CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 15
1. Who in an organization has the responsibility for classifying information?
A) Data custodian
B) Database administrator
C) Information security officer
D) Data owner
2. What is the PRIMARY role of the information security manager in the process of information classification within an organization?
A) Defining and ratifying the classification structure of information assets
B) Deciding the classification levels applied to the organization's information assets
C) Securing information assets in accordance with their classification
D) Checking if information assets have been classified properly
3. Logging is an example of which type of defense against systems compromise?
A) Containment
B) Detection
C) Reaction
D) Recovery
4. Which of the following is MOST important in developing a security strategy?
A) Creating a positive business security environment
B) Understanding key business objectives
C) Having a reporting line to senior management
D) Allocating sufficient resources to information security
5. Who is ultimately responsible for the organization's information?
A) Data custodian
B) Chief information security officer (CISO)
C) Board of directors
D) Chief information officer (CIO)
A) Data custodian
B) Database administrator
C) Information security officer
D) Data owner
2. What is the PRIMARY role of the information security manager in the process of information classification within an organization?
A) Defining and ratifying the classification structure of information assets
B) Deciding the classification levels applied to the organization's information assets
C) Securing information assets in accordance with their classification
D) Checking if information assets have been classified properly
3. Logging is an example of which type of defense against systems compromise?
A) Containment
B) Detection
C) Reaction
D) Recovery
4. Which of the following is MOST important in developing a security strategy?
A) Creating a positive business security environment
B) Understanding key business objectives
C) Having a reporting line to senior management
D) Allocating sufficient resources to information security
5. Who is ultimately responsible for the organization's information?
A) Data custodian
B) Chief information security officer (CISO)
C) Board of directors
D) Chief information officer (CIO)
1. Right Answer: D
Explanation: The data owner has full responsibility over data. The data custodian is responsible for securing the information. The database administrator carries out the technical administration. The information security officer oversees the overall classification management of the information.
2. Right Answer: A
Explanation: Defining and ratifying the classification structure of information assets is the primary role of the information security manager in the process of information classification within the organization. Choice B is incorrect because the final responsibility for deciding the classification levels rests with the data owners. ChoiceC is incorrect because the job of securing information assets is the responsibility of the data custodians. Choice D may be a role of an information security manager but is not the key role in this context.
3. Right Answer: B
Explanation: Detection defenses include logging as well as monitoring, measuring, auditing, detecting viruses and intrusion. Examples of containment defenses are awareness, training and physical security defenses. Examples of reaction defenses are incident response, policy and procedure change, and control enhancement. Examples of recovery defenses are backups and restorations, failover and remote sites, and business continuity plans and disaster recovery plans.
4. Right Answer: B
Explanation: Alignment with business strategy is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
5. Right Answer: C
Explanation: The board of directors is ultimately responsible for the organization's information and is tasked with responding to issues that affect its protection. The data custodian is responsible for the maintenance and protection of data. This role is usually filled by the IT department. The chief information security officer (CISO) is responsible for security and carrying out senior management's directives. The chief information officer (CIO) is responsible for information technology within the organization and is not ultimately responsible for the organization's information.
Explanation: The data owner has full responsibility over data. The data custodian is responsible for securing the information. The database administrator carries out the technical administration. The information security officer oversees the overall classification management of the information.
2. Right Answer: A
Explanation: Defining and ratifying the classification structure of information assets is the primary role of the information security manager in the process of information classification within the organization. Choice B is incorrect because the final responsibility for deciding the classification levels rests with the data owners. ChoiceC is incorrect because the job of securing information assets is the responsibility of the data custodians. Choice D may be a role of an information security manager but is not the key role in this context.
3. Right Answer: B
Explanation: Detection defenses include logging as well as monitoring, measuring, auditing, detecting viruses and intrusion. Examples of containment defenses are awareness, training and physical security defenses. Examples of reaction defenses are incident response, policy and procedure change, and control enhancement. Examples of recovery defenses are backups and restorations, failover and remote sites, and business continuity plans and disaster recovery plans.
4. Right Answer: B
Explanation: Alignment with business strategy is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
5. Right Answer: C
Explanation: The board of directors is ultimately responsible for the organization's information and is tasked with responding to issues that affect its protection. The data custodian is responsible for the maintenance and protection of data. This role is usually filled by the IT department. The chief information security officer (CISO) is responsible for security and carrying out senior management's directives. The chief information officer (CIO) is responsible for information technology within the organization and is not ultimately responsible for the organization's information.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment