CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 95
1. In order to protect a network against unauthorized external connections to corporate systems, the information security manager should BEST implement:
A) a strong authentication.
B) IP antispoofing filtering.
C) network encryption protocol.
D) access lists of trusted devices.
2. The PRIMARY driver to obtain external resources to execute the information security program is that external resources can:
A) contribute cost-effective expertise not available internally.
B) be made responsible for meeting the security program requirements.
C) replace the dependence on internal resources.
D) deliver more effectively on account of their knowledge.
3. Priority should be given to which of the following to ensure effective implementation of information security governance?
A) Consultation
B) Negotiation
C) Facilitation
D) Planning
4. The MAIN reason for deploying a public key infrastructure (PKI) when implementing an information security program is to:
A) ensure the confidentiality of sensitive material.
B) provide a high assurance of identity.
C) allow deployment of the active directory.
D) implement secure sockets layer (SSL) encryption.
5. Which of the following controls would BEST prevent accidental system shutdown from the console or operations area?
A) Redundant power supplies
B) Protective switch covers
C) Shutdown alarms
D) Biometric readers
A) a strong authentication.
B) IP antispoofing filtering.
C) network encryption protocol.
D) access lists of trusted devices.
2. The PRIMARY driver to obtain external resources to execute the information security program is that external resources can:
A) contribute cost-effective expertise not available internally.
B) be made responsible for meeting the security program requirements.
C) replace the dependence on internal resources.
D) deliver more effectively on account of their knowledge.
3. Priority should be given to which of the following to ensure effective implementation of information security governance?
A) Consultation
B) Negotiation
C) Facilitation
D) Planning
4. The MAIN reason for deploying a public key infrastructure (PKI) when implementing an information security program is to:
A) ensure the confidentiality of sensitive material.
B) provide a high assurance of identity.
C) allow deployment of the active directory.
D) implement secure sockets layer (SSL) encryption.
5. Which of the following controls would BEST prevent accidental system shutdown from the console or operations area?
A) Redundant power supplies
B) Protective switch covers
C) Shutdown alarms
D) Biometric readers
1. Right Answer: A
Explanation: Strong authentication will provide adequate assurance on the identity of the users, while IP antispoofing is aimed at the device rather than the user. Encryption protocol ensures data confidentiality and authenticity while access lists of trusted devices are easily exploited by spoofed identity of the clients.
2. Right Answer: A
Explanation: Choice A represents the primary driver for the information security manager to make use of external resources. The information security manager will continue to be responsible for meeting the security program requirements despite using the services of external resources. The external resources should never completely replace the role of internal resources from a strategic perspective. The external resources cannot have a better knowledge of the business of the information security manager's organization than do the internal resources.
3. Right Answer: D
Explanation: Planning is the key to effective implementation of information security governance. Consultation, negotiation and facilitation come after planning.
4. Right Answer: B
Explanation: The primary purpose of a public key infrastructure (PKI) is to provide strong authentication. Confidentiality is a function of the session keys distributed by the PKI.An active directory can use PKI for authentication as well as using other means. Even though secure sockets layer (SSL) encryption requires keys to authenticate, it is not the main reason for deploying PKI.
5. Right Answer: B
Explanation: Protective switch covers would reduce the possibility of an individual accidentally pressing the power button on a device, thereby turning off the device. Redundant power supplies would not prevent an individual from powering down a device. Shutdown alarms would be after the fact. Biometric readers would be used to control access to the systems.
Explanation: Strong authentication will provide adequate assurance on the identity of the users, while IP antispoofing is aimed at the device rather than the user. Encryption protocol ensures data confidentiality and authenticity while access lists of trusted devices are easily exploited by spoofed identity of the clients.
2. Right Answer: A
Explanation: Choice A represents the primary driver for the information security manager to make use of external resources. The information security manager will continue to be responsible for meeting the security program requirements despite using the services of external resources. The external resources should never completely replace the role of internal resources from a strategic perspective. The external resources cannot have a better knowledge of the business of the information security manager's organization than do the internal resources.
3. Right Answer: D
Explanation: Planning is the key to effective implementation of information security governance. Consultation, negotiation and facilitation come after planning.
4. Right Answer: B
Explanation: The primary purpose of a public key infrastructure (PKI) is to provide strong authentication. Confidentiality is a function of the session keys distributed by the PKI.An active directory can use PKI for authentication as well as using other means. Even though secure sockets layer (SSL) encryption requires keys to authenticate, it is not the main reason for deploying PKI.
5. Right Answer: B
Explanation: Protective switch covers would reduce the possibility of an individual accidentally pressing the power button on a device, thereby turning off the device. Redundant power supplies would not prevent an individual from powering down a device. Shutdown alarms would be after the fact. Biometric readers would be used to control access to the systems.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment