لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Which of the following is the BEST method to ensure the overall effectiveness of a risk management program?
A. User assessments of changes
B. Comparison of the program results with industry standards
C. Assignment of risk within the organization
D. Participation by all members of the organization
عرض الإجابة
اجابة صحيحة: B
السؤال #2
Which of the following practices completely prevents a man-in-the-middle (MitM) attack between two hosts?
A. Use security tokens for authentication
B. Connect through an IPSec VPN
C. Use https with a server-side certificate
D. Enforce static media access control (MAC) addresses
عرض الإجابة
اجابة صحيحة: D
السؤال #3
Which of the following is MOST effective for securing wireless networks as a point of entry into a corporate network?
A. Boundary router
B. Strong encryption
C. Internet-facing firewall
D. Intrusion detection system (IDS)
عرض الإجابة
اجابة صحيحة: B
السؤال #4
Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message?
A. Encrypting first by receiver's private key and second by sender's public key
B. Encrypting first by sender's private key and second by receiver's public key
C. Encrypting first by sender's private key and second decrypting by sender's public key
D. Encrypting first by sender's public key and second by receiver's private key
عرض الإجابة
اجابة صحيحة: D
السؤال #5
A risk assessment study carried out by an organization noted that there is no segmentation of the local area network (LAN). Network segmentation would reduce the potential impact of which of the following?
A. Denial of service (DoS) attacks
B. Traffic sniffing
C. Virus infections
D. IP address spoofing
عرض الإجابة
اجابة صحيحة: C
السؤال #6
The root cause of a successful cross site request forgery (XSRF) attack against an application is that the vulnerable application:
A. uses multiple redirects for completing a data commit transaction
B. has implemented cookies as the sole authentication mechanism
C. has been installed with a non-legitimate license key
D. is hosted on a server along with other applications
عرض الإجابة
اجابة صحيحة: A
السؤال #7
After a risk assessment, it is determined that the cost to mitigate the risk is much greater than the benefit to be derived. The information security manager should recommend to business management that the risk be:
A. transferred
B. treated
C. accepted
D. terminated
عرض الإجابة
اجابة صحيحة: C
السؤال #8
It is important to develop an information security baseline because it helps to define:
A. critical information resources needing protection
B. a security policy for the entire organization
C. the minimum acceptable security to be implemented
D. required physical and logical access controls
عرض الإجابة
اجابة صحيحة: C
السؤال #9
The information classification scheme should:
A. consider possible impact of a security breach
B. classify personal information in electronic form
C. be performed by the information security manager
D. classify systems according to the data processed
عرض الإجابة
اجابة صحيحة: C
السؤال #10
Which of the following devices could potentially stop a Structured Query Language (SQL) injection attack?
A. An intrusion prevention system (IPS)
B. An intrusion detection system (IDS)
C. A host-based intrusion detection system (HIDS)
D. A host-based firewall
عرض الإجابة
اجابة صحيحة: B
السؤال #11
When contracting with an outsourcer to provide security administration, the MOST important contractual element is the:
A. right-to-terminate clause
B. limitations of liability
C. service level agreement (SLA)
D. financial penalties clause
عرض الإجابة
اجابة صحيحة: B
السؤال #12
Which of the following is the MOST important requirement for setting up an information security infrastructure for a new system?
A. Performing a business impact analysis (BIA)
B. Considering personal information devices as pan of the security policy
C. Initiating IT security training and familiarization
D. Basing the information security infrastructure on risk assessment
عرض الإجابة
اجابة صحيحة: B
السؤال #13
When speaking to an organization's human resources department about information security, an information security manager should focus on the need for:
A. an adequate budget for the security program
B. recruitment of technical IT employees
C. periodic risk assessments
D. security awareness training for employees
عرض الإجابة
اجابة صحيحة: C
السؤال #14
Which of the following BEST provides message integrity, sender identity authentication and nonrepudiation?
C. D
A. Symmetric cryptography
B. Public key infrastructure (PKI) Message hashing
D.
E. Message authentication code
عرض الإجابة
اجابة صحيحة: A
السؤال #15
Of the following, the BEST method for ensuring that temporary employees do not receive excessive access rights is:
A. mandatory access controls
B. discretionary access controls
D. role-based access controls
عرض الإجابة
اجابة صحيحة: B
السؤال #16
The BEST way to ensure that an external service provider complies with organizational security policies is to:
A. Explicitly include the service provider in the security policies
B. Receive acknowledgment in writing stating the provider has read all policies
C. Cross-reference to policies in the service level agreement
D. Perform periodic reviews of the service provider
عرض الإجابة
اجابة صحيحة: A
السؤال #17
Which of the following is the MOST effective way to treat a risk such as a natural disaster that has a low probability and a high impact level?
A. Implement countermeasures
B. Eliminate the risk
C. Transfer the risk
D. Accept the risk
عرض الإجابة
اجابة صحيحة: A
السؤال #18
Which of the following is generally considered a fundamental component of an information security program?
A. Role-based access control systems
B. Automated access provisioning
C. Security awareness training
D. Intrusion prevention systems (IPSs)
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Which item would be the BEST to include in the information security awareness training program for new general staff employees?
A. Review of various security models
B. Discussion of how to construct strong passwords
C. Review of roles that have privileged access
D. Discussion of vulnerability assessment results
عرض الإجابة
اجابة صحيحة: C
السؤال #20
Which of the following is the MOST relevant metric to include in an information security quarterly report to the executive committee?
B. C
A. Security compliant servers trend report Percentage of security compliant servers Number of security patches applied
D. Security patches applied trend report
عرض الإجابة
اجابة صحيحة: C
السؤال #21
An organization has to comply with recently published industry regulatory requirements — compliance that potentially has high implementation costs. What should the information security manager do FIRST?
A. Implement a security committee
B. Perform a gap analysis
C. Implement compensating controls
D. Demand immediate compliance
عرض الإجابة
اجابة صحيحة: A
السؤال #22
Which of the following would be MOST relevant to include in a cost-benefit analysis of a two-factor authentication system?
A. Annual loss expectancy (ALE) of incidents
B. Frequency of incidents
C. Total cost of ownership (TCO)
D. Approved budget for the project
عرض الإجابة
اجابة صحيحة: B
السؤال #23
Which of the following is MOST effective in preventing security weaknesses in operating systems?
A. Patch management
B. Change management
C. Security baselines
D. Configuration management
عرض الإجابة
اجابة صحيحة: D
السؤال #24
A message* that has been encrypted by the sender's private key and again by the receiver's public key achieves: A.
B. authentication and authorization
C. confidentiality and nonrepudiation
D. authentication and nonrepudiation
عرض الإجابة
اجابة صحيحة: B
السؤال #25
A risk management approach to information protection is:
A. managing risks to an acceptable level, commensurate with goals and objectives
B. accepting the security posture provided by commercial security products
C. implementing a training program to educate individuals on information protection and risks
D. managing risk tools to ensure that they assess all information protection vulnerabilities
عرض الإجابة
اجابة صحيحة: B
السؤال #26
A benefit of using a full disclosure (white box) approach as compared to a blind (black box) approach to penetration testing is that:
A. it simulates the real-life situation of an external security attack
B. human intervention is not required for this type of test
C. less time is spent on reconnaissance and information gathering
D. critical infrastructure information is not revealed to the tester
عرض الإجابة
اجابة صحيحة: C
السؤال #27
Which of the following technologies is utilized to ensure that an individual connecting to a corporate internal network over the Internet is not an intruder masquerading as an authorized user?
A. Intrusion detection system (IDS)
B. IP address packet filtering
C. Two-factor authentication
D. Embedded digital signature
عرض الإجابة
اجابة صحيحة: A
السؤال #28
Which of the following is the BEST indicator that security awareness training has been effective?
A. Employees sign to acknowledge the security policy
B. More incidents are being reported
C. A majority of employees have completed training
D. No incidents have been reported in three months
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Which of the following roles is PRIMARILY responsible for determining the information classification levels for a given information asset?
A. Manager
B. Custodian
C. User
D. Owner
عرض الإجابة
اجابة صحيحة: D
السؤال #30
What is the MOST important reason for conducting security awareness programs throughout an organization?
A. Reducing the human risk
B. Maintaining evidence of training records to ensure compliance
C. Informing business units about the security strategy
D. Training personnel in security incident response
عرض الإجابة
اجابة صحيحة: C
السؤال #31
Which of the following is the BEST method to provide a new user with their initial password for e-mail system access? Interoffice a system-generated complex password with 30 days expiration
B. Give a dummy password over the telephone set for immediate expiration
C. Require no password but force the user to set their own in 10 days
D. Set initial password equal to the user ID with expiration in 30 days
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: