CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 186
1. Which of the following terms and conditions represent a significant deficiency if included in a commercial hot site contract?
A) A hot site facility will be shared in multiple disaster declarations
B) All equipment is provided 'at time of disaster, not on floor'
C) The facility is subject to a 'first-come, first-served' policy
D) Equipment may be substituted with equivalent model
2. Which of the following should be performed FIRST in the aftermath of a denial-of-service attack?
A) Restore servers from backup media stored offsite
B) Conduct an assessment to determine system status
C) Perform an impact analysis of the outage
D) Isolate the screened subnet
3. Which of the following is the MOST important element to ensure the successful recovery of a business during a disaster?
A) Detailed technical recovery plans are maintained offsite
B) Network redundancy is maintained through separate providers
C) Hot site equipment needs are recertified on a regular basis
D) Appropriate declaration criteria have been established
4. The business continuity policy should contain which of the following?
A) Emergency call trees
B) Recovery criteria
C) Business impact assessment (BIA)
D) Critical backups inventory
5. The PRIMARY purpose of installing an intrusion detection system (IDS) is to identify:
A) weaknesses in network security.
B) patterns of suspicious access.
C) how an attack was launched on the network.
D) potential attacks on the internal network.
A) A hot site facility will be shared in multiple disaster declarations
B) All equipment is provided 'at time of disaster, not on floor'
C) The facility is subject to a 'first-come, first-served' policy
D) Equipment may be substituted with equivalent model
2. Which of the following should be performed FIRST in the aftermath of a denial-of-service attack?
A) Restore servers from backup media stored offsite
B) Conduct an assessment to determine system status
C) Perform an impact analysis of the outage
D) Isolate the screened subnet
3. Which of the following is the MOST important element to ensure the successful recovery of a business during a disaster?
A) Detailed technical recovery plans are maintained offsite
B) Network redundancy is maintained through separate providers
C) Hot site equipment needs are recertified on a regular basis
D) Appropriate declaration criteria have been established
4. The business continuity policy should contain which of the following?
A) Emergency call trees
B) Recovery criteria
C) Business impact assessment (BIA)
D) Critical backups inventory
5. The PRIMARY purpose of installing an intrusion detection system (IDS) is to identify:
A) weaknesses in network security.
B) patterns of suspicious access.
C) how an attack was launched on the network.
D) potential attacks on the internal network.
1. Right Answer: B
Explanation: Equipment provided 'at time of disaster (ATOD), not on floor' means that the equipment is not available but will be acquired by the commercial hot site providerON a best effort basis. This leaves the customer at the mercy of the marketplace. If equipment is not immediately available, the recovery will be delayed. Many commercial providers do require sharing facilities in cases where there are multiple simultaneous declarations, and that priority may be established on a first- come, first-served basis. It is also common for the provider to substitute equivalent or better equipment, as they are frequently upgrading and changing equipment.
2. Right Answer: B
Explanation: An assessment should be conducted to determine whether any permanent damage occurred and the overall system status. It is not necessary at this point to rebuild any servers. An impact analysis of the outage or isolating the demilitarized zone (DMZ) or screen subnet will not provide any immediate benefit.
3. Right Answer: A
Explanation: In a major disaster, staff can be injured or can be prevented from traveling to the hot site, so technical skills and business knowledge can be lost. It is therefore critical to maintain an updated copy of the detailed recovery plan at an offsite location. Continuity of the business requires adequate network redundancy, hot site infrastructure that is certified as compatible and clear criteria for declaring a disaster. Ideally, the business continuity program addresses all of these satisfactorily.However, in a disaster situation, where all these elements are present, but without the detailed technical plan, business recovery will be seriously impaired.
4. Right Answer: B
Explanation: Recovery criteria, indicating the circumstances under which specific actions are undertaken, should be contained within a business continuity policy. Telephone trees, business impact assessments (BIAs) and listings of critical backup files are too detailed to include in a policy document.
5. Right Answer: D
Explanation: The most important function of an intrusion detection system (IDS) is to identify potential attacks on the network. Identifying how the attack was launched is secondary. It is not designed specifically to identify weaknesses in network security or to identify patterns of suspicious logon attempts.
Explanation: Equipment provided 'at time of disaster (ATOD), not on floor' means that the equipment is not available but will be acquired by the commercial hot site providerON a best effort basis. This leaves the customer at the mercy of the marketplace. If equipment is not immediately available, the recovery will be delayed. Many commercial providers do require sharing facilities in cases where there are multiple simultaneous declarations, and that priority may be established on a first- come, first-served basis. It is also common for the provider to substitute equivalent or better equipment, as they are frequently upgrading and changing equipment.
2. Right Answer: B
Explanation: An assessment should be conducted to determine whether any permanent damage occurred and the overall system status. It is not necessary at this point to rebuild any servers. An impact analysis of the outage or isolating the demilitarized zone (DMZ) or screen subnet will not provide any immediate benefit.
3. Right Answer: A
Explanation: In a major disaster, staff can be injured or can be prevented from traveling to the hot site, so technical skills and business knowledge can be lost. It is therefore critical to maintain an updated copy of the detailed recovery plan at an offsite location. Continuity of the business requires adequate network redundancy, hot site infrastructure that is certified as compatible and clear criteria for declaring a disaster. Ideally, the business continuity program addresses all of these satisfactorily.However, in a disaster situation, where all these elements are present, but without the detailed technical plan, business recovery will be seriously impaired.
4. Right Answer: B
Explanation: Recovery criteria, indicating the circumstances under which specific actions are undertaken, should be contained within a business continuity policy. Telephone trees, business impact assessments (BIAs) and listings of critical backup files are too detailed to include in a policy document.
5. Right Answer: D
Explanation: The most important function of an intrusion detection system (IDS) is to identify potential attacks on the network. Identifying how the attack was launched is secondary. It is not designed specifically to identify weaknesses in network security or to identify patterns of suspicious logon attempts.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment