CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 90
1. Which of the following is MOST effective for securing wireless networks as a point of entry into a corporate network?
A) Boundary router
B) Strong encryption
C) Internet-facing firewall
D) Intrusion detection system (IDS)
2. Which of the following is MOST effective in protecting against the attack technique known as phishing?
A) Firewall blocking rules
B) Up-to-date signature files
C) Security awareness training
D) Intrusion detection monitoring
3. When a newly installed system for synchronizing passwords across multiple systems and platforms abnormally terminates without warning, which of the following should automatically occur FIRST?
A) The firewall should block all inbound traffic during the outage
B) All systems should block new logins until the problem is corrected
C) Access control should fall back to no synchronized mode
D) System logs should record all user activity for later analysis
4. Which of the following is the MOST important risk associated with middleware in a client-server environment?
A) Server patching may be prevented
B) System backups may be incomplete
C) System integrity may be affected
D) End-user sessions may be hijacked
5. An outsource service provider must handle sensitive customer information. Which of the following is MOST important for an information security manager to know?
A) Security in storage and transmission of sensitive data
B) Provider's level of compliance with industry standards
C) Security technologies in place at the facility
D) Results of the latest independent security review
A) Boundary router
B) Strong encryption
C) Internet-facing firewall
D) Intrusion detection system (IDS)
2. Which of the following is MOST effective in protecting against the attack technique known as phishing?
A) Firewall blocking rules
B) Up-to-date signature files
C) Security awareness training
D) Intrusion detection monitoring
3. When a newly installed system for synchronizing passwords across multiple systems and platforms abnormally terminates without warning, which of the following should automatically occur FIRST?
A) The firewall should block all inbound traffic during the outage
B) All systems should block new logins until the problem is corrected
C) Access control should fall back to no synchronized mode
D) System logs should record all user activity for later analysis
4. Which of the following is the MOST important risk associated with middleware in a client-server environment?
A) Server patching may be prevented
B) System backups may be incomplete
C) System integrity may be affected
D) End-user sessions may be hijacked
5. An outsource service provider must handle sensitive customer information. Which of the following is MOST important for an information security manager to know?
A) Security in storage and transmission of sensitive data
B) Provider's level of compliance with industry standards
C) Security technologies in place at the facility
D) Results of the latest independent security review
1. Right Answer: B
Explanation: Strong encryption is the most effective means of protecting wireless networks. Boundary routers, intrusion detection systems (IDSs) and firewalling the Internet would not be as effective.
2. Right Answer: C
Explanation: Phishing relies on social engineering techniques. Providing good security awareness training will best reduce the likelihood of such an attack being successful.Firewall rules, signature files and intrusion detection system (IDS) monitoring will be largely unsuccessful at blocking this kind of attack.
3. Right Answer: C
Explanation: The best mechanism is for the system to fallback to the original process of logging on individually to each system. Blocking traffic and new logins would be overly restrictive to the conduct of business, while recording all user activity would add little value.
4. Right Answer: C
Explanation: The major risk associated with middleware in a client-server environment is that system integrity may be adversely affected because of the very purpose of middleware, which is intended to support multiple operating environments interacting concurrently. Lack of proper software to control portability of data or programs across multiple platforms could result in a loss of data or program integrity. All other choices are less likely to occur.
5. Right Answer: A
Explanation: Mow the outsourcer protects the storage and transmission of sensitive information will allow an information security manager to understand how sensitive data will be protected. Choice B is an important but secondary consideration. Choice C is incorrect because security technologies are not the only components to protect the sensitive customer information. Choice D is incorrect because an independent security review may not include analysis on how sensitive customer information would be protected.
Explanation: Strong encryption is the most effective means of protecting wireless networks. Boundary routers, intrusion detection systems (IDSs) and firewalling the Internet would not be as effective.
2. Right Answer: C
Explanation: Phishing relies on social engineering techniques. Providing good security awareness training will best reduce the likelihood of such an attack being successful.Firewall rules, signature files and intrusion detection system (IDS) monitoring will be largely unsuccessful at blocking this kind of attack.
3. Right Answer: C
Explanation: The best mechanism is for the system to fallback to the original process of logging on individually to each system. Blocking traffic and new logins would be overly restrictive to the conduct of business, while recording all user activity would add little value.
4. Right Answer: C
Explanation: The major risk associated with middleware in a client-server environment is that system integrity may be adversely affected because of the very purpose of middleware, which is intended to support multiple operating environments interacting concurrently. Lack of proper software to control portability of data or programs across multiple platforms could result in a loss of data or program integrity. All other choices are less likely to occur.
5. Right Answer: A
Explanation: Mow the outsourcer protects the storage and transmission of sensitive information will allow an information security manager to understand how sensitive data will be protected. Choice B is an important but secondary consideration. Choice C is incorrect because security technologies are not the only components to protect the sensitive customer information. Choice D is incorrect because an independent security review may not include analysis on how sensitive customer information would be protected.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment