CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 85
1. Which of the following is the MOST important item to include when developing web hosting agreements with third-party providers?
A) Termination conditions
B) Liability limits
C) Service levels
D) Privacy restrictions
2. The BEST metric for evaluating the effectiveness of a firewall is the:
A) number of attacks blocked.
B) number of packets dropped.
C) average throughput rate.
D) number of firewall rules.
3. Which of the following ensures that newly identified security weaknesses in an operating system are mitigated in a timely fashion?
A) Patch management
B) Change management
C) Security baselines
D) Acquisition management
4. The MAIN advantage of implementing automated password synchronization is that it:
A) reduces overall administrative workload.
B) increases security between multi-tier systems.
C) allows passwords to be changed less frequently.
D) reduces the need for two-factor authentication.
5. Which of the following tools is MOST appropriate to assess whether information security governance objectives are being met?
A) SWOT analysis
B) Waterfall chart
C) Gap analysis
D) Balanced scorecard
A) Termination conditions
B) Liability limits
C) Service levels
D) Privacy restrictions
2. The BEST metric for evaluating the effectiveness of a firewall is the:
A) number of attacks blocked.
B) number of packets dropped.
C) average throughput rate.
D) number of firewall rules.
3. Which of the following ensures that newly identified security weaknesses in an operating system are mitigated in a timely fashion?
A) Patch management
B) Change management
C) Security baselines
D) Acquisition management
4. The MAIN advantage of implementing automated password synchronization is that it:
A) reduces overall administrative workload.
B) increases security between multi-tier systems.
C) allows passwords to be changed less frequently.
D) reduces the need for two-factor authentication.
5. Which of the following tools is MOST appropriate to assess whether information security governance objectives are being met?
A) SWOT analysis
B) Waterfall chart
C) Gap analysis
D) Balanced scorecard
1. Right Answer: C
Explanation: Service levels are key to holding third parties accountable for adequate delivery of services. This is more important than termination conditions, privacy restrictions or liability limitations.
2. Right Answer: A
Explanation: The number of attacks blocked indicates whether a firewall is performing as intended. The number of packets dropped does not necessarily indicate the level of effectiveness. The number of firewall rules and the average throughput rate are not effective measurements.
3. Right Answer: A
Explanation: Patch management involves the correction of software weaknesses and helps ensure that newly identified exploits are mitigated in a timely fashion. Change management controls the process of introducing changes to systems. Security baselines provide minimum recommended settings. Acquisition management controls the purchasing process.
4. Right Answer: A
Explanation: Automated password synchronization reduces the overall administrative workload of resetting passwords. It does not increase security between multi-tier systems, allow passwords to be changed less frequently or reduce the need for two-factor authentication.
5. Right Answer: D
Explanation: The balanced scorecard is most effective for evaluating the degree to which information security objectives are being met. A SWOT analysis addresses strengths, weaknesses, opportunities and threats. Although useful, a SWOT analysis is not as effective a tool. Similarly, a gap analysis, while useful for identifying the difference between the current state and the desired future state, is not the most appropriate tool. A waterfall chart is used to understand the flow of one process into another.
Explanation: Service levels are key to holding third parties accountable for adequate delivery of services. This is more important than termination conditions, privacy restrictions or liability limitations.
2. Right Answer: A
Explanation: The number of attacks blocked indicates whether a firewall is performing as intended. The number of packets dropped does not necessarily indicate the level of effectiveness. The number of firewall rules and the average throughput rate are not effective measurements.
3. Right Answer: A
Explanation: Patch management involves the correction of software weaknesses and helps ensure that newly identified exploits are mitigated in a timely fashion. Change management controls the process of introducing changes to systems. Security baselines provide minimum recommended settings. Acquisition management controls the purchasing process.
4. Right Answer: A
Explanation: Automated password synchronization reduces the overall administrative workload of resetting passwords. It does not increase security between multi-tier systems, allow passwords to be changed less frequently or reduce the need for two-factor authentication.
5. Right Answer: D
Explanation: The balanced scorecard is most effective for evaluating the degree to which information security objectives are being met. A SWOT analysis addresses strengths, weaknesses, opportunities and threats. Although useful, a SWOT analysis is not as effective a tool. Similarly, a gap analysis, while useful for identifying the difference between the current state and the desired future state, is not the most appropriate tool. A waterfall chart is used to understand the flow of one process into another.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment