CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 93
1. Which of the following is a key area of the ISO 27001 framework?
A) Operational risk assessment
B) Financial crime metrics
C) Capacity management
D) Business continuity management
2. The MAIN goal of an information security strategic plan is to:
A) develop a risk assessment plan.
B) develop a data protection plan.
C) protect information assets and resources.
D) establish security governance.
3. Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message?
A) Encrypting first by receiver's private key and second by sender's public key
B) Encrypting first by sender's private key and second by receiver's public key
C) Encrypting first by sender's private key and second decrypting by sender's public key
D) Encrypting first by sender's public key and second by receiver's private key
4. The main mail server of a financial institution has been compromised at the superuser level; the only way to ensure the system is secure would be to:
A) change the root password of the system.
B) implement multifactor authentication.
C) rebuild the system from the original installation medium.
D) disconnect the mail server from the network.
5. The IT function has declared that, when putting a new application into production, it is not necessary to update the business impact analysis (BIA) because it does not produce modifications in the business processes. The information security manager should:
A) verify the decision with the business units.
B) check the system's risk analysis.
C) recommend update after post implementation review.
D) request an audit review.
A) Operational risk assessment
B) Financial crime metrics
C) Capacity management
D) Business continuity management
2. The MAIN goal of an information security strategic plan is to:
A) develop a risk assessment plan.
B) develop a data protection plan.
C) protect information assets and resources.
D) establish security governance.
3. Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message?
A) Encrypting first by receiver's private key and second by sender's public key
B) Encrypting first by sender's private key and second by receiver's public key
C) Encrypting first by sender's private key and second decrypting by sender's public key
D) Encrypting first by sender's public key and second by receiver's private key
4. The main mail server of a financial institution has been compromised at the superuser level; the only way to ensure the system is secure would be to:
A) change the root password of the system.
B) implement multifactor authentication.
C) rebuild the system from the original installation medium.
D) disconnect the mail server from the network.
5. The IT function has declared that, when putting a new application into production, it is not necessary to update the business impact analysis (BIA) because it does not produce modifications in the business processes. The information security manager should:
A) verify the decision with the business units.
B) check the system's risk analysis.
C) recommend update after post implementation review.
D) request an audit review.
1. Right Answer: D
Explanation: Operational risk assessment, financial crime metrics and capacity management can complement the information security framework, but only business continuity management is a key component.
2. Right Answer: C
Explanation: The main goal of an information security strategic plan is to protect information assets and resources. Developing a risk assessment plan and H data protection plan, and establishing security governance refer to tools utilized in the security strategic plan that achieve the protection of information assets and resources.
3. Right Answer: B
Explanation: Encrypting by the sender's private key ensures authentication. By being able to decrypt with the sender's public key, the receiver would know that the message is sent by the sender only and the sender cannot deny/repudiate the message. By encrypting with the sender's public key secondly, only the sender will be able to decrypt the message and confidentiality is assured. The receiver's private key is private to the receiver and the sender cannot have it for encryption. Similarly, the receiver will not have the private key of the sender to decrypt the second-level encryption. In the case of encrypting first by the sender's private key and. second, decrypting by the sender's public key, confidentiality is not ensured since the message can be decrypted by anyone using the sender's public key. The receiver's private key would not be available to the sender for second-level encryption. Similarly, the sender's private key would not be available to the receiver for decrypting the message.
4. Right Answer: C
Explanation: Rebuilding the system from the original installation medium is the only way to ensure all security vulnerabilities and potential stealth malicious programs have been destroyed. Changing the root password of the system does not ensure the integrity of the mail server. Implementing multifactor authentication is an aftermeasure and does not clear existing security threats. Disconnecting the mail server from the network is an initial step, but does not guarantee security.
5. Right Answer: A
Explanation: Verifying the decision with the business units is the correct answer because it is not the IT function's responsibility to decide whether a new application modifies business processes Choice B does not consider the change in the applications. Choices C and D delay the update.
Explanation: Operational risk assessment, financial crime metrics and capacity management can complement the information security framework, but only business continuity management is a key component.
2. Right Answer: C
Explanation: The main goal of an information security strategic plan is to protect information assets and resources. Developing a risk assessment plan and H data protection plan, and establishing security governance refer to tools utilized in the security strategic plan that achieve the protection of information assets and resources.
3. Right Answer: B
Explanation: Encrypting by the sender's private key ensures authentication. By being able to decrypt with the sender's public key, the receiver would know that the message is sent by the sender only and the sender cannot deny/repudiate the message. By encrypting with the sender's public key secondly, only the sender will be able to decrypt the message and confidentiality is assured. The receiver's private key is private to the receiver and the sender cannot have it for encryption. Similarly, the receiver will not have the private key of the sender to decrypt the second-level encryption. In the case of encrypting first by the sender's private key and. second, decrypting by the sender's public key, confidentiality is not ensured since the message can be decrypted by anyone using the sender's public key. The receiver's private key would not be available to the sender for second-level encryption. Similarly, the sender's private key would not be available to the receiver for decrypting the message.
4. Right Answer: C
Explanation: Rebuilding the system from the original installation medium is the only way to ensure all security vulnerabilities and potential stealth malicious programs have been destroyed. Changing the root password of the system does not ensure the integrity of the mail server. Implementing multifactor authentication is an aftermeasure and does not clear existing security threats. Disconnecting the mail server from the network is an initial step, but does not guarantee security.
5. Right Answer: A
Explanation: Verifying the decision with the business units is the correct answer because it is not the IT function's responsibility to decide whether a new application modifies business processes Choice B does not consider the change in the applications. Choices C and D delay the update.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment