CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 194
1. To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs?
A) Database server
B) Domain name server (DNS)
C) Time server
D) Proxy server
2. An organization has been experiencing a number of network-based security attacks that all appear to originate internally. The BEST course of action is to:
A) require the use of strong passwords.
B) assign static IP addresses.
C) implement centralized logging software.
D) install an intrusion detection system (IDS).
3. A serious vulnerability is reported in the firewall software used by an organization. Which of the following should be the immediate action of the information security manager?
A) Ensure that all OS patches are up-to-date
B) Block inbound traffic until a suitable solution is found
C) Obtain guidance from the firewall manufacturer
D) Commission a penetration test
4. An organization keeps backup tapes of its servers at a warm site. To ensure that the tapes are properly maintained and usable during a system crash, the MOST appropriate measure the organization should perform is to:
A) use the test equipment in the warm site facility to read the tapes.
B) retrieve the tapes from the warm site and test them.
C) have duplicate equipment available at the warm site.
D) inspect the facility and inventory the tapes on a quarterly basis.
5. Which of the following processes is critical for deciding prioritization of actions in a business continuity plan?
A) Business impact analysis (BIA)
B) Risk assessment
C) Vulnerability assessment
D) Business process mapping
A) Database server
B) Domain name server (DNS)
C) Time server
D) Proxy server
2. An organization has been experiencing a number of network-based security attacks that all appear to originate internally. The BEST course of action is to:
A) require the use of strong passwords.
B) assign static IP addresses.
C) implement centralized logging software.
D) install an intrusion detection system (IDS).
3. A serious vulnerability is reported in the firewall software used by an organization. Which of the following should be the immediate action of the information security manager?
A) Ensure that all OS patches are up-to-date
B) Block inbound traffic until a suitable solution is found
C) Obtain guidance from the firewall manufacturer
D) Commission a penetration test
4. An organization keeps backup tapes of its servers at a warm site. To ensure that the tapes are properly maintained and usable during a system crash, the MOST appropriate measure the organization should perform is to:
A) use the test equipment in the warm site facility to read the tapes.
B) retrieve the tapes from the warm site and test them.
C) have duplicate equipment available at the warm site.
D) inspect the facility and inventory the tapes on a quarterly basis.
5. Which of the following processes is critical for deciding prioritization of actions in a business continuity plan?
A) Business impact analysis (BIA)
B) Risk assessment
C) Vulnerability assessment
D) Business process mapping
1. Right Answer: C
Explanation: To accurately reconstruct the course of events, a time reference is needed and that is provided by the time server. The other choices would not assist in the correlation and review of these logs.
2. Right Answer: D
Explanation: Installing an intrusion detection system (IDS) will allow the information security manager to better pinpoint the source of the attack so that countermeasures may then be taken. An IDS is not limited to detection of attacks originating externally. Proper placement of agents on the internal network can be effectively used to detect an internally based attack. Requiring the use of strong passwords will not be sufficiently effective against a network-based attack. Assigning IP addresses would not be effective since these can be spoofed. Implementing centralized logging software will not necessarily provide information on the source of the attack.
3. Right Answer: C
Explanation: The best source of information is the firewall manufacturer since the manufacturer may have a patch to fix the vulnerability or a workaround solution. Ensuring dial all OS patches are up-to-date is a best practice, in general, but will not necessarily address the reported vulnerability. Blocking inbound traffic may not be practical or effective from a business perspective. Commissioning a penetration test will take too much time and will not necessarily provide a solution for corrective actions.
4. Right Answer: B
Explanation: A warm site is not fully equipped with the company's main systems; therefore, the tapes should be tested using the company's production systems. Inspecting the facility and checking the tape inventory does not guarantee that the tapes are usable.
5. Right Answer: A
Explanation: A business impact analysis (BIA) provides results, such as impact from a security incident and required response times. The BIA is the most critical process for deciding which part of the information system/ business process should be given prioritization in case of a security incident. Risk assessment is a very important process for the creation of a business continuity plan. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures. but not in the prioritization. As in choice B, a vulnerability assessment provides information regarding the security weaknesses of the system, supporting the risk analysis process. Business process mapping facilitates the creation of the plan by providing mapping guidance on actions after the decision on critical business processes has been made-translating business prioritization to IT prioritization. Business process mapping does not help in making a decision, but in implementing a decision.
Explanation: To accurately reconstruct the course of events, a time reference is needed and that is provided by the time server. The other choices would not assist in the correlation and review of these logs.
2. Right Answer: D
Explanation: Installing an intrusion detection system (IDS) will allow the information security manager to better pinpoint the source of the attack so that countermeasures may then be taken. An IDS is not limited to detection of attacks originating externally. Proper placement of agents on the internal network can be effectively used to detect an internally based attack. Requiring the use of strong passwords will not be sufficiently effective against a network-based attack. Assigning IP addresses would not be effective since these can be spoofed. Implementing centralized logging software will not necessarily provide information on the source of the attack.
3. Right Answer: C
Explanation: The best source of information is the firewall manufacturer since the manufacturer may have a patch to fix the vulnerability or a workaround solution. Ensuring dial all OS patches are up-to-date is a best practice, in general, but will not necessarily address the reported vulnerability. Blocking inbound traffic may not be practical or effective from a business perspective. Commissioning a penetration test will take too much time and will not necessarily provide a solution for corrective actions.
4. Right Answer: B
Explanation: A warm site is not fully equipped with the company's main systems; therefore, the tapes should be tested using the company's production systems. Inspecting the facility and checking the tape inventory does not guarantee that the tapes are usable.
5. Right Answer: A
Explanation: A business impact analysis (BIA) provides results, such as impact from a security incident and required response times. The BIA is the most critical process for deciding which part of the information system/ business process should be given prioritization in case of a security incident. Risk assessment is a very important process for the creation of a business continuity plan. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures. but not in the prioritization. As in choice B, a vulnerability assessment provides information regarding the security weaknesses of the system, supporting the risk analysis process. Business process mapping facilitates the creation of the plan by providing mapping guidance on actions after the decision on critical business processes has been made-translating business prioritization to IT prioritization. Business process mapping does not help in making a decision, but in implementing a decision.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment