CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 88
1. Secure customer use of an e-commerce application can BEST be accomplished through:
A) data encryption.
B) digital signatures.
C) strong passwords.
D) two-factor authentication.
2. What is the BEST defense against a Structured Query Language (SQL) injection attack?
A) Regularly updated signature files
B) A properly configured firewall
C) An intrusion detection system
D) Strict controls on input fields
3. Which of the following is the MOST important consideration when implementing an intrusion detection system (IDS)?
A) Tuning
B) Patching
C) Encryption
D) Packet filtering
4. Which of the following is the MOST important consideration when securing customer credit card data acquired by a point-of-sale (POS) cash register?
A) Authentication
B) Hardening
C) Encryption
D) Nonrepudiation
5. Which of the following practices is BEST to remove system access for contractors and other temporary users when it is no longer required?
A) Log all account usage and send it to their manager
B) Establish predetermined automatic expiration dates
C) Require managers to e-mail security when the user leaves
D) Ensure each individual has signed a security acknowledgement
A) data encryption.
B) digital signatures.
C) strong passwords.
D) two-factor authentication.
2. What is the BEST defense against a Structured Query Language (SQL) injection attack?
A) Regularly updated signature files
B) A properly configured firewall
C) An intrusion detection system
D) Strict controls on input fields
3. Which of the following is the MOST important consideration when implementing an intrusion detection system (IDS)?
A) Tuning
B) Patching
C) Encryption
D) Packet filtering
4. Which of the following is the MOST important consideration when securing customer credit card data acquired by a point-of-sale (POS) cash register?
A) Authentication
B) Hardening
C) Encryption
D) Nonrepudiation
5. Which of the following practices is BEST to remove system access for contractors and other temporary users when it is no longer required?
A) Log all account usage and send it to their manager
B) Establish predetermined automatic expiration dates
C) Require managers to e-mail security when the user leaves
D) Ensure each individual has signed a security acknowledgement
1. Right Answer: A
Explanation: Encryption would be the preferred method of ensuring confidentiality in customer communications with an e-commerce application. Strong passwords, by themselves, would not be sufficient since the data could still be intercepted, while two-factor authentication would be impractical. Digital signatures would not provide a secure means of communication. In most business-to-customer (B-to-C) web applications, a digital signature is also not a practical solution.
2. Right Answer: D
Explanation: Structured Query Language (SQL) injection involves the typing of programming command statements within a data entry field on a web page, usually with the intent of fooling the application into thinking that a valid password has been entered in the password entry field. The best defense against such an attack is to have strict edits on what can be typed into a data input field so that programming commands will be rejected. Code reviews should also be conducted to ensure that such edits are in place and that there are no inherent weaknesses in the way the code is written; software is available to test for such weaknesses. All other choices would fail to prevent such an attack.
3. Right Answer: A
Explanation: If an intrusion detection system (IDS) is not properly tuned it will generate an unacceptable number of false positives and/or fail to sound an alarm when an actual attack is underway. Patching is more related to operating system hardening, while encryption and packet filtering would not be as relevant.
4. Right Answer: C
Explanation: Cardholder data should be encrypted using strong encryption techniques. Hardening would be secondary in importance, while nonrepudiation would not be as relevant. Authentication of the point-of-sale (POS) terminal is a previous step to acquiring the card information.
5. Right Answer: B
Explanation: Predetermined expiration dates are the most effective means of removing systems access for temporary users. Reliance on managers to promptly send in termination notices cannot always be counted on, while requiring each individual to sign a security acknowledgement would have little effect in this case.
Explanation: Encryption would be the preferred method of ensuring confidentiality in customer communications with an e-commerce application. Strong passwords, by themselves, would not be sufficient since the data could still be intercepted, while two-factor authentication would be impractical. Digital signatures would not provide a secure means of communication. In most business-to-customer (B-to-C) web applications, a digital signature is also not a practical solution.
2. Right Answer: D
Explanation: Structured Query Language (SQL) injection involves the typing of programming command statements within a data entry field on a web page, usually with the intent of fooling the application into thinking that a valid password has been entered in the password entry field. The best defense against such an attack is to have strict edits on what can be typed into a data input field so that programming commands will be rejected. Code reviews should also be conducted to ensure that such edits are in place and that there are no inherent weaknesses in the way the code is written; software is available to test for such weaknesses. All other choices would fail to prevent such an attack.
3. Right Answer: A
Explanation: If an intrusion detection system (IDS) is not properly tuned it will generate an unacceptable number of false positives and/or fail to sound an alarm when an actual attack is underway. Patching is more related to operating system hardening, while encryption and packet filtering would not be as relevant.
4. Right Answer: C
Explanation: Cardholder data should be encrypted using strong encryption techniques. Hardening would be secondary in importance, while nonrepudiation would not be as relevant. Authentication of the point-of-sale (POS) terminal is a previous step to acquiring the card information.
5. Right Answer: B
Explanation: Predetermined expiration dates are the most effective means of removing systems access for temporary users. Reliance on managers to promptly send in termination notices cannot always be counted on, while requiring each individual to sign a security acknowledgement would have little effect in this case.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment