CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 86
1. Which of the following is MOST effective in preventing the introduction of a code modification that may reduce the security of a critical business application?
A) Patch management
B) Change management
C) Security metrics
D) Version control
2. An operating system (OS) noncritical patch to enhance system security cannot be applied because a critical application is not compatible with the change. Which of the following is the BEST solution?
A) Rewrite the application to conform to the upgraded operating system
B) Compensate for not installing the patch with mitigating controls
C) Alter the patch to allow the application to run in a privileged state
D) Run the application on a test platform; tune production to allow patch and application
3. Which of the following is MOST important to the success of an information security program?
A) Security' awareness training
B) Achievable goals and objectives
C) Senior management sponsorship
D) Adequate start-up budget and staffing
4. Which of the following is MOST important for a successful information security program?
A) Adequate training on emerging security technologies
B) Open communication with key process owners
C) Adequate policies, standards and procedures
D) Executive management commitment
5. Which of the following is the MOST effective solution for preventing individuals external to the organization from modifying sensitive information on a corporate database?
A) Screened subnets
B) Information classification policies and procedures
C) Role-based access controls
D) Intrusion detection system (IDS)
A) Patch management
B) Change management
C) Security metrics
D) Version control
2. An operating system (OS) noncritical patch to enhance system security cannot be applied because a critical application is not compatible with the change. Which of the following is the BEST solution?
A) Rewrite the application to conform to the upgraded operating system
B) Compensate for not installing the patch with mitigating controls
C) Alter the patch to allow the application to run in a privileged state
D) Run the application on a test platform; tune production to allow patch and application
3. Which of the following is MOST important to the success of an information security program?
A) Security' awareness training
B) Achievable goals and objectives
C) Senior management sponsorship
D) Adequate start-up budget and staffing
4. Which of the following is MOST important for a successful information security program?
A) Adequate training on emerging security technologies
B) Open communication with key process owners
C) Adequate policies, standards and procedures
D) Executive management commitment
5. Which of the following is the MOST effective solution for preventing individuals external to the organization from modifying sensitive information on a corporate database?
A) Screened subnets
B) Information classification policies and procedures
C) Role-based access controls
D) Intrusion detection system (IDS)
1. Right Answer: B
Explanation: Change management controls the process of introducing changes to systems. Failure to have good change management may introduce new weaknesses into otherwise secure systems. Patch management corrects discovered weaknesses by applying a correction to the original program code. Security metrics provide a means for measuring effectiveness. Version control is a subset of change management.
2. Right Answer: B
Explanation: Since the operating system (OS) patch will adversely impact a critical application, a mitigating control should be identified that will provide an equivalent level of security. Since the application is critical, the patch should not be applied without regard for the application; business requirements must be considered. Altering theOS patch to allow the application to run in a privileged state may create new security weaknesses. Finally, running a production application on a test platform is not an acceptable alternative since it will mean running a critical production application on a platform not subject to the same level of security controls.
3. Right Answer: C
Explanation: Sufficient senior management support is the most important factor for the success of an information security program. Security awareness training, although important, is secondary. Achievable goals and objectives as well as having adequate budgeting and staffing are important factors, but they will not ensure success if senior management support is not present.
4. Right Answer: D
Explanation: Sufficient executive management support is the most important factor for the success of an information security program. Open communication, adequate training, and good policies and procedures, while important, are not as important as support from top management; they will not ensure success if senior management support is not present.
5. Right Answer: A
Explanation: Screened subnets are demilitarized zones (DMZs) and are oriented toward preventing attacks on an internal network by external users. The policies and procedures to classify information will ultimately result in better protection but they will not prevent actual modification. Role-based access controls would help ensure that users only had access to files and systems appropriate for their job role. Intrusion detection systems (IDS) are useful to detect invalid attempts but they will not prevent attempts.
Explanation: Change management controls the process of introducing changes to systems. Failure to have good change management may introduce new weaknesses into otherwise secure systems. Patch management corrects discovered weaknesses by applying a correction to the original program code. Security metrics provide a means for measuring effectiveness. Version control is a subset of change management.
2. Right Answer: B
Explanation: Since the operating system (OS) patch will adversely impact a critical application, a mitigating control should be identified that will provide an equivalent level of security. Since the application is critical, the patch should not be applied without regard for the application; business requirements must be considered. Altering theOS patch to allow the application to run in a privileged state may create new security weaknesses. Finally, running a production application on a test platform is not an acceptable alternative since it will mean running a critical production application on a platform not subject to the same level of security controls.
3. Right Answer: C
Explanation: Sufficient senior management support is the most important factor for the success of an information security program. Security awareness training, although important, is secondary. Achievable goals and objectives as well as having adequate budgeting and staffing are important factors, but they will not ensure success if senior management support is not present.
4. Right Answer: D
Explanation: Sufficient executive management support is the most important factor for the success of an information security program. Open communication, adequate training, and good policies and procedures, while important, are not as important as support from top management; they will not ensure success if senior management support is not present.
5. Right Answer: A
Explanation: Screened subnets are demilitarized zones (DMZs) and are oriented toward preventing attacks on an internal network by external users. The policies and procedures to classify information will ultimately result in better protection but they will not prevent actual modification. Role-based access controls would help ensure that users only had access to files and systems appropriate for their job role. Intrusion detection systems (IDS) are useful to detect invalid attempts but they will not prevent attempts.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment