CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 226
1. An organization finds unauthorized software has been installed on a number of workstations. The software was found to contain a Trojan which had been uploading data to an unknown external party. Which of the following would have BEST prevented the installation of the unauthorized software?
A) Implementing application blacklisting
B) Implementing an intrusion detection system (IDS)
C) Banning executable file downloads at the Internet firewall
D) Removing local administrator rights
2. An information security manager is analyzing a risk that is believed to be severe, but lacks numerical evidence to determine the impact the risk could have on the organization. In this case the information security manager should:
A) use a qualitative method to assess the risk.
B) use a quantitative method to assess the risk.
C) put it in the priority list in order to gain time to collect more data.
D) ask management to increase staff in order to collect more evidence on severity.
3. An organization experienced a breach which was successfully contained and remediated. Based on industry regulations, the breach needs to be communicated externally. What should the information security manager do NEXT?
A) Refer to the incident response plan.
B) Send out a breach notification to all parties involved.
C) Contact the board of directors.
D) Invoke the corporate communications plan.
4. When a business-critical web server is compromised, the IT security department should FIRST:
A) archive the logs as evidence.
B) attempt to repair any damage in order to keep the server running.
C) notify the legal department and/or regulatory officials as required.
D) advise management of the incident.
5. Which of the following provides the BEST indication that the information security program is in alignment with enterprise requirements?
A) The security strategy is benchmarked with similar organizations.
B) The information security manager reports to the chief executive officer.
C) Security strategy objectives are defined in business terms.
D) An IT governance committee is in place.
A) Implementing application blacklisting
B) Implementing an intrusion detection system (IDS)
C) Banning executable file downloads at the Internet firewall
D) Removing local administrator rights
2. An information security manager is analyzing a risk that is believed to be severe, but lacks numerical evidence to determine the impact the risk could have on the organization. In this case the information security manager should:
A) use a qualitative method to assess the risk.
B) use a quantitative method to assess the risk.
C) put it in the priority list in order to gain time to collect more data.
D) ask management to increase staff in order to collect more evidence on severity.
3. An organization experienced a breach which was successfully contained and remediated. Based on industry regulations, the breach needs to be communicated externally. What should the information security manager do NEXT?
A) Refer to the incident response plan.
B) Send out a breach notification to all parties involved.
C) Contact the board of directors.
D) Invoke the corporate communications plan.
4. When a business-critical web server is compromised, the IT security department should FIRST:
A) archive the logs as evidence.
B) attempt to repair any damage in order to keep the server running.
C) notify the legal department and/or regulatory officials as required.
D) advise management of the incident.
5. Which of the following provides the BEST indication that the information security program is in alignment with enterprise requirements?
A) The security strategy is benchmarked with similar organizations.
B) The information security manager reports to the chief executive officer.
C) Security strategy objectives are defined in business terms.
D) An IT governance committee is in place.
1. Right Answer: D
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: C
Explanation:
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: C
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment