Which of the following is the MOST important management signoff for migrating an order processing system from a test environment to a production environment? A. User B. Security C. Operations D. Database
Correct Answer: A
Explanation:
Explanation:
As owners of the system, user management approval would be the most important. Although the signoffs of security, operations and database management may be appropriate, they are secondary to ensuring the new system meets the requirements of the business.
Which of the following change management activities would be a clear indicator that normal operational procedures require examination? A high percentage of: A. similar change requests. B. change request postponements. C. canceled change requests. D. emergency change requests.
Correct Answer: D
Explanation:
Explanation:
A high percentage of emergency change requests could be caused by changes that are being introduced at the last minute to bypass normal chance management procedures. Similar requests, postponements and canceled requests all are indicative of a properly functioning change management process.
Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs? A. Penetration attempts investigated B. Violation log reports produced C. Violation log entries D. Frequency of corrective actions taken
Correct Answer: A
Explanation:
Explanation: The most useful metric is one that measures the degree to which complete follow-through has taken place. The quantity of reports, entries on reports and the frequency of corrective actions are not indicative of whether or not investigative action was taken.
Which of the following is the BEST indicator that security awareness training has been effective? A. Employees sign to acknowledge the security policy B. More incidents are being reported C. A majority of employees have completed training D. No incidents have been reported in three months
Correct Answer: B
Explanation:
Explanation: More incidents being reported could be an indicator that the staff is paying more attention to security. Employee signatures and training completion may or may not have anything to do with awareness levels. The number of individuals trained may not indicate they are more aware. No recent security incidents do not reflect awareness levels, but may prompt further research to confirm.
In a well-controlled environment, which of the following activities is MOST likely to lead to the introduction of weaknesses in security software? A. Applying patches B. Changing access rules C. Upgrading hardware D. Backing up files
Correct Answer: B
Explanation:
Explanation:
Security software will generally have a well-controlled process for applying patches, backing up files and upgrading hardware. The greatest risk occurs when access rules are changed since they are susceptible to being opened up too much, which can result in the creation of a security exposure.
When an emergency security patch is received via electronic mail, the patch should FIRST be: A. loaded onto an isolated test machine. B. decompiled to check for malicious code. C. validated to ensure its authenticity. D. copied onto write-once media to prevent tampering.
Correct Answer: C
Explanation:
Explanation: It is important to first validate that the patch is authentic. Only then should it be copied onto write-once media, decompiled to check for malicious code or loaded onto an isolated test machine.
The BEST way to ensure that an external service provider complies with organizational security policies is to: A. Explicitly include the service provider in the security policies. B. Receive acknowledgment in writing stating the provider has read all policies. C. Cross-reference to policies in the service level agreement D. Perform periodic reviews of the service provider.
Correct Answer: D
Explanation:
Explanation:
Periodic reviews will be the most effective way of obtaining compliance from the external service provider. References in policies and service level agreements and requesting written acknowledgement will not be as effective since they will not trigger the detection of noncompliance.
Which of the following is the MOST likely to change an organization's culture to one that is more security conscious? A. Adequate security policies and procedures B. Periodic compliance reviews C. Security steering committees D. Security awareness campaigns
Correct Answer: D
Explanation:
Explanation:
Security awareness campaigns will be more effective at changing an organizational culture than the creation of steering committees and security policies and procedures. Compliance reviews are helpful; however, awareness by all staff is more effective because compliance reviews are focused on certain areas groups and do not necessarily educate.
Which of the following will MOST likely reduce the chances of an unauthorized individual gaining access to computing resources by pretending to be an authorized individual needing to have his, her password reset? A. Performing reviews of password resets B. Conducting security awareness programs C. Increasing the frequency of password changes D. Implementing automatic password syntax checking
Correct Answer: B
Explanation:
Explanation:
Social engineering can be mitigated best through periodic security awareness training for staff members who may be the target of such an attempt. Changing the frequency of password changes, strengthening passwords and checking the number of password resets may be desirable, but they will not be as effective in reducing the likelihood of a social engineering attack.
The MOST appropriate individual to determine the level of information security needed for a specific business application is the: A. system developer. B. information security manager. C. steering committee. D. system data owner.
Correct Answer: D
Explanation:
Explanation:
Data owners are the most knowledgeable of the security needs of the business application for which they are responsible. The system developer, security manager and system custodian will have specific knowledge on limited areas but will not have full knowledge of the business issues that affect the level of security required. The steering committee does not perform at that level of detail on the operation.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.