CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 89
1. Primary direction on the impact of compliance with new regulatory requirements that may lead to major application system changes should be obtained from the:
A) corporate internal auditor.
B) System developers/analysts.
C) key business process owners.
D) corporate legal counsel.
2. Which of the following is the MOST important item to consider when evaluating products to monitor security across the enterprise?
A) Ease of installation
B) Product documentation
C) Available support
D) System overhead
3. Which of the following is the MOST important guideline when using software to scan for security exposures within a corporate network?
A) Never use open source tools
B) Focus only on production servers
C) Follow a linear process for attacks
D) Do not interrupt production processes
4. Which of the following BEST ensures that modifications made to in-house developed business applications do not introduce new security exposures?
A) Stress testing
B) Patch management
C) Change management
D) Security baselines
5. The advantage of Virtual Private Network (VPN) tunneling for remote users is that it:
A) helps ensure that communications are secure.
B) increases security between multi-tier systems.
C) allows passwords to be changed less frequently.
D) eliminates the need for secondary authentication.
A) corporate internal auditor.
B) System developers/analysts.
C) key business process owners.
D) corporate legal counsel.
2. Which of the following is the MOST important item to consider when evaluating products to monitor security across the enterprise?
A) Ease of installation
B) Product documentation
C) Available support
D) System overhead
3. Which of the following is the MOST important guideline when using software to scan for security exposures within a corporate network?
A) Never use open source tools
B) Focus only on production servers
C) Follow a linear process for attacks
D) Do not interrupt production processes
4. Which of the following BEST ensures that modifications made to in-house developed business applications do not introduce new security exposures?
A) Stress testing
B) Patch management
C) Change management
D) Security baselines
5. The advantage of Virtual Private Network (VPN) tunneling for remote users is that it:
A) helps ensure that communications are secure.
B) increases security between multi-tier systems.
C) allows passwords to be changed less frequently.
D) eliminates the need for secondary authentication.
1. Right Answer: C
Explanation: Business process owners are in the best position to understand how new regulatory requirements may affect their systems. Legal counsel and infrastructure management, as well as internal auditors, would not be in as good a position to fully understand all ramifications.
2. Right Answer: D
Explanation: Monitoring products can impose a significant impact ON system overhead for servers and networks. Product documentation, telephone support and ease of installation, while all important, would be secondary.
3. Right Answer: D
Explanation: The first rule of scanning for security exposures is to not break anything. This includes the interruption of any running processes. Open source tools are an excellent resource for performing scans. Scans should focus on both the test and production environments since, if compromised, the test environment could be used as a platform from which to attack production servers. Finally, the process of scanning for exposures is more of a spiral process than a linear process.
4. Right Answer: C
Explanation: Change management controls the process of introducing changes to systems to ensure that unintended changes are not introduced. Patch management involves the correction of software weaknesses and helps ensure that newly identified exploits are mitigated in a timely fashion. Security baselines provide minimum recommended settings. Stress testing ensures that there are no scalability problems.
5. Right Answer: A
Explanation: Virtual Private Network (VPN) tunneling for remote users provides an encrypted link that helps ensure secure communications. It does not affect password change frequency, nor does it eliminate the need for secondary authentication or affect security within the internal network.
Explanation: Business process owners are in the best position to understand how new regulatory requirements may affect their systems. Legal counsel and infrastructure management, as well as internal auditors, would not be in as good a position to fully understand all ramifications.
2. Right Answer: D
Explanation: Monitoring products can impose a significant impact ON system overhead for servers and networks. Product documentation, telephone support and ease of installation, while all important, would be secondary.
3. Right Answer: D
Explanation: The first rule of scanning for security exposures is to not break anything. This includes the interruption of any running processes. Open source tools are an excellent resource for performing scans. Scans should focus on both the test and production environments since, if compromised, the test environment could be used as a platform from which to attack production servers. Finally, the process of scanning for exposures is more of a spiral process than a linear process.
4. Right Answer: C
Explanation: Change management controls the process of introducing changes to systems to ensure that unintended changes are not introduced. Patch management involves the correction of software weaknesses and helps ensure that newly identified exploits are mitigated in a timely fashion. Security baselines provide minimum recommended settings. Stress testing ensures that there are no scalability problems.
5. Right Answer: A
Explanation: Virtual Private Network (VPN) tunneling for remote users provides an encrypted link that helps ensure secure communications. It does not affect password change frequency, nor does it eliminate the need for secondary authentication or affect security within the internal network.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment