CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 96
1. Which of the following is the MOST important reason why information security objectives should be defined?
A) Tool for measuring effectiveness
B) General understanding of goals
C) Consistency with applicable standards
D) Management sign-off and support initiatives
2. What is the BEST policy for securing data on mobile universal serial bus (USB) drives?
A) Authentication
B) Encryption
C) Prohibit employees from copying data to USB devices
D) Limit the use of USB devices
3. When speaking to an organization's human resources department about information security, an information security manager should focus on the need for:
A) an adequate budget for the security program.
B) recruitment of technical IT employees.
C) periodic risk assessments.
D) security awareness training for employees.
4. Which of the following would BEST protect an organization's confidential data stored on a laptop computer from unauthorized access?
A) Strong authentication by password
B) Encrypted hard drives
C) Multifactor authentication procedures
D) Network-based data backup
5. What is the MOST important reason for conducting security awareness programs throughout an organization?
A) Reducing the human risk
B) Maintaining evidence of training records to ensure compliance
C) Informing business units about the security strategy
D) Training personnel in security incident response
A) Tool for measuring effectiveness
B) General understanding of goals
C) Consistency with applicable standards
D) Management sign-off and support initiatives
2. What is the BEST policy for securing data on mobile universal serial bus (USB) drives?
A) Authentication
B) Encryption
C) Prohibit employees from copying data to USB devices
D) Limit the use of USB devices
3. When speaking to an organization's human resources department about information security, an information security manager should focus on the need for:
A) an adequate budget for the security program.
B) recruitment of technical IT employees.
C) periodic risk assessments.
D) security awareness training for employees.
4. Which of the following would BEST protect an organization's confidential data stored on a laptop computer from unauthorized access?
A) Strong authentication by password
B) Encrypted hard drives
C) Multifactor authentication procedures
D) Network-based data backup
5. What is the MOST important reason for conducting security awareness programs throughout an organization?
A) Reducing the human risk
B) Maintaining evidence of training records to ensure compliance
C) Informing business units about the security strategy
D) Training personnel in security incident response
1. Right Answer: A
Explanation: The creation of objectives can be used in part as a source of measurement of the effectiveness of information security management, which feeds into the overall governance. General understanding of goals and consistency with applicable standards are useful, but are not the primary reasons for having clearly defined objectives. Gaining management understanding is important, but by itself will not provide the structure for governance.
2. Right Answer: B
Explanation: Encryption provides the most effective protection of data on mobile devices. Authentication on its own is not very secure. Prohibiting employees from copying data to USB devices and limiting the use of USB devices are after the fact.
3. Right Answer: D
Explanation: An information security manager has to impress upon the human resources department the need for security awareness training for all employees. Budget considerations are more of an accounting function. The human resources department would become involved once they are convinced for the need of security awareness training. Recruiting IT-savvy staff may bring in new employees with better awareness of information security, but that is not a replacement for the training requirements of the other employees. Periodic risk assessments may or may not involve the human resources department function.
4. Right Answer: B
Explanation: Encryption of the hard disks will prevent unauthorized access to the laptop even when the laptop is lost or stolen. Strong authentication by password can be bypassed by a determined hacker. Multifactor authentication can be bypassed by removal of the hard drive and insertion into another laptop. Network- based data backups do not prevent access but rather recovery from data loss.
5. Right Answer: A
Explanation: People are the weakest link in security implementation, and awareness would reduce this risk. Through security awareness and training programs, individual employees can be informed and sensitized on various security policies and other security topics, thus ensuring compliance from each individual. Laws and regulations also aim to reduce human risk. Informing business units about the security strategy is best done through steering committee meetings or other forums.
Explanation: The creation of objectives can be used in part as a source of measurement of the effectiveness of information security management, which feeds into the overall governance. General understanding of goals and consistency with applicable standards are useful, but are not the primary reasons for having clearly defined objectives. Gaining management understanding is important, but by itself will not provide the structure for governance.
2. Right Answer: B
Explanation: Encryption provides the most effective protection of data on mobile devices. Authentication on its own is not very secure. Prohibiting employees from copying data to USB devices and limiting the use of USB devices are after the fact.
3. Right Answer: D
Explanation: An information security manager has to impress upon the human resources department the need for security awareness training for all employees. Budget considerations are more of an accounting function. The human resources department would become involved once they are convinced for the need of security awareness training. Recruiting IT-savvy staff may bring in new employees with better awareness of information security, but that is not a replacement for the training requirements of the other employees. Periodic risk assessments may or may not involve the human resources department function.
4. Right Answer: B
Explanation: Encryption of the hard disks will prevent unauthorized access to the laptop even when the laptop is lost or stolen. Strong authentication by password can be bypassed by a determined hacker. Multifactor authentication can be bypassed by removal of the hard drive and insertion into another laptop. Network- based data backups do not prevent access but rather recovery from data loss.
5. Right Answer: A
Explanation: People are the weakest link in security implementation, and awareness would reduce this risk. Through security awareness and training programs, individual employees can be informed and sensitized on various security policies and other security topics, thus ensuring compliance from each individual. Laws and regulations also aim to reduce human risk. Informing business units about the security strategy is best done through steering committee meetings or other forums.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment