CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 19
1. To achieve effective strategic alignment of security initiatives, it is important that:
A) Steering committee leadership be selected by rotation.
B) Inputs be obtained and consensus achieved between the major organizational units.
C) The business strategy be updated periodically.
D) Procedures and standards be approved by all departmental heads.
2. What would be the MOST significant security risks when using wireless local area network (LAN) technology?
A) Man-in-the-middle attack
B) Spoofing of data packets
C) Rogue access point
D) Session hijacking
3. When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?
A) Business management
B) Operations manager
C) Information security manager
D) System users
4. In implementing information security governance, the information security manager is PRIMARILY responsible for:
A) developing the security strategy.
B) reviewing the security strategy.
C) communicating the security strategy.
D) approving the security strategy
5. An information security strategy document that includes specific links to an organization's business activities is PRIMARILY an indicator of:
A) performance measurement.
B) integration.
C) alignment.
D) value delivery.
A) Steering committee leadership be selected by rotation.
B) Inputs be obtained and consensus achieved between the major organizational units.
C) The business strategy be updated periodically.
D) Procedures and standards be approved by all departmental heads.
2. What would be the MOST significant security risks when using wireless local area network (LAN) technology?
A) Man-in-the-middle attack
B) Spoofing of data packets
C) Rogue access point
D) Session hijacking
3. When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?
A) Business management
B) Operations manager
C) Information security manager
D) System users
4. In implementing information security governance, the information security manager is PRIMARILY responsible for:
A) developing the security strategy.
B) reviewing the security strategy.
C) communicating the security strategy.
D) approving the security strategy
5. An information security strategy document that includes specific links to an organization's business activities is PRIMARILY an indicator of:
A) performance measurement.
B) integration.
C) alignment.
D) value delivery.
1. Right Answer: B
Explanation: It is important to achieve consensus on risks and controls, and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization. Rotation of steering committee leadership does not help in achieving strategic alignment. Updating business strategy does not lead to strategic alignment of security initiatives. Procedures and standards need not be approved by all departmental heads
2. Right Answer: C
Explanation: A rogue access point masquerades as a legitimate access point The risk is that legitimate users may connect through this access point and have their traffic monitored. All other choices are not dependent on the use of a wireless local area network (LAN) technology.
3. Right Answer: C
Explanation: The escalation process in critical situations should involve the information security manager as the first contact so that appropriate escalation steps are invoked as necessary. Choices A, B and D would be notified accordingly.
4. Right Answer: A
Explanation: The information security manager is responsible for developing a security strategy based on business objectives with the help of business process owners.Reviewing the security strategy is the responsibility of a steering committee. The information security manager is not necessarily responsible for communicating or approving the security strategy.
5. Right Answer: C
Explanation: Strategic alignment of security with business objectives is a key indicator of performance measurement. In guiding a security program, a meaningful performance measurement will also rely on an understanding of business objectives, which will be an outcome of alignment. Business linkages do not by themselves indicate integration or value delivery. While alignment is an important precondition, it is not as important an indicator.
Explanation: It is important to achieve consensus on risks and controls, and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization. Rotation of steering committee leadership does not help in achieving strategic alignment. Updating business strategy does not lead to strategic alignment of security initiatives. Procedures and standards need not be approved by all departmental heads
2. Right Answer: C
Explanation: A rogue access point masquerades as a legitimate access point The risk is that legitimate users may connect through this access point and have their traffic monitored. All other choices are not dependent on the use of a wireless local area network (LAN) technology.
3. Right Answer: C
Explanation: The escalation process in critical situations should involve the information security manager as the first contact so that appropriate escalation steps are invoked as necessary. Choices A, B and D would be notified accordingly.
4. Right Answer: A
Explanation: The information security manager is responsible for developing a security strategy based on business objectives with the help of business process owners.Reviewing the security strategy is the responsibility of a steering committee. The information security manager is not necessarily responsible for communicating or approving the security strategy.
5. Right Answer: C
Explanation: Strategic alignment of security with business objectives is a key indicator of performance measurement. In guiding a security program, a meaningful performance measurement will also rely on an understanding of business objectives, which will be an outcome of alignment. Business linkages do not by themselves indicate integration or value delivery. While alignment is an important precondition, it is not as important an indicator.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment