c2b_default

Hello World 1 Questions

Hello World 1 Questions

Hello World 1 Questions

99
0.0 (0)

Set of flashcards Details

Flashcards 99
Language Deutsch
Category Religion/Ethics
Level Primary School
Created / Updated 18.11.2013 / 09.06.2024
Weblink
https://card2brain.ch/box/hello_world_1_questions
Embed
<iframe src="https://card2brain.ch/box/hello_world_1_questions/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
Study
Tightly integrated IT systems are most likely to be affected by: A) aggregated risk B) systemic risk C) operational risk D) cascading risk

D

An information security strategy containing specific links to an organization's business activities is primarily an indicator of: A) performance measurement B) integration C) alignment D) value delivery

C
The most effective method to conduct a risk assessment on an internal system in an organization is to start by understanding the: A) performance metrics and indicators B) policies and standards C) recent audit findings and recommendations D) systems and its subsystems

D

The acceptability of a partial system recovery after a security incident is most likely to be based on the: A) ability to resume normal operations B) maximum tolerable outage C) service delivery objective D) acceptable interruption window

C

Which of the following is the most effective method to ensure that a business continuity plan meets on organization's needs? A) require quarterly updating of the BCP B) automate the survey of plan owners to obtain input to the plan C) Periodically test the cross-departmental plan with varied scenarios D) conduct face-to-face meetings with management for discussion and analysis

C

The most complete business case for security solutions is one that: A) includes appropriate justification B) explains the current risk profile C) details regulatory requirements D) identifies incidents and losses

A
The primary reason for senior management review of information security incidents is to: A) ensure adequate corrective actions were implemented B) demonstrate management commitment C) evaluate the incident response process for deficiencies D) evaluate the ability of the security team

A

Which of the following is the greatest benefit of a risk aware culture: A) issues are escalated when suspicious activity is noticed B) controls are double checked to anticipate any issues C) individuals communicate with peers for knowledge sharing D) Employees are self-motivated to learn about costs and benefits

A

A primary characteristic of a well-established information security culture is an alignment of: A) information security and business objectives B) security controls within information technology C) concurrent security strategies D) values to protect corporate assets

D

Which of the following is the primary prerequisite to implementing data classification within an organization? A) defining job roles B) perform risk assessments C) identifying data owners D) establish data retention policies

C
Which of the following risk assessment outputs is most suitable to help justifying an organizational information security program? A) an inventory of risk that may impact the enterprise B) documented threats to the enterprise C) evaluation of consequences D) a list of appropriate controls for reducing or eliminating risk

D

Which of the following tests gives the most assurance that a business continuity plan works without potentially impacting business operations: A) checklist test B) simulation test C) walk-through test D) full operational test

B

The primary objective for information security program development should be: A) conduct a risk assessment B) establish incident response program C) identifying and implementing the best security solution D) reducing the impact of risk in the business

D

Which of the following is the most important consideration when developing an information security strategy? A) resources available to implement the program B) Compliance with legal and regulatory constraints C) Effectiveness of risk management D) resources required to implement the strategy

C
Which of the following is the most important objective of data protection? A) identifying people who need access to information B) ensuring the integrity of information C) denying or authorizing access to the IS system D) monitoring logical access

B

Which of the following should be included in an annual information security budget that is submitted for management approval: A) a cost-benefit analysis of budgeted resources B) all of the resources that are recommended by the business C) total cost of ownership D) baseline comparisons

A

Which of the following is a benefit of information security governance: A) reduction of potential for civil or legal liability B) questioning trust in the vendor relationships C) increasing risk of decisions based on incomplete management information D) direct involvement of senior management in developing control processes

A

In the risk management process, a cost-benefit analysis is mainly performed: A) as part of an initial risk B) as part of risk response planning C) during an information asset valuation D) when insurance is calculated for risk

B
Which of the following is the best reason to perform a business impact analysis? A) the help determine the current state of risk B) to budget appropriately for needed controls C) to satisfy regulatory requirements D) to analyze the effect on the business

A

Which of the following statements concerning the risk is true? A) responsibility can not be transferred B) transferring risk is a form of mitigation C) transferring risk eliminates the risk D) risk cannot be transferred

A

The most important reason for aligning information security governance with corporate governance is to: A) maximize the cost-effectiveness of controls B) demonstrate the information security understands the requirements C) provide operational inconsistency D) minimize the number of regulations required

A

Which of the following disaster recovery testing techniques is the most cost-effective way to determine the effectiveness of the plan? A) preparedness tests B) paper test C) full operational test D) actual service disruption

A
Which of the following would a security manager establish to determine the target for restoration of normal processing? A) recovery time objective B) maximum tolerable outage C) recovery point objective D) service delivery objective

A

The first step in developing a business case is to: A) determine the probability of success B) calculate the return of investment C) analyze the cost-effectiveness D) define the issues to be addressed

D

The fact that an organization may suffer a significant disruption as a result of a DDoS is considered: A) an intrinsic risk B) a systemic risk C) a residual risk D) an operational risk

D

Which of the following would be the first step when developing a business case for an information security investment: A) defining the objectives B) calculating the cost C) defining the need D) analyzing the cost-effectiveness

C

Which of the following authentication methods prevents authentication reply? A) password hash implementation B) challenge response C) WEP D) HTTP basic authentication

B

Which of the following factors affect the extent to which controls should be layered? A) impact on productivity B) common failure modes C) maintenance cost of controls D) controls that fail in a closed condition

B

Once the objective of performing a security review has been defined, the next step for the information security manager is to determine: A) constraints B) approach C) scope D) results

C

The most effective technical approach to mitigate the risk of confidential information being disclosed in e-mail attachments is to implement: A) content filtering B) data classification C) information security awareness D) encryption of all attachments

A

CISO is given a task to create information security procedures for all departments in the company. Which one of the following groups should the CISO initially approach? A) legal department B) end users C) Senior management D) operations department

D

A new deposit system has been developed. The development team maintained good communication with the BCP team and the BCP has been updated to include the new system. What would be a suitable BCP test to perform at this point of time? A) using actual resource to simulate a crash B) a detailed paper walk-through of the plan C) a pen test D) performing a failover to the system at the designated secondary site

A

an organization keeps backup tapes of its servers at a warm site. To ensure that the tapes are properly maintained and usable during a system crash, the most appropriate measure the organization should perform is to: A) use test equipment in the warm site facility to read the tapes B) retrieve the tapes from the warm site and test them C) have duplicate equipment available at the warm site D) inspect the facility and inventory the tapes on a quarterly basis

B

In a business critical application, where share access to elevated privileges by a small group is necessary, the best approach to implement SoD is to: A) ensure access to individual functions can be granted to individual users only B) implement role-based access control in the application C) enforce manual procedures ensuring separation of conflicting duties D) create service accounts that can only be used by authorized team members

B

Which of the following is not a reason for using risk assessment approach to determine the functional areas to be audited/reviewed? A) risk assessments permits an equal allocation of limited audit resources to the areas of highest risk B) risk assessment ensures that relevant information has been obtained from all levels of management C) risk assessment establishes a basis for managing the audit or security department effectively D) risk assessment provides a summary depicting how each audit subject is related to others as well as to the business plan

A

During a security review of organizational servers it was found that a file server containing human resources data was accessible to all user Ids. As a first step, the security manager should: A) copy sample files as evidence B) remove access privileges to the folder containing the data C) report the situation to the data owner D) train the HR team on properly controlling the file permissions

C

The computer security incident response team of an organization disseminates detailed descriptions of recent threats. The IS auditor's greatest concern should be that the users may: A) use this information to launch attacks B) forward the security alert C) implement individual solutions D) fail to understand the threat

A

You observe the no formal risk assessment exercise has been carried out for the various business applications to arrive a theirs relative importance and recovery time requirements. The risk that the company is exposed to is that the: A) business continuity plan may not have been calibrated to the relative risk that disruption of each application poses to the organization B) business continuity plan may not include all relevant applications and therefore may lack completeness in terms of coverage C) business impact of a disaster may not have been accurately understood by management D) business continuity plan may lack an effective ownership by the business owners of such applications

A

During a BCP test, one department discovered that its new software application was not going to be restored soon enough to meet the needs of the business. This situation can be avoided by: A) conducting periodic and event-derived business impact analysis to determine the needs of the business during recovery B) assigning new applications a higher degree of importance and scheduling them for recovery first C) developing help-desk ticket process that allows departments to request reverie of software during disaster D) conducting a thorough risk assessment prior to purchasing the software

A

Many organizations requires employees to take a mandatory one-week vacation each year primarily because the organization wants to ensure that: A) adequate cross-training exists between all functions of the organization B) employee morale and satisfaction is maintained to help ensure an effective internal control environment C) potential irregularities in processing are identified by temporarily replacing an employee in the job function D) employee satisfaction is maintained to reduce the risk of processing errors

C

Study