CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 204
1. The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program?
A) Utilization of an intrusion detection system to report incidents
B) Mandating the use of passwords to access all software
C) Installing an efficient user log system to track the actions of each user
D) Training provided on a regular basis to all current and new employees
2. Which of the following is MOST critical for the successful implementation and maintenance of a security policy?
A) Assimilation of the framework and intent of a written security policy by all appropriate parties
B) Management support and approval for the implementation and maintenance of a security policy
C) Enforcement of security rules by providing punitive actions for any violation of security rules
D) Stringent implementation, monitoring and enforcing of rules by the security officer through access control software
3. A comprehensive and effective e-mail policy should address the issues of e-mail structure, policy enforcement, monitoring and:
A) recovery.
B) retention.
C) rebuilding.
D) reuse.
4. In an organization where an IT security baseline has been defined, an IS auditor should FIRST ensure:
A) implementation.
B) compliance.
C) documentation.
D) sufficiency.
5. To ensure an organization is complying with privacy requirements, an IS auditor should FIRST review:
A) the IT infrastructure.
B) organizational policies, standards and procedures.
C) legal and regulatory requirements.
D) the adherence to organizational policies, standards and procedures.
A) Utilization of an intrusion detection system to report incidents
B) Mandating the use of passwords to access all software
C) Installing an efficient user log system to track the actions of each user
D) Training provided on a regular basis to all current and new employees
2. Which of the following is MOST critical for the successful implementation and maintenance of a security policy?
A) Assimilation of the framework and intent of a written security policy by all appropriate parties
B) Management support and approval for the implementation and maintenance of a security policy
C) Enforcement of security rules by providing punitive actions for any violation of security rules
D) Stringent implementation, monitoring and enforcing of rules by the security officer through access control software
3. A comprehensive and effective e-mail policy should address the issues of e-mail structure, policy enforcement, monitoring and:
A) recovery.
B) retention.
C) rebuilding.
D) reuse.
4. In an organization where an IT security baseline has been defined, an IS auditor should FIRST ensure:
A) implementation.
B) compliance.
C) documentation.
D) sufficiency.
5. To ensure an organization is complying with privacy requirements, an IS auditor should FIRST review:
A) the IT infrastructure.
B) organizational policies, standards and procedures.
C) legal and regulatory requirements.
D) the adherence to organizational policies, standards and procedures.
1. Right Answer: D
Explanation: Utilizing an intrusion detection system to report on incidents that occur is an implementation of a security program and is not effective in establishing a security awareness program. Choices B and C do not address awareness. Training is the only choice that is directed at security awareness.
2. Right Answer: A
Explanation: Assimilation of the framework and intent of a written security policy by the users of the system is critical to the successful implementation and maintenance of the security policy. A good password system may exist, but if the users of the system keep passwords written on their desk, the password is of little value.Management support and commitment is no doubt important, but for successful implementation and maintenance of security policy, educating the users on the importance of security is paramount. The stringent implementation, monitoring and enforcing of rules by the security officer through access control software, and provision for punitive actions for violation of security rules, is also required, along with the user's education on the importance of security.
3. Right Answer: B
Explanation: Besides being a good practice, laws and regulations may require that an organization keep information that has an impact on the financial statements. The prevalence of lawsuits in which e- mail communication is held in the same regard as the official form of classic 'paper* makes the retention of corporate e-mail a necessity. All e-mail generated on an organization's hardware is the property of the organization, and an e-mail policy should address the retention of messages, considering both known and unforeseen litigation. The policy should also address the destruction of e-mails after a specified time to protect the nature and confidentiality of the messages themselves. Addressing the retention issue in the e-mail policy would facilitate recovery, rebuilding and reuse.
4. Right Answer: D
Explanation: An IS auditor should first evaluate the definition of the minimum baseline level by ensuring the sufficiency of controls. Documentation, implementation and compliance are further steps.
5. Right Answer: C
Explanation: To ensure that the organization is complying with privacy issues, an IS auditor should address legal and regulatory requirements first. To comply with legal and regulatory requirements, organizations need to adopt the appropriate infrastructure. After understanding the legal and regulatory requirements, an IS auditor should evaluate organizational policies, standards and procedures to determine whether they adequately address the privacy requirements, and then review the adherence to these specific policies, standards and procedures.
Explanation: Utilizing an intrusion detection system to report on incidents that occur is an implementation of a security program and is not effective in establishing a security awareness program. Choices B and C do not address awareness. Training is the only choice that is directed at security awareness.
2. Right Answer: A
Explanation: Assimilation of the framework and intent of a written security policy by the users of the system is critical to the successful implementation and maintenance of the security policy. A good password system may exist, but if the users of the system keep passwords written on their desk, the password is of little value.Management support and commitment is no doubt important, but for successful implementation and maintenance of security policy, educating the users on the importance of security is paramount. The stringent implementation, monitoring and enforcing of rules by the security officer through access control software, and provision for punitive actions for violation of security rules, is also required, along with the user's education on the importance of security.
3. Right Answer: B
Explanation: Besides being a good practice, laws and regulations may require that an organization keep information that has an impact on the financial statements. The prevalence of lawsuits in which e- mail communication is held in the same regard as the official form of classic 'paper* makes the retention of corporate e-mail a necessity. All e-mail generated on an organization's hardware is the property of the organization, and an e-mail policy should address the retention of messages, considering both known and unforeseen litigation. The policy should also address the destruction of e-mails after a specified time to protect the nature and confidentiality of the messages themselves. Addressing the retention issue in the e-mail policy would facilitate recovery, rebuilding and reuse.
4. Right Answer: D
Explanation: An IS auditor should first evaluate the definition of the minimum baseline level by ensuring the sufficiency of controls. Documentation, implementation and compliance are further steps.
5. Right Answer: C
Explanation: To ensure that the organization is complying with privacy issues, an IS auditor should address legal and regulatory requirements first. To comply with legal and regulatory requirements, organizations need to adopt the appropriate infrastructure. After understanding the legal and regulatory requirements, an IS auditor should evaluate organizational policies, standards and procedures to determine whether they adequately address the privacy requirements, and then review the adherence to these specific policies, standards and procedures.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment