CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 182
1. Which of the following is MOST relevant for an information security manager to communicate to IT operations?
A) The level of inherent risk
B) Vulnerability assessments
C) Threat assessments
D) The level of exposure
2. During the security review of a legacy business application, it was discovered that sensitive client data is not encrypted in storage, which does not comply with the organization's information security policy. Which of the following would be the information security manager's BEST course of action?
A) Implement encryption on client data.
B) Report the noncompliance to senior management.
C) Analyze compensating controls and assess the associated risk.
D) Determine the cost of encryption and discuss with the application owner.
3. Which of the following would BEST provide stakeholders with information to determine the appropriate response to a disaster?
A) Risk assessment
B) Vulnerability assessment
C) Business impact analysis
D) SWOT analysis
4. Which of the following should be determined FIRST when establishing a business continuity program?
A) Cost to rebuild information processing facilities
B) Incremental daily cost of the unavailability of systems
C) Location and cost of offsite recovery facilities
D) Composition and mission of individual recovery teams
5. A desktop computer that was involved in a computer security incident should be secured as evidence by:
A) disconnecting the computer from all power sources.
B) disabling all local user accounts except for one administrator.
C) encrypting local files and uploading exact copies to a secure server.
D) copying all files using the operating system (OS) to write-once media.
A) The level of inherent risk
B) Vulnerability assessments
C) Threat assessments
D) The level of exposure
2. During the security review of a legacy business application, it was discovered that sensitive client data is not encrypted in storage, which does not comply with the organization's information security policy. Which of the following would be the information security manager's BEST course of action?
A) Implement encryption on client data.
B) Report the noncompliance to senior management.
C) Analyze compensating controls and assess the associated risk.
D) Determine the cost of encryption and discuss with the application owner.
3. Which of the following would BEST provide stakeholders with information to determine the appropriate response to a disaster?
A) Risk assessment
B) Vulnerability assessment
C) Business impact analysis
D) SWOT analysis
4. Which of the following should be determined FIRST when establishing a business continuity program?
A) Cost to rebuild information processing facilities
B) Incremental daily cost of the unavailability of systems
C) Location and cost of offsite recovery facilities
D) Composition and mission of individual recovery teams
5. A desktop computer that was involved in a computer security incident should be secured as evidence by:
A) disconnecting the computer from all power sources.
B) disabling all local user accounts except for one administrator.
C) encrypting local files and uploading exact copies to a secure server.
D) copying all files using the operating system (OS) to write-once media.
1. Right Answer: B
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: B
Explanation: Prior to creating a detailed business continuity plan, it is important to determine the incremental daily cost of losing different systems. This will allow recovery time objectives to be determined which, in turn, affects the location and cost of offsite recovery facilities, and the composition and mission of individual recovery teams.Determining the cost to rebuild information processing facilities would not be the first thing to determine.
5. Right Answer: A
Explanation: To preserve the integrity of the desktop computer as an item of evidence, it should be immediately disconnected from all sources of power. Any attempt to access the information on the computer by copying, uploading or accessing it remotely changes the operating system (OS) and temporary files on the computer and invalidates it as admissible evidence.
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: B
Explanation: Prior to creating a detailed business continuity plan, it is important to determine the incremental daily cost of losing different systems. This will allow recovery time objectives to be determined which, in turn, affects the location and cost of offsite recovery facilities, and the composition and mission of individual recovery teams.Determining the cost to rebuild information processing facilities would not be the first thing to determine.
5. Right Answer: A
Explanation: To preserve the integrity of the desktop computer as an item of evidence, it should be immediately disconnected from all sources of power. Any attempt to access the information on the computer by copying, uploading or accessing it remotely changes the operating system (OS) and temporary files on the computer and invalidates it as admissible evidence.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment