CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 191
1. What is the FIRST action an information security manager should take when a company laptop is reported stolen?
A) Evaluate the impact of the information loss
B) Update the corporate laptop inventory
C) Ensure compliance with reporting procedures
D) Disable the user account immediately
2. Which of the following actions should lake place immediately after a security breach is reported to an information security manager?
A) Confirm the incident
B) Determine impact
C) Notify affected stakeholders
D) Isolate the incident
3. When designing the technical solution for a disaster recovery site, the PRIMARY factor that should be taken into consideration is the:
A) services delivery objective.
B) recovery time objective (RTO).
C) recovery window.
D) maximum tolerable outage (MTO).
4. In designing a backup strategy that will be consistent with a disaster recovery strategy, the PRIMARY factor to be taken into account will be the:
A) volume of sensitive data.
B) recovery point objective (RPO).
C) recovery' time objective (RTO).
D) interruption window.
5. An intrusion detection system (IDS) should:
A) run continuously
B) ignore anomalies
C) require a stable, rarely changed environment
D) be located on the network
A) Evaluate the impact of the information loss
B) Update the corporate laptop inventory
C) Ensure compliance with reporting procedures
D) Disable the user account immediately
2. Which of the following actions should lake place immediately after a security breach is reported to an information security manager?
A) Confirm the incident
B) Determine impact
C) Notify affected stakeholders
D) Isolate the incident
3. When designing the technical solution for a disaster recovery site, the PRIMARY factor that should be taken into consideration is the:
A) services delivery objective.
B) recovery time objective (RTO).
C) recovery window.
D) maximum tolerable outage (MTO).
4. In designing a backup strategy that will be consistent with a disaster recovery strategy, the PRIMARY factor to be taken into account will be the:
A) volume of sensitive data.
B) recovery point objective (RPO).
C) recovery' time objective (RTO).
D) interruption window.
5. An intrusion detection system (IDS) should:
A) run continuously
B) ignore anomalies
C) require a stable, rarely changed environment
D) be located on the network
1. Right Answer: C
Explanation: The key step in such an incident is to report it to mitigate any loss. After this, the other actions should follow.
2. Right Answer: A
Explanation: Before performing analysis of impact, resolution, notification or isolation of an incident, ii must be validated as a real security incident.
3. Right Answer: C
Explanation: The length of the recovery window is defined by business management and determines the acceptable time frame between a disaster and the restoration of critical services/applications. The technical implementation of the disaster recovery (DR) site will be based on this constraint, especially the choice between a hot, warm or cold site. The service delivery objective is supported during the alternate process mode until the normal situation is restored, which is directly related to business needs. The recovery time objective (RTO) is commonly agreed to be the time frame between a disaster and the return to normal operations. It is then longer than the interruption window and is very difficult to estimate in advance. The time frame between the reduced operation mode at the end of the interruption window and the return to normal operations depends on the magnitude of the disaster. Technical disaster recovery solutions alone will not be used for returning to normal operations. Maximum tolerable outage (MTO) is the maximum time acceptable by a company operating in reduced mode before experiencing losses.Theoretically, recovery time objectives (RTOs) equal the interruption window plus the maximum tolerable outage. This will not be the primary factor for the choice of the technical disaster recovery solution.
4. Right Answer: B
Explanation: The recovery point objective (RPO) defines the maximum loss of data (in terms of time) acceptable by the business (i.e., age of data to be restored). It will directly determine the basic elements of the backup strategy frequency of the backups and what kind of backup is the most appropriate (disk-to-disk, on tape, mirroring).The volume of data will be used to determine the capacity of the backup solution. The recovery time objective (RTO) '' the time between disaster and return to normal operation '' will not have any impact on the backup strategy. The availability to restore backups in a time frame consistent with the interruption window will have to be checked and will influence the strategy (e.g., full backup vs. incremental), but this will not be the primary factor.
5. Right Answer: A
Explanation: If an intrusion detection system (IDS) does not run continuously the business remains vulnerable. An IDS should detect, not ignore anomalies. An IDS should be flexible enough to cope with a changing environment. Both host and network based IDS are recommended for adequate detection.
Explanation: The key step in such an incident is to report it to mitigate any loss. After this, the other actions should follow.
2. Right Answer: A
Explanation: Before performing analysis of impact, resolution, notification or isolation of an incident, ii must be validated as a real security incident.
3. Right Answer: C
Explanation: The length of the recovery window is defined by business management and determines the acceptable time frame between a disaster and the restoration of critical services/applications. The technical implementation of the disaster recovery (DR) site will be based on this constraint, especially the choice between a hot, warm or cold site. The service delivery objective is supported during the alternate process mode until the normal situation is restored, which is directly related to business needs. The recovery time objective (RTO) is commonly agreed to be the time frame between a disaster and the return to normal operations. It is then longer than the interruption window and is very difficult to estimate in advance. The time frame between the reduced operation mode at the end of the interruption window and the return to normal operations depends on the magnitude of the disaster. Technical disaster recovery solutions alone will not be used for returning to normal operations. Maximum tolerable outage (MTO) is the maximum time acceptable by a company operating in reduced mode before experiencing losses.Theoretically, recovery time objectives (RTOs) equal the interruption window plus the maximum tolerable outage. This will not be the primary factor for the choice of the technical disaster recovery solution.
4. Right Answer: B
Explanation: The recovery point objective (RPO) defines the maximum loss of data (in terms of time) acceptable by the business (i.e., age of data to be restored). It will directly determine the basic elements of the backup strategy frequency of the backups and what kind of backup is the most appropriate (disk-to-disk, on tape, mirroring).The volume of data will be used to determine the capacity of the backup solution. The recovery time objective (RTO) '' the time between disaster and return to normal operation '' will not have any impact on the backup strategy. The availability to restore backups in a time frame consistent with the interruption window will have to be checked and will influence the strategy (e.g., full backup vs. incremental), but this will not be the primary factor.
5. Right Answer: A
Explanation: If an intrusion detection system (IDS) does not run continuously the business remains vulnerable. An IDS should detect, not ignore anomalies. An IDS should be flexible enough to cope with a changing environment. Both host and network based IDS are recommended for adequate detection.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment