Set of flashcards Hello World 1 Questions (Page 2 of 3)

Flashcards	99
Language	Deutsch
Category	Religion/Ethics
Level	Primary School
Created / Updated	18.11.2013 / 09.06.2024
Weblink	https://card2brain.ch/box/hello_world_1_questions
Embed	<iframe src="https://card2brain.ch/box/hello_world_1_questions/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>

Which of the following statements on exposure is false? A) Exposure is the amount of damage and loss that an organization may suffer when a risk materialized B) Exposure is an adverse event that may cause harm to an organization's asset C) Exposure can determine how critical a threat is to an organization D) Exposure can be measured using quantitative and qualitative methods

B

Which of the following is the greatest risk of an inadequate policy definition for ownership of data and systems? A) user management coordination does not exist B) specific user accountability cannot be established C) unauthorized users may have access to originate, modify or delete data D) audit recommendations may not be implemented

C

IS management is considering a VoIP network to reduce telecommunication costs and management asked the IS auditor to comment on appropriate security controls. Which of the following security measures is most appropriate? A) review and where necessary upgrade firewall capabilities B) install modems to allow remote maintenance support access C) create a physically distinct network to handle the VoIP traffic D) redirect all VoIP traffic to allow clear text logging of authentication credentials

A

An operation system noncritical patch to enhance system security cannot be applied because a critical application is not compatible with the change. Which of the following is the best solution? A) Rewrite the application to confirm to the upgraded operating system B) Compensate for not installing the patch with mitigating controls C) After the patch to allow the application to run in a privileged state D) Run application on a test platform, tune production to allow patch and application

B

An information security manager has implemented procedures for monitoring specific activities on the network. The system administrator has been trained to analyze the network events, take appropriate action and provide reports to the information security manager. What additional monitoring should be implemented to give a more accurate, risk-based view of the network activity? A) the system administrator should be monitored by a separate reviewer B) all activity on the network should be monitored C) no additional monitoring is needed in the situation D) monitoring should be done only by the information security manager

A

Which one of the following statements about the information security architecture is least likely to be correct? A) It provides a framework to produce high level policy statements and strategies, detailed specifications, guidelines, standard and job descriptions B) it describes the form, appearance, function and location of information security processes C) it provides a common basis for the design, development, implementation and management of the information security process D) it provides the basis on which the enterprise's technology architecture will be selected and implemented

A

The primary purpose of IT forensics is: A) to participate in investigations related to corporate fraud B) the systematic collection of evidence after a system irregularity C) to assess the correctness of an organization's financial statements D) to determine that there has been criminal activity

B

The primary objective of an audit of IT security policies is to ensure that: A) they are distributed and available to all staff B) security and control policies support business and IT objectives C) there is a published organizational chart with functional descriptions D) duties are appropriately segregated

B

An organization's information security processes are currently defined as ad hoc. In seeking to improve their performance level, the next step for the organization should be to: A) ensure that security processes are consistent across the organization B) enforce baseline security levels across the organization C) ensure that security processes are fully documented D) implement monitoring of KPI for security processes

A

Which of the following documents will provide the least understanding of the basic organizational structure of an IS department? A) personnel policies and procedures B) departmental procedures and manuals C) job descriptions and key positions D) performance appraisals of management

A

The clerk changed the interest rate for a loan on a master file. The rate entered is outside the normal range. Which of the following controls is most effective in providing a reasonable assurance that the change was authorized? A) the system will not process the change until the clerk's manager confirms the change by entering an approval code B) the system generates a weekly report listing all rate exceptions and the reports is reviewed by the clerk's manager C) the system requires the clerk to enter an approval code D) the systems displays a warning message to the clerk

A

Which of the following statements describes the most effective strategy for the protection of an organization from virus attacks? A) organization policy states that no external files are to be loaded on organization-owned desktop computers B) facilities are available to check mobile storage devices obtained from external sources before they are used C) the organization has defined procedures for recovering from a virus incursion D) potential users are educated as to the dangers and potential sources of viruses

A

Which of the following is the key benefit of control self-assessment (CSA)? A) management ownership of the internal controls supporting business objectives is reinforced B) audit expenses are reduced when the assessment results are an input to external audit work C) fraud detection will be improved since internal business staff are engaged in testing controls D) internal auditors can shift to a consultative approach by using the results of the assessment

A

The primary benefit of implementing a security program as part of a security governance framework is the: A) alignment of the IT activities with IS audit recommendations B) enforcement of the management of security risk C) implementation of the chief information security officer's recommendations D) reduction of the cost for IT security

B

A password hacking tool was used to capture detailed bank account information and personal identification numbers. Upon confirming the incident, the next step is to: A) notify law enforcement B) start containment C) make an image copy of the media D) isolate affected server

B

The most effective approach to address issues that arise between IT management business units and security management when implementing a new security strategy is for the information security manager to: A) escalate issues to an external third party for resolution B) ensure that senior management provide authority for security to address the issues C) insist that managers or units not in agreement with the security solution accept the risk D) refer the issues to senior management along with any security recommendations

D

To justify the need to invest in a forensic analysis tool, an information security manager should first: A) review the functionality and implementation requirements of the solution B) review comparison reports of tool implementation in peer companies C) provide examples of situations where such a tool would be useful D) demonstrate that the investment meets organizational needs

D

Legal and regulatory requirements pertaining to information security should be addressed by the information security manager: A) as a mandate that requires organization compliance B) based on the level of risk they pose to the organization C) by developing policies that address the requirements D) to ensure that guidelines meet the requirements

B

Which of the following is the best definition of risk? A) the amount of damage and loss that an organization may suffer B) an adverse event that may cause harm to the an organization's asset C) the chance of something happening that will impact upon objectives D) a weakness in a system that can be exploited and result in exposure

C

During an audit, an information security manager discovered that sales representatives are sending sensitive customer information through e-mail messages. Which of the following is the best course of action to address the issue? A) review the finding with the sales manger to evaluate the risk impact B) report the issue to senior management C) request that the sales representatives stop e-mailing sensitive information D) provide security awareness training to the sales reps

A

What is the purpose of separation of duties? A) access to data should be limited B) fraudulent acts are impossible to perform C) collusion between two persons can be detected D) potential damage from the actions of any one person is reduced

D

An organization is entering an agreement with a new business partner to conduct customer mailings. What is the most important action that the information security manager needs to perform? A) a due diligence security review of the business partner's security controls B) ensure that the business partner has an effective business continuity program C) ensure that the third party is contractually obligated to all relevant security requirements D) talking to other clients of the business partner to check references for performance

C

Use of asymmetric encryption over an Internet e-commerce site, where there is one private key on the hosting server and the public key is widely distributed to the customers, is most likely to provide comfort to the: A) customer over the authenticity of the hosting organization B) hosting organization over the authenticity of the customer C) customer over the confidentiality of messages from the hosting organization D) hosting organization over the confidentiality of messages to the customer

A

As an organization grows, exceptions to information security policies that were not originally specified may become necessary at a later date. In order to ensure effective management of business risks, exceptions to such policies should be: A) considered at the discretion of the information owner B) approved by the next higher person in the organizational structure C) formally managed within the information security framework D) reviewed and approved by the security manager

C

Which one of the following is an example of an information security best practice? A) management has standardized on one AV solution B) management maintains a record of personnel overtime charges C) management receives regular reports on the number of security incidents D) Management has a view on how much the enterprise should invested in the information security improvements

D

To determine the selection of controls required to meet business objectives, an information security manager should: A) priories the use of role-based access control B) focus on key-controls C) restrict controls to only critical applications D) focus on automated controls

B

A global financial institution has decided not to take any further action on a denial of service risk found by the risk assessment team. The most likely reason they made this decision is that: A) there are sufficient safeguards in place to prevent this risk from happening B) the needed countermeasure is too complicated to deploy C) the cost of countermeasures outweighs the value of the asset and the potential loss D) the likelihood of the risk occurring is unknown

C

Serious security incidents typically lead to renewed focus on information security by management. To best utilize this attention, the information security manager should make the case for: A) improving integration of business and information security processes B) increasing information security budgets and staffing levels C) developing tighter controls and stronger compliance efforts D) acquiring better supplemental technical security controls

A

An IS auditor is auditing the controls relating to employee termination. Which of the following is the most important aspect to be reviewed: A) the related company staff are notified about the termination B) user ID and password of the employee have been deleted C) the details of employee have been removed from active payroll files D) company property provided to the employee has been returned

B

In a business continuity plan, there are several methods of providing telecommunication continuity. One method is diverse routing which involves: A) providing extra capacity with the intent of using the surplus capacity should the normal primary transmission capability not be available B) routing information via other alternate media such as copper cable or fiber optics C) providing diverse long-distance network availability utilizing T-1 circuits among the major long-distance carriers D) routing traffic through split-cable facilities or duplicate-cable facilities

D

Which of the following would be a good performance measure of information security governance succeeding? A) reduced number of new implementations delayed be security concerns B) reduced number of security-related service calls, change requests and fixes C) increased number of systems subject to an intrusion detection process D) full compliance, or agreed-upon and recorded deviations from minimum security requirements

D

A company's facilities and computer room conceivably could be destroyed completely by fire. The most appropriate action the company could take in an attempt to prepare for and protect itself against such a disaster as this be to have: A) off-site backup computer facilities B) a reconstruction and recovery plan which outlines the procedures for reconstruction of files and use of alternate facilities C) a contractual agreement with the manufacturer or other company to use its facilities D) the grandfather-father-son concept implemented for all files stored on magnetic tapes

B

A structured walk-through test of a disaster recovery plan involves: A) representatives from each of the functional areas coming together to go over the plan B) all employees who participate in a day-to-day operations coming together to practice executing the plan C) moving the systems to the alternate processing site and performing processing operations D) distributing copies of the plan to various functional areas for review

A

When implementing effective security governance within the requirements of the company's security strategy, which of the following is the most important factor to consider? A) preserving the confidentiality of sensitive data B) establishing international security standards for data sharing C) adhering to corporate privacy standards D) establishing system manager responsibility for information security

A

Which of the following tasks should the information security manager do first when business information has to be shared with external entities? A) execute a non-disclosure agreement B) review the information classification C) establish a secure communication channel D) enforce encryption of the information

B

An audit trail is defined as: A) the signing of work sheets as part of a quality assurance program B) a trail around the data center used to determine holes and weaknesses in the perimeter walls C) the logging of important information for subsequent analysis in case of errors or other relevant incidents D) the measures taken to follow a business transaction from the first data entry into effect on income and balance

C

The assessment of risk is always subjective. To improve accuracy, which of the following is the most important action to take? A) Train or "calibrate" the assessor B) Utilize only standardized approaches C) Ensure the impartiality of the assessor D) Utilize multiple methods of analysis

A

Which of the following is the best quantitative indicator of an organization's risk tolerance? A) the number of incidents and subsequent mitigation activities B) the number, type and layering of deterrent control technologies C) The extent of risk management requirements in policies and standards D) the ratio of cost to insurance coverage for business interruption protection

D

An organization's management is carrying out a cost-benefit analysis of the controls recommended to mitigate a risk. The approach adopted by the management is: A) both quantitative and qualitative B) purely quantitative C) purely qualitative D) neither qualitative nor quantitative

A

A new regulation for safeguarding information processed by a specify type of transaction has come to the attention of an information security officer. The officer should first: A) meet with stakeholders to decide how to comply B) analyze key risks in the compliance process C) assess whether existing controls meet the regulation D) update the existing security/privacy policy

C

Hello World 1 Questions

Create or copy sets of flashcards

Create or copy sets of flashcards

Log in to see all the cards.

SWITCHaai

Office 365

Edulog

Apple ID

Google