Isaca CISM Quiz 135 Topic 4 Questions 671-675

Question: 1

The MOST important reason that security risk assessments should be conducted frequently throughout an organization is because:

Athreats to the organization may change.

Bcompliance with legal and regulatory standards should be reassessed.

Ccontrol effectiveness may weaken.

Dcontrols should be regularly tested.

Show Answer

Question: 2

In an organization that has undergone an expansion through an acquisition, which of the following would BEST secure the enterprise network?

ABusiness or rote-based segmentation

BLog analysis of system access

CUsing security groups

DEncryption of data traversing networks

Show Answer

Question: 3

An IT department has given a vendor remote access to the internal network for troubleshooting network performance problems. After discovering the remote activity during a firewall log review, which of the following is the FIRST course of action for an information security manager?

ADetermine the level of access granted

BReview the related service level agreement (SLA).

CRevoke the access.

DDeclare a security incident.

Show Answer

Question: 4

The PRIMARY advantage of a network intrusion detection system (IDS) is that it can:

Adetect network vulnerabilities

Bsimulate denial-of-service attacks.

Cblock undesirable network traffic

Didentify an attack on the network.

Show Answer

Question: 5

Which of the following is the GREATEST risk associated with the head of information security reporting to the chief information officer (CIO)?

ADuplicate roles and responsibilities

BInsufficient authority to perform duties effectively

CInadequate IT security controls to protect FT assets

DConflict of interest while running IT operations

Show Answer

Isaca CISM Quiz:135 Topic:4 Questions:671-675