CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 188
1. When performing a business impact analysis (BIA), which of the following should calculate the recovery time and cost estimates?
A) Business continuity coordinator
B) Information security manager
C) Business process owners
D) Industry averages benchmarks
2. Which of the following is MOST closely associated with a business continuity program?
A) Confirming that detailed technical recovery plans exist
B) Periodically testing network redundancy
C) Updating the hot site equipment configuration every quarter
D) Developing recovery time objectives (RTOs) for critical functions
3. Which of the following application systems should have the shortest recovery time objective (RTO)?
A) Contractor payroll
B) Change management
C) E-commerce web site
D) Fixed asset system
4. A computer incident response team (CIRT) manual should PRIMARILY contain which of the following documents?
A) Risk assessment results
B) Severity criteria
C) Emergency call tree directory
D) Table of critical backup files
5. The PRIMARY purpose of performing an internal attack and penetration test as part of an incident response program is to identify:
A) weaknesses in network and server security.
B) ways to improve the incident response process.
C) potential attack vectors on the network perimeter.
D) the optimum response to internal hacker attacks.
A) Business continuity coordinator
B) Information security manager
C) Business process owners
D) Industry averages benchmarks
2. Which of the following is MOST closely associated with a business continuity program?
A) Confirming that detailed technical recovery plans exist
B) Periodically testing network redundancy
C) Updating the hot site equipment configuration every quarter
D) Developing recovery time objectives (RTOs) for critical functions
3. Which of the following application systems should have the shortest recovery time objective (RTO)?
A) Contractor payroll
B) Change management
C) E-commerce web site
D) Fixed asset system
4. A computer incident response team (CIRT) manual should PRIMARILY contain which of the following documents?
A) Risk assessment results
B) Severity criteria
C) Emergency call tree directory
D) Table of critical backup files
5. The PRIMARY purpose of performing an internal attack and penetration test as part of an incident response program is to identify:
A) weaknesses in network and server security.
B) ways to improve the incident response process.
C) potential attack vectors on the network perimeter.
D) the optimum response to internal hacker attacks.
1. Right Answer: C
Explanation: Business process owners are in the best position to understand the true impact on the business that a system outage would create. The business continuity coordinator, industry averages and even information security will not be able to provide that level of detailed knowledge.
2. Right Answer: D
Explanation: Technical recovery plans, network redundancy and equipment needs are all associated with infrastructure disaster recovery. Only recovery time objectives (RTOs) directly relate to business continuity.
3. Right Answer: C
Explanation: In most businesses where an e-commerce site is in place, it would need to be restored in a matter of hours, if not minutes. Contractor payroll, change management and fixed assets would not require as rapid a recovery time.
4. Right Answer: B
Explanation: Quickly ranking the severity criteria of an incident is a key element of incident response. The other choices refer to documents that would not likely be included in a computer incident response team (CIRT) manual.
5. Right Answer: A
Explanation: An internal attack and penetration test are designed to identify weaknesses in network and server security. They do not focus as much on incident response or the network perimeter.
Explanation: Business process owners are in the best position to understand the true impact on the business that a system outage would create. The business continuity coordinator, industry averages and even information security will not be able to provide that level of detailed knowledge.
2. Right Answer: D
Explanation: Technical recovery plans, network redundancy and equipment needs are all associated with infrastructure disaster recovery. Only recovery time objectives (RTOs) directly relate to business continuity.
3. Right Answer: C
Explanation: In most businesses where an e-commerce site is in place, it would need to be restored in a matter of hours, if not minutes. Contractor payroll, change management and fixed assets would not require as rapid a recovery time.
4. Right Answer: B
Explanation: Quickly ranking the severity criteria of an incident is a key element of incident response. The other choices refer to documents that would not likely be included in a computer incident response team (CIRT) manual.
5. Right Answer: A
Explanation: An internal attack and penetration test are designed to identify weaknesses in network and server security. They do not focus as much on incident response or the network perimeter.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment