CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 135
1. Which of the following would BEST assist an information security manager in measuring the existing level of development of security processes against their desired state?
A) Security audit reports
B) Balanced scorecard
C) Capability maturity model (CMM)
D) Systems and business security architecture
2. Who is responsible for raising awareness of the need for adequate funding for risk action plans?
A) Chief information officer (CIO)
B) Chief financial officer (CFO)
C) Information security manager
D) Business unit management
3. Managing the life cycle of a digital certificate is a role of a(n):
A) system administrator.
B) security administrator.
C) system developer.
D) independent trusted source.
4. Which of the following would be MOST critical to the successful implementation of a biometric authentication system?
A) Budget allocation
B) Technical skills of staff
C) User acceptance
D) Password requirements
5. Change management procedures to ensure that disaster recovery/business continuity plans are kept up-to-date can be BEST achieved through which of the following?
A) Reconciliation of the annual systems inventory to the disaster recovery, business continuity plans
B) Periodic audits of the disaster recovery/business continuity plans
C) Comprehensive walk-through testing
D) Inclusion as a required step in the system life cycle process
A) Security audit reports
B) Balanced scorecard
C) Capability maturity model (CMM)
D) Systems and business security architecture
2. Who is responsible for raising awareness of the need for adequate funding for risk action plans?
A) Chief information officer (CIO)
B) Chief financial officer (CFO)
C) Information security manager
D) Business unit management
3. Managing the life cycle of a digital certificate is a role of a(n):
A) system administrator.
B) security administrator.
C) system developer.
D) independent trusted source.
4. Which of the following would be MOST critical to the successful implementation of a biometric authentication system?
A) Budget allocation
B) Technical skills of staff
C) User acceptance
D) Password requirements
5. Change management procedures to ensure that disaster recovery/business continuity plans are kept up-to-date can be BEST achieved through which of the following?
A) Reconciliation of the annual systems inventory to the disaster recovery, business continuity plans
B) Periodic audits of the disaster recovery/business continuity plans
C) Comprehensive walk-through testing
D) Inclusion as a required step in the system life cycle process
1. Right Answer: C
Explanation: The capability maturity model (CMM) grades each defined area of security processes on a scale of 0 to 5 based on their maturity, and is commonly used by entities to measure their existing state and then determine the desired one. Security audit reports offer a limited view of the current state of security. Balanced scorecard is a document that enables management to measure the implementation of their strategy and assists in its translation into action. Systems and business security architecture explain the security architecture of an entity in terms of business strategy, objectives, relationships, risks, constraints and enablers, and provides a business-driven and business-focused view of security architecture.
2. Right Answer: C
Explanation: The information security manager is responsible for raising awareness of the need for adequate funding for risk-related action plans. Even though the chief information officer (CIO), chief financial officer (CFO) and business unit management are involved in the final approval of fund expenditure, it is the information security manager who has the ultimate responsibility for raising awareness.
3. Right Answer: D
Explanation: Digital certificates must be managed by an independent trusted source in order to maintain trust in their authenticity. The other options are not necessarily entrusted with this capability.
4. Right Answer: C
Explanation: End users may react differently to the implementation, and may have specific preferences. The information security manager should be aware that what is viewed as reasonable in one culture may not be acceptable in another culture. Budget allocation will have a lesser impact since what is rejected as a result of culture cannot be successfully implemented regardless of budgetary considerations. Technical skills of staff will have a lesser impact since new staff can be recruited or existing staff can be trained. Although important, password requirements would be less likely to guarantee the success of the implementation.
5. Right Answer: D
Explanation: Information security should be an integral component of the development cycle; thus, it should be included at the process level. Choices A, B and C are good mechanisms to ensure compliance, but would not be nearly as timely in ensuring that the plans are always up-to-date. Choice D is a preventive control, while choices A, B and C are detective controls.
Explanation: The capability maturity model (CMM) grades each defined area of security processes on a scale of 0 to 5 based on their maturity, and is commonly used by entities to measure their existing state and then determine the desired one. Security audit reports offer a limited view of the current state of security. Balanced scorecard is a document that enables management to measure the implementation of their strategy and assists in its translation into action. Systems and business security architecture explain the security architecture of an entity in terms of business strategy, objectives, relationships, risks, constraints and enablers, and provides a business-driven and business-focused view of security architecture.
2. Right Answer: C
Explanation: The information security manager is responsible for raising awareness of the need for adequate funding for risk-related action plans. Even though the chief information officer (CIO), chief financial officer (CFO) and business unit management are involved in the final approval of fund expenditure, it is the information security manager who has the ultimate responsibility for raising awareness.
3. Right Answer: D
Explanation: Digital certificates must be managed by an independent trusted source in order to maintain trust in their authenticity. The other options are not necessarily entrusted with this capability.
4. Right Answer: C
Explanation: End users may react differently to the implementation, and may have specific preferences. The information security manager should be aware that what is viewed as reasonable in one culture may not be acceptable in another culture. Budget allocation will have a lesser impact since what is rejected as a result of culture cannot be successfully implemented regardless of budgetary considerations. Technical skills of staff will have a lesser impact since new staff can be recruited or existing staff can be trained. Although important, password requirements would be less likely to guarantee the success of the implementation.
5. Right Answer: D
Explanation: Information security should be an integral component of the development cycle; thus, it should be included at the process level. Choices A, B and C are good mechanisms to ensure compliance, but would not be nearly as timely in ensuring that the plans are always up-to-date. Choice D is a preventive control, while choices A, B and C are detective controls.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment