CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 125
1. Which of the following is the BEST way to ensure that a corporate network is adequately secured against external attack?
A) Utilize an intrusion detection system.
B) Establish minimum security baselines.
C) Implement vendor recommended settings.
D) Perform periodic penetration testing.
2. Which of the following presents the GREATEST exposure to internal attack on a network?
A) User passwords are not automatically expired
B) All network traffic goes through a single switch
C) User passwords are encoded but not encrypted
D) All users reside on a single internal subnet
3. Which of the following provides the linkage to ensure that procedures are correctly aligned with information security policy requirements?
A) Standards
B) Guidelines
C) Security metrics
D) IT governance
4. Which of the following are the MOST important individuals to include as members of an information security steering committee?
A) Direct reports to the chief information officer
B) IT management and key business process owners
C) Cross-section of end users and IT professionals
D) Internal audit and corporate legal departments
5. Security audit reviews should PRIMARILY:
A) ensure that controls operate as required.
B) ensure that controls are cost-effective.
C) focus on preventive controls.
D) ensure controls are technologically current.
A) Utilize an intrusion detection system.
B) Establish minimum security baselines.
C) Implement vendor recommended settings.
D) Perform periodic penetration testing.
2. Which of the following presents the GREATEST exposure to internal attack on a network?
A) User passwords are not automatically expired
B) All network traffic goes through a single switch
C) User passwords are encoded but not encrypted
D) All users reside on a single internal subnet
3. Which of the following provides the linkage to ensure that procedures are correctly aligned with information security policy requirements?
A) Standards
B) Guidelines
C) Security metrics
D) IT governance
4. Which of the following are the MOST important individuals to include as members of an information security steering committee?
A) Direct reports to the chief information officer
B) IT management and key business process owners
C) Cross-section of end users and IT professionals
D) Internal audit and corporate legal departments
5. Security audit reviews should PRIMARILY:
A) ensure that controls operate as required.
B) ensure that controls are cost-effective.
C) focus on preventive controls.
D) ensure controls are technologically current.
1. Right Answer: D
Explanation: Penetration testing is the best way to assure that perimeter security is adequate. An intrusion detection system (IDS) may detect an attempted attack, hut it will not confirm whether the perimeter is secured. Minimum security baselines and applying vendor recommended settings are beneficial, but they will not provide the level of assurance that is provided by penetration testing.
2. Right Answer: C
Explanation: When passwords are sent over the internal network in an encoded format, they can easily be converted to clear text. All passwords should be encrypted to provide adequate security. Not automatically expiring user passwords does create an exposure, but not as great as having unencrypted passwords. Using a single switch or subnet does not present a significant exposure.
3. Right Answer: A
Explanation: Standards are the bridge between high-level policy statements and the 'how to' detailed formal of procedures. Security metrics and governance would not ensure correct alignment between policies and procedures. Similarly, guidelines are not linkage documents but rather provide suggested guidance on best practices.
4. Right Answer: B
Explanation: Security steering committees provide a forum for management to express its opinion and take some ownership in the decision making process. It is imperative that business process owners be included in this process. None of the other choices includes input by business process owners.
5. Right Answer: A
Explanation: The primary objective of a security review or audit should be to provide assurance on the adequacy of security controls. Reviews should focus on all forms of control, not just on preventive control. Cost-effectiveness and technological currency are important but not as critical.
Explanation: Penetration testing is the best way to assure that perimeter security is adequate. An intrusion detection system (IDS) may detect an attempted attack, hut it will not confirm whether the perimeter is secured. Minimum security baselines and applying vendor recommended settings are beneficial, but they will not provide the level of assurance that is provided by penetration testing.
2. Right Answer: C
Explanation: When passwords are sent over the internal network in an encoded format, they can easily be converted to clear text. All passwords should be encrypted to provide adequate security. Not automatically expiring user passwords does create an exposure, but not as great as having unencrypted passwords. Using a single switch or subnet does not present a significant exposure.
3. Right Answer: A
Explanation: Standards are the bridge between high-level policy statements and the 'how to' detailed formal of procedures. Security metrics and governance would not ensure correct alignment between policies and procedures. Similarly, guidelines are not linkage documents but rather provide suggested guidance on best practices.
4. Right Answer: B
Explanation: Security steering committees provide a forum for management to express its opinion and take some ownership in the decision making process. It is imperative that business process owners be included in this process. None of the other choices includes input by business process owners.
5. Right Answer: A
Explanation: The primary objective of a security review or audit should be to provide assurance on the adequacy of security controls. Reviews should focus on all forms of control, not just on preventive control. Cost-effectiveness and technological currency are important but not as critical.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment