CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 183
1. A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site. Which of the following would be theGREATEST weakness in recovery capability?
A) Exclusive use of the hot site is limited to six weeks
B) The hot site may have to be shared with other customers
C) The time of declaration determines site access priority
D) The provider services all major companies in the area
2. Which of the following actions should be taken when an online trading company discovers a network attack in progress?
A) Shut off all network access points
B) Dump all event logs to removable media
C) Isolate the affected network segment
D) Enable trace logging on all event
3. The BEST method for detecting and monitoring a hacker's activities without exposing information assets to unnecessary risk is to utilize:
A) firewalls.
B) bastion hosts.
C) decoy files.
D) screened subnets.
4. The FIRST priority when responding to a major security incident is:
A) documentation.
B) monitoring.
C) restoration.
D) containment.
5. Which of the following is the MOST important to ensure a successful recovery?
A) Backup media is stored offsite
B) Recovery location is secure and accessible
C) More than one hot site is available
D) Network alternate links are regularly tested
A) Exclusive use of the hot site is limited to six weeks
B) The hot site may have to be shared with other customers
C) The time of declaration determines site access priority
D) The provider services all major companies in the area
2. Which of the following actions should be taken when an online trading company discovers a network attack in progress?
A) Shut off all network access points
B) Dump all event logs to removable media
C) Isolate the affected network segment
D) Enable trace logging on all event
3. The BEST method for detecting and monitoring a hacker's activities without exposing information assets to unnecessary risk is to utilize:
A) firewalls.
B) bastion hosts.
C) decoy files.
D) screened subnets.
4. The FIRST priority when responding to a major security incident is:
A) documentation.
B) monitoring.
C) restoration.
D) containment.
5. Which of the following is the MOST important to ensure a successful recovery?
A) Backup media is stored offsite
B) Recovery location is secure and accessible
C) More than one hot site is available
D) Network alternate links are regularly tested
1. Right Answer: D
Explanation: Sharing a hot site facility is sometimes necessary in the case of a major disaster. Also, first come, first served usually determines priority of access based on general industry practice. Access to a hot site is not indefinite; the recovery plan should address a long-term outage. In case of a disaster affecting a localized geographical area, the vendor's facility and capabilities could be insufficient for all of its clients, which will all be competing for the same resource. Preference will likely be given to the larger corporations, possibly delaying the recovery of a branch that will likely be smaller than other clients based locally.
2. Right Answer: C
Explanation: Isolating the affected network segment will mitigate the immediate threat while allowing unaffected portions of the business to continue processing. Shutting off all network access points would create a denial of service that could result in loss of revenue. Dumping event logs and enabling trace logging, while perhaps useful, would not mitigate the immediate threat posed by the network attack.
3. Right Answer: C
Explanation: Decoy files, often referred to as honeypots, are the best choice for diverting a hacker away from critical files and alerting security of the hacker's presence.Firewalls and bastion hosts attempt to keep the hacker out, while screened subnets or demilitarized zones (DM/.s) provide a middle ground between the trusted internal network and the external untrusted Internet.
4. Right Answer: D
Explanation: The first priority in responding to a security incident is to contain it to limit the impact. Documentation, monitoring and restoration are all important, but they should follow containment.
5. Right Answer: A
Explanation: Unless backup media are available, all other preparations become meaningless. Recovery site location and security are important, but would not prevent recovery in a disaster situation. Having a secondary hot site is also important, but not as important as having backup media available. Similarly, alternate data communication lines should be tested regularly and successfully but, again, this is not as critical.
Explanation: Sharing a hot site facility is sometimes necessary in the case of a major disaster. Also, first come, first served usually determines priority of access based on general industry practice. Access to a hot site is not indefinite; the recovery plan should address a long-term outage. In case of a disaster affecting a localized geographical area, the vendor's facility and capabilities could be insufficient for all of its clients, which will all be competing for the same resource. Preference will likely be given to the larger corporations, possibly delaying the recovery of a branch that will likely be smaller than other clients based locally.
2. Right Answer: C
Explanation: Isolating the affected network segment will mitigate the immediate threat while allowing unaffected portions of the business to continue processing. Shutting off all network access points would create a denial of service that could result in loss of revenue. Dumping event logs and enabling trace logging, while perhaps useful, would not mitigate the immediate threat posed by the network attack.
3. Right Answer: C
Explanation: Decoy files, often referred to as honeypots, are the best choice for diverting a hacker away from critical files and alerting security of the hacker's presence.Firewalls and bastion hosts attempt to keep the hacker out, while screened subnets or demilitarized zones (DM/.s) provide a middle ground between the trusted internal network and the external untrusted Internet.
4. Right Answer: D
Explanation: The first priority in responding to a security incident is to contain it to limit the impact. Documentation, monitoring and restoration are all important, but they should follow containment.
5. Right Answer: A
Explanation: Unless backup media are available, all other preparations become meaningless. Recovery site location and security are important, but would not prevent recovery in a disaster situation. Having a secondary hot site is also important, but not as important as having backup media available. Similarly, alternate data communication lines should be tested regularly and successfully but, again, this is not as critical.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment