change violates an existing security standard, the conflict would be BEST resolved by:
A) calculating the residual risk.
B) enforcing the security standard.
C) redesigning the system change.
D) implementing mitigating controls.
3. Who can BEST approve plans to implement an information security governance framework?
A) Internal auditor
B) Information security management
C) Steering committee
D) Infrastructure management
4. Which of the following is the MOST effective solution for preventing internal users from modifying sensitive and classified information?
A) Baseline security standards
B) System access violation logs
C) Role-based access controls
D) Exit routines
5. Which of the following is generally used to ensure that information transmitted over the Internet is authentic and actually transmitted by the named sender?
A) Biometric authentication
B) Embedded steganographic
C) Two-factor authentication
D) Embedded digital signature
A) Patch management
B) Change management
C) Security baselines
D) Configuration management
2. When a proposed system change violates an existing security standard, the conflict would be BEST resolved by:
A) calculating the residual risk.
B) enforcing the security standard.
C) redesigning the system change.
D) implementing mitigating controls.
3. Who can BEST approve plans to implement an information security governance framework?
A) Internal auditor
B) Information security management
C) Steering committee
D) Infrastructure management
4. Which of the following is the MOST effective solution for preventing internal users from modifying sensitive and classified information?
A) Baseline security standards
B) System access violation logs
C) Role-based access controls
D) Exit routines
5. Which of the following is generally used to ensure that information transmitted over the Internet is authentic and actually transmitted by the named sender?
A) Biometric authentication
B) Embedded steganographic
C) Two-factor authentication
D) Embedded digital signature
1. Right Answer: A
Explanation: Patch management corrects discovered weaknesses by applying a correction (a patch) to the original program code. Change management controls the process of introducing changes to systems. Security baselines provide minimum recommended settings. Configuration management controls the updates to the production environment.
2. Right Answer: D
Explanation:
3. Right Answer: C
Explanation: Senior management that is part of the security steering committee is in the best position to approve plans to implement an information security governance framework. An internal auditor is secondary' to the authority and influence of senior management. Information security management should not have the authority to approve the security governance framework. Infrastructure management will not be in the best position since it focuses more on the technologies than on the business.
4. Right Answer: C
Explanation: Role-based access controls help ensure that users only have access to files and systems appropriate for their job role. Violation logs are detective and do not prevent unauthorized access. Baseline security standards do not prevent unauthorized access. Exit routines are dependent upon appropriate role-based access.
5. Right Answer: D
Explanation: Digital signatures ensure that transmitted information can be attributed to the named sender; this provides nonrepudiation. Steganographic techniques are used to hide messages or data within other files. Biometric and two-factor authentication is not generally used to protect internet data transmissions.
Explanation: Patch management corrects discovered weaknesses by applying a correction (a patch) to the original program code. Change management controls the process of introducing changes to systems. Security baselines provide minimum recommended settings. Configuration management controls the updates to the production environment.
2. Right Answer: D
Explanation:
3. Right Answer: C
Explanation: Senior management that is part of the security steering committee is in the best position to approve plans to implement an information security governance framework. An internal auditor is secondary' to the authority and influence of senior management. Information security management should not have the authority to approve the security governance framework. Infrastructure management will not be in the best position since it focuses more on the technologies than on the business.
4. Right Answer: C
Explanation: Role-based access controls help ensure that users only have access to files and systems appropriate for their job role. Violation logs are detective and do not prevent unauthorized access. Baseline security standards do not prevent unauthorized access. Exit routines are dependent upon appropriate role-based access.
5. Right Answer: D
Explanation: Digital signatures ensure that transmitted information can be attributed to the named sender; this provides nonrepudiation. Steganographic techniques are used to hide messages or data within other files. Biometric and two-factor authentication is not generally used to protect internet data transmissions.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment