CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 47
1. Data owners are PRIMARILY responsible for establishing risk mitigation methods to address which of the following areas?
A) Platform security
B) Entitlement changes
C) Intrusion detection
D) Antivirus controls
2. The PRIMARY goal of a corporate risk management program is to ensure that an organization's:
A) IT assets in key business functions are protected.
B) business risks are addressed by preventive controls.
C) stated objectives are achievable.
D) IT facilities and systems are always available.
3. It is important to classify and determine relative sensitivity of assets to ensure that:
A) cost of protection is in proportion to sensitivity.
B) highly sensitive assets are protected.
C) cost of controls is minimized.
D) countermeasures are proportional to risk.
4. The service level agreement (SLA) for an outsourced IT function does not reflect an adequate level of protection. In this situation an information security manager should:
A) ensure the provider is made liable for losses.
B) recommend not renewing the contract upon expiration.
C) recommend the immediate termination of the contract.
D) determine the current level of security.
5. An information security manager has been assigned to implement more restrictive preventive controls. By doing so, the net effect will be to PRIMARILY reduce the:
A) threat.
B) loss.
C) vulnerability.
D) probability.
A) Platform security
B) Entitlement changes
C) Intrusion detection
D) Antivirus controls
2. The PRIMARY goal of a corporate risk management program is to ensure that an organization's:
A) IT assets in key business functions are protected.
B) business risks are addressed by preventive controls.
C) stated objectives are achievable.
D) IT facilities and systems are always available.
3. It is important to classify and determine relative sensitivity of assets to ensure that:
A) cost of protection is in proportion to sensitivity.
B) highly sensitive assets are protected.
C) cost of controls is minimized.
D) countermeasures are proportional to risk.
4. The service level agreement (SLA) for an outsourced IT function does not reflect an adequate level of protection. In this situation an information security manager should:
A) ensure the provider is made liable for losses.
B) recommend not renewing the contract upon expiration.
C) recommend the immediate termination of the contract.
D) determine the current level of security.
5. An information security manager has been assigned to implement more restrictive preventive controls. By doing so, the net effect will be to PRIMARILY reduce the:
A) threat.
B) loss.
C) vulnerability.
D) probability.
1. Right Answer: B
Explanation: Data owners are responsible for assigning user entitlements and approving access to the systems for which they are responsible. Platform security, intrusion detection and antivirus controls are all within the responsibility of the information security manager.
2. Right Answer: C
Explanation: Risk management's primary goal is to ensure an organization maintains the ability to achieve its objectives. Protecting IT assets is one possible goal as well as ensuring infrastructure and systems availability. However, these should be put in the perspective of achieving an organization's objectives. Preventive controls are not always possible or necessary; risk management will address issues with an appropriate mix of preventive and corrective controls.
3. Right Answer: D
Explanation: Classification of assets needs to be undertaken to determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented. While higher costs are allowable to protect sensitive assets, and it is always reasonable to minimize the costs of controls, it is most important that the controls and countermeasures are commensurate to the risk since this will justify the costs. Choice B is important but it is an incomplete answer because it does not factor in risk. Therefore, choice D is the most important.
4. Right Answer: D
Explanation: It is important to ensure that adequate levels of protection are written into service level agreements (SLAs) and other outsourcing contracts. Information must be obtained from providers to determine how that outsource provider is securing information assets prior to making any recommendation or taking any action in order to support management decision making. Choice A is not acceptable in most situations and therefore not a good answer.
5. Right Answer: C
Explanation: Implementing more restrictive preventive controls mitigates vulnerabilities but not the threats. Losses and probability of occurrence may not be primarily or directly affected.
Explanation: Data owners are responsible for assigning user entitlements and approving access to the systems for which they are responsible. Platform security, intrusion detection and antivirus controls are all within the responsibility of the information security manager.
2. Right Answer: C
Explanation: Risk management's primary goal is to ensure an organization maintains the ability to achieve its objectives. Protecting IT assets is one possible goal as well as ensuring infrastructure and systems availability. However, these should be put in the perspective of achieving an organization's objectives. Preventive controls are not always possible or necessary; risk management will address issues with an appropriate mix of preventive and corrective controls.
3. Right Answer: D
Explanation: Classification of assets needs to be undertaken to determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented. While higher costs are allowable to protect sensitive assets, and it is always reasonable to minimize the costs of controls, it is most important that the controls and countermeasures are commensurate to the risk since this will justify the costs. Choice B is important but it is an incomplete answer because it does not factor in risk. Therefore, choice D is the most important.
4. Right Answer: D
Explanation: It is important to ensure that adequate levels of protection are written into service level agreements (SLAs) and other outsourcing contracts. Information must be obtained from providers to determine how that outsource provider is securing information assets prior to making any recommendation or taking any action in order to support management decision making. Choice A is not acceptable in most situations and therefore not a good answer.
5. Right Answer: C
Explanation: Implementing more restrictive preventive controls mitigates vulnerabilities but not the threats. Losses and probability of occurrence may not be primarily or directly affected.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment