Isaca CISM Quiz 249 Topic 2 Questions 1241-1245

Question: 1

An attacker was able to gain access to an organizations perimeter firewall and made changes to allow wider external access and to steal dat

a. Which of the following would have BEST provided timely identification of this incident?

AImplementing a data loss prevention (DLP) suite

BConducting regular system administrator awareness training

CDeploying an intrusion prevention system (IPS)

DDeploying a security information and event management system (SIEM)

Show Answer

Question: 2

An information security manager has been asked to integrate security into the software development life cycle (SDLC) after requirements have already been gathered. In this situation during which phase would integration be MOST effectrve?

AQuality assurance analysis

BCode review

CPenetration testing

DUser acceptance testing

Show Answer

Question: 3

Which of the following models provides a client organization with the MOST administrative control over a cloud-hosted environment?

ASoftware as a Service (SaaS)

BInfrastructure as a Service (laaS)

CPlatform as a Service (PaaS)

DStorage as a Service (SaaS)

Show Answer

Question: 4

The PRIMARY objective of periodically testing an incident response plan should be to:

Aimprove internal processes and procedures,

Bharden the technical infrastructure.

Cimprove employee awareness of the incident response process,

Dhighlight the importance of incident response and recovery.

Show Answer

Question: 5

Which of the following activities would BEST incorporate security into the software development life cycle {SOLO7

ATest applications before go-live

BMinimize the use of open source software

CInclude security training for the development team

DScan operating systems for vulnerabilities

Show Answer

Isaca CISM Quiz:249 Topic:2 Questions:1241-1245