CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 192
1. The PRIORITY action to be taken when a server is infected with a virus is to:
A) isolate the infected server(s) from the network.
B) identify all potential damage caused by the infection.
C) ensure that the virus database files are current.
D) establish security weaknesses in the firewall.
2. Which of the following provides the BKST confirmation that the business continuity/disaster recovery plan objectives have been achieved?
A) The recovery time objective (RTO) was not exceeded during testing
B) Objective testing of the business continuity/disaster recovery plan has been carried out consistently
C) The recovery point objective (RPO) was proved inadequate by disaster recovery plan testing
D) Information assets have been valued and assigned to owners per the business continuity plan, disaster recovery plan
3. Which of the following situations would be the MOST concern to a security manager?
A) Audit logs are not enabled on a production server
B) The logon ID for a terminated systems analyst still exists on the system
C) The help desk has received numerous results of users receiving phishing e-mails
D) A Trojan was found to be installed on a system administrator's laptop
4. A customer credit card database has been breached by hackers. The FIRST step in dealing with this attack should be to:
A) confirm the incident.
B) notify senior management.
C) start containment.
D) notify law enforcement.
5. A root kit was used to capture detailed accounts receivable information. To ensure admissibility of evidence from a legal standpoint, once the incident was identified and the server isolated, the next step should be to:
A) document how the attack occurred.
B) notify law enforcement.
C) take an image copy of the media.
D) close the accounts receivable system.
A) isolate the infected server(s) from the network.
B) identify all potential damage caused by the infection.
C) ensure that the virus database files are current.
D) establish security weaknesses in the firewall.
2. Which of the following provides the BKST confirmation that the business continuity/disaster recovery plan objectives have been achieved?
A) The recovery time objective (RTO) was not exceeded during testing
B) Objective testing of the business continuity/disaster recovery plan has been carried out consistently
C) The recovery point objective (RPO) was proved inadequate by disaster recovery plan testing
D) Information assets have been valued and assigned to owners per the business continuity plan, disaster recovery plan
3. Which of the following situations would be the MOST concern to a security manager?
A) Audit logs are not enabled on a production server
B) The logon ID for a terminated systems analyst still exists on the system
C) The help desk has received numerous results of users receiving phishing e-mails
D) A Trojan was found to be installed on a system administrator's laptop
4. A customer credit card database has been breached by hackers. The FIRST step in dealing with this attack should be to:
A) confirm the incident.
B) notify senior management.
C) start containment.
D) notify law enforcement.
5. A root kit was used to capture detailed accounts receivable information. To ensure admissibility of evidence from a legal standpoint, once the incident was identified and the server isolated, the next step should be to:
A) document how the attack occurred.
B) notify law enforcement.
C) take an image copy of the media.
D) close the accounts receivable system.
1. Right Answer: A
Explanation: The priority in this event is to minimize the effect of the virus infection and to prevent it from spreading by removing the infected server(s) from the network. After the network is secured from further infection, the damage assessment can be performed, the virus database updated and any weaknesses sought.
2. Right Answer: A
Explanation: Consistent achievement of recovery time objective (RTO) objectives during testing provides the most objective evidence that business continuity/disaster recovery plan objectives have been achieved. The successful testing of the business continuity/disaster recover) plan within the stated RTO objectives is the most indicative evidence that the business needs are being met. Objective testing of the business continuity/ disaster recovery plan will not serve as a basis for evaluating the alignment of the risk management process in business continuity/disaster recovery planning. Mere valuation and assignment of information assets to owners (per the business continuity/disaster recovery plan) will not serve as a basis for evaluating the alignment of the risk management process in business continuity/disaster recovery planning.
3. Right Answer: D
Explanation: The discovery of a Trojan installed on a system's administrator's laptop is highly significant since this may mean that privileged user accounts and passwords may have been compromised. The other choices, although important, do not pose as immediate or as critical a threat.
4. Right Answer: A
Explanation: Asserting that the condition is a true security incident is the necessary first step in determining the correct response. The containment stage would follow. Notifying senior management and law enforcement could be part of the incident response process that takes place after confirming an incident.
5. Right Answer: C
Explanation: Taking an image copy of the media is a recommended practice to ensure legal admissibility. All of the other choices are subsequent and may be supplementary.
Explanation: The priority in this event is to minimize the effect of the virus infection and to prevent it from spreading by removing the infected server(s) from the network. After the network is secured from further infection, the damage assessment can be performed, the virus database updated and any weaknesses sought.
2. Right Answer: A
Explanation: Consistent achievement of recovery time objective (RTO) objectives during testing provides the most objective evidence that business continuity/disaster recovery plan objectives have been achieved. The successful testing of the business continuity/disaster recover) plan within the stated RTO objectives is the most indicative evidence that the business needs are being met. Objective testing of the business continuity/ disaster recovery plan will not serve as a basis for evaluating the alignment of the risk management process in business continuity/disaster recovery planning. Mere valuation and assignment of information assets to owners (per the business continuity/disaster recovery plan) will not serve as a basis for evaluating the alignment of the risk management process in business continuity/disaster recovery planning.
3. Right Answer: D
Explanation: The discovery of a Trojan installed on a system's administrator's laptop is highly significant since this may mean that privileged user accounts and passwords may have been compromised. The other choices, although important, do not pose as immediate or as critical a threat.
4. Right Answer: A
Explanation: Asserting that the condition is a true security incident is the necessary first step in determining the correct response. The containment stage would follow. Notifying senior management and law enforcement could be part of the incident response process that takes place after confirming an incident.
5. Right Answer: C
Explanation: Taking an image copy of the media is a recommended practice to ensure legal admissibility. All of the other choices are subsequent and may be supplementary.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment