CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 222
1. Which of the following provides the GREATEST assurance that an organization allocates appropriate resources to respond to information security events?
A) Threat analysis and intelligence reports
B) Incident classification procedures
C) Information security policies and standards
D) An approved IT staffing plan
2. Which of the following should occur FIRST in the process of managing security risk associated with the transfer of data from unsupported legacy systems to supported systems?
A) Make backups of the affected systems prior to transfer.
B) Increase cyber insurance coverage.
C) Identify all information assets in the legacy environment.
D) Assign owners to be responsible for the transfer of each asset.
3. When reviewing the security controls of an application service provider, an information security manager discovers the provider's change management controls are insufficient. Changes to the provided application often occur spontaneously with no notification to clients. Which of the following would BEST facilitate a decision to continue or discontinue services with this provider?
A) Comparing the client organization's risk appetite to the disaster recovery plan of the service provider.
B) Comparing the client organization's risk appetite to the criticality of the supplied application.
C) Comparing the client organization's risk appetite to the frequency of application downtimes.
D) Comparing the client organization's risk appetite to the vendor's change control policy.
4. Which of the following would provide the MOST essential input for the development of an information security strategy?
A) Measurement of security performance against IT goals
B) Results of an information security gap analysis
C) Availability of capable information security resources
D) Results of a technology risk assessment
5. An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies?
A) Require annual signed agreements of adherence to security policies.
B) Include penalties for noncompliance in the contracting agreement.
C) Perform periodic security assessments of the contractors' activities.
D) Conduct periodic vulnerability scans of the application.
A) Threat analysis and intelligence reports
B) Incident classification procedures
C) Information security policies and standards
D) An approved IT staffing plan
2. Which of the following should occur FIRST in the process of managing security risk associated with the transfer of data from unsupported legacy systems to supported systems?
A) Make backups of the affected systems prior to transfer.
B) Increase cyber insurance coverage.
C) Identify all information assets in the legacy environment.
D) Assign owners to be responsible for the transfer of each asset.
3. When reviewing the security controls of an application service provider, an information security manager discovers the provider's change management controls are insufficient. Changes to the provided application often occur spontaneously with no notification to clients. Which of the following would BEST facilitate a decision to continue or discontinue services with this provider?
A) Comparing the client organization's risk appetite to the disaster recovery plan of the service provider.
B) Comparing the client organization's risk appetite to the criticality of the supplied application.
C) Comparing the client organization's risk appetite to the frequency of application downtimes.
D) Comparing the client organization's risk appetite to the vendor's change control policy.
4. Which of the following would provide the MOST essential input for the development of an information security strategy?
A) Measurement of security performance against IT goals
B) Results of an information security gap analysis
C) Availability of capable information security resources
D) Results of a technology risk assessment
5. An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies?
A) Require annual signed agreements of adherence to security policies.
B) Include penalties for noncompliance in the contracting agreement.
C) Perform periodic security assessments of the contractors' activities.
D) Conduct periodic vulnerability scans of the application.
1. Right Answer: C
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: B
Explanation:
5. Right Answer: C
Explanation:
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: B
Explanation:
5. Right Answer: C
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment