CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 221
1. An information security manager determines the organization's critical systems may be vulnerable to a new zero-day attack. The FIRST course of action is to:
A) advise management of risk and remediation cost.
B) analyze the probability of compromise.
C) survey peer organizations to see how they have addressed the issue.
D) re-assess the firewall configuration.
2. Who should determine data access requirements for an application hosted at an organization's data center?
A) Business owner
B) Information security manager
C) Systems administrator
D) Data custodian
3. When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:
A) reduce the costs of future preventive controls.
B) provide metrics for reporting to senior management.
C) learn of potential areas of improvement.
D) verify compliance with the service level agreement (SLA).
4. Which of the following provides the MOST relevant information to determine the overall effectiveness of an information security program and underlying business processes?
A) Balanced scorecard
B) Cost-benefit analysis
C) Industry benchmarks
D) SWOT analysis
5. Which of the following is the FIRST step to perform before outsourcing critical information processing to a third party?
A) Require background checks for third-party employees.
B) Perform a risk assessment.
C) Ensure that risks are formally accepted by third party.
D) Negotiate a service level agreement.
A) advise management of risk and remediation cost.
B) analyze the probability of compromise.
C) survey peer organizations to see how they have addressed the issue.
D) re-assess the firewall configuration.
2. Who should determine data access requirements for an application hosted at an organization's data center?
A) Business owner
B) Information security manager
C) Systems administrator
D) Data custodian
3. When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:
A) reduce the costs of future preventive controls.
B) provide metrics for reporting to senior management.
C) learn of potential areas of improvement.
D) verify compliance with the service level agreement (SLA).
4. Which of the following provides the MOST relevant information to determine the overall effectiveness of an information security program and underlying business processes?
A) Balanced scorecard
B) Cost-benefit analysis
C) Industry benchmarks
D) SWOT analysis
5. Which of the following is the FIRST step to perform before outsourcing critical information processing to a third party?
A) Require background checks for third-party employees.
B) Perform a risk assessment.
C) Ensure that risks are formally accepted by third party.
D) Negotiate a service level agreement.
1. Right Answer: B
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: B
Explanation:
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: B
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment