c2b_default

Hello World 1 Questions

Hello World 1 Questions

Hello World 1 Questions

99
0.0 (0)

Kartei Details

Karten 99
Sprache Deutsch
Kategorie Religion/Ethik
Stufe Grundschule
Erstellt / Aktualisiert 18.11.2013 / 09.06.2024
Weblink
https://card2brain.ch/box/hello_world_1_questions
Einbinden
<iframe src="https://card2brain.ch/box/hello_world_1_questions/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
Lernen
An organization plans to contract with an outside service provider to host its corporate web site. The most important concern for the information security manager is to ensure that: A) an audit of the service provider uncovers no significant weakness B) the contract includes a nondisclosure agreement C) the contract should mandate that the service provider will comply with security policies D) the third-party service provider conducts regular penetration testing

C

An organization has consolidated global operations. The CIO has asked the chief information security officer to develop a new organization information security strategy. Which of the following actions should be taken first? A) identify the assets B) conduct a risk assessment C) define the scope D) result in major problems with billing systems and transaction processing agreements

C
A computer programmer altered the program for checking accounts so that his account would be bypassed when a listing of accounts with overdrafts was prepared. Which of the following controls would be least effective in preventing or detecting this abuse? A) user sign-off for all program changes B) internal auditor review of all employee accounts C) independent code review following any change D) independent listing of overdrafts and follow-up by internal auditors

A

The responsibility of assuring that the systems development lifecycle design adheres to corporate security policies and test system security prior to implementations that of the: A) security officer B) project manager C) quality manager D) project steering committee

A

Security risk assessments are most cost-effective to a software development organization when they are performed: A) before system development begins B) at system deployment C) before developing a business case D) at each stage of the SDLC

D

An organization has recently installed a security patch, which crashed the production server. To minimize the probability of this occurring again, the information security professional should: A) apply the patch according to the patch's release notes B) ensure that a good change management process is in place C) thoroughly test the patch before sending it to production D) approve the patch after doing a risk assessment

B
The scope of logical access controls review would include the valuation of: A) effectiveness and efficiency of IT security and related controls B) confidentiality, integrity and availability of information to authorized users C) access to systems software and application software to ensure compliance with the access policy D) access to user authorization levels, parameters and operational function through application software

C

Management feels that its daily review of log files provides a compensating control for a weakness in access controls to program and data files. Which of the following would be least important in evaluating the adequacy of this control? A) the type of information written to the log file B) how well the log file is protected C) the identity of the person responsible for the software that generates the log D) the retention period of the log data file

D

Which of the following is the most important factor on which to rely on successfully assign cross-organizational responsibility to integrate on information security program: A) the ease of information security technologies B) open channels of communication C) the roles of different job functions D) qualities information security professionals in each department

C

To improve the security of an organization's human resources system, an information security manager was presented with a choice to either implement an additional packet filtering firewall or a heuristic-based intrusion detection system. How should the security manager with a limited budget choose between the two technologies? A) risk analysis B) BIA C) ROI analysis D) cost-benefit analysis

D
Which of the following is not a necessary benefit of consulting with current customers of the proposed software package during the software evaluation process? A) learning what other customers paid for the software B) obtaining assurance concerning the vendor's ability to fulfill commitments C) learning whether the vendor keeps the software current by providing enhancements of software D) determining if other customers are suing the software in a similar situation to yours

A

Which of the following techniques most clearly indicates whether specific risk-reduction controls should be implemented? A) cost-benefit analysis B) penetration testing C) frequent risk assessment programs D) annual loss expectancy calculation

A

An account with full administrative privileges over a production file is found to be accessible by a member of the software development team. This account was set up to allow the developer to download non sensitive production data for software testing purposes. Assuming all options are possible, which of the following should the information security manager recommend? A) restrict account access to read only B) log all usage of this account C) suspend the account and activate only when needed D) require that a change requests be submitted for each download

A

In a PKI, a registration authority: A) verifies information supplied by the subject requesting a certificate B) issues the certificate after the required attributes are verified and the keys are generated C) digitally sign a message to achieve no repudiation of the signed message D) registers signed messages to protect them from future repudiation

A
The most effective approach to ensure the continued effectiveness of information security controls is by: A) ensuring inherent control strength B) ensuring strategic alignment C) utilizing effective life cycle management D) utilizing effective change management

C

What would be the purpose of an enterprise's board setting direction for information security, driving policy and information security strategy? A) developing a mission statement B) defining an enterprise risk profile C) allocating accountability D) selecting specific security solutions

B

Which of the following is a useful service for security managers to ensure that the security program is constantly being adjusted? A) external auditor reports B) external vulnerability reports C) external peer reviews D) external baseline benchmarking

B

Value at risk can be used: A) as a qualitative approach to evaluating risk B) to determine maximum probable loss over a period of time C) for risk analysis applicable only to financial organizations D) as a useful tool to expedite the assessment process

B

What is the main risk when there is no user management representation on the information security steering committee? A) functional requirements are not adequately considered B) user training program may be inadequate C) budgets allocate to business units are not appropriate D) information security plans are not aligned with business requirements

D

Lernen