لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
The MOST effective way to incorporate risk management practices into existing production systems is through:
A. policy development
B. change management
C. awareness training
D. regular monitoring
عرض الإجابة
اجابة صحيحة: B
السؤال #2
The MOST important factor in ensuring the success of an information security program is effective:
A. communication of information security requirements to all users in the organization
B. formulation of policies and procedures for information security
C. alignment with organizational goals and objectives
D. monitoring compliance with information security policies and procedures
عرض الإجابة
اجابة صحيحة: C
السؤال #3
The PRIMARY reason for involving information security at each stage in the systems development life cycle (SDLC) is to identify the security implications and potential solutions required for:
A. identifying vulnerabilities in the system
B. sustaining the organization's security posture
C. the existing systems that will be affected
D. complying with segregation of duties
عرض الإجابة
اجابة صحيحة: B
السؤال #4
Which of the following would BEST ensure the success of information security governance within an organization?
A. Steering committees approve security projects
B. Security policy training provided to all managers
C. Security training available to all employees on the intranet
D. Steering committees enforce compliance with laws and regulations
عرض الإجابة
اجابة صحيحة: A
السؤال #5
Which of the following is the BEST tool to maintain the currency and coverage of an information security program within an organization?
A. The program's governance oversight mechanisms
B. Information security periodicals and manuals
C. The program's security architecture and design
D. Training and certification of the information security team
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Which of the following is an advantage of a centralized information security organizational structure?
A. It is easier to promote security awareness
B. It is easier to manage and control
C. It is more responsive to business unit needs
D. It provides a faster turnaround for security requests
عرض الإجابة
اجابة صحيحة: B
السؤال #7
Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?
A. Knowledge of information technology platforms, networks and development methodologies
B. Ability to understand and map organizational needs to security technologies
C. Knowledge of the regulatory environment and project management techniques
D. Ability to manage a diverse group of individuals and resources across an organization
عرض الإجابة
اجابة صحيحة: B
السؤال #8
Data owners are PRIMARILY responsible for establishing risk mitigation methods to address which of the following areas?
A. Platform security
B. Entitlement changes
C. Intrusion detection
D. Antivirus controls
عرض الإجابة
اجابة صحيحة: B
السؤال #9
Real 142 Isaca CISM Exam Security awareness training is MOST likely to lead to which of the following?
A. Decrease in intrusion incidents
B. Increase in reported incidents
C. Decrease in security policy changes
D. Increase in access rule violations
عرض الإجابة
اجابة صحيحة: C
السؤال #10
Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?
A. Chief security officer (CSO)
B. Chief operating officer (COO)
C. Chief privacy officer (CPO)
D. Chief legal counsel (CLC)
عرض الإجابة
اجابة صحيحة: B
السؤال #11
When an organization is implementing an information security governance program, its board of directors should be responsible for:
A. drafting information security policies
B. reviewing training and awareness programs
C. setting the strategic direction of the program
D. auditing for compliance
عرض الإجابة
اجابة صحيحة: C
السؤال #12
When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?
A. Create separate policies to address each regulation
B. Develop policies that meet all mandated requirements
C. Incorporate policy statements provided by regulators
D. Develop a compliance risk assessment
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Which of the following would be MOST helpful to achieve alignment between information security and organization objectives?
A. Key control monitoring
B. A robust security awareness program
C. A security program that enables business activities
D. An effective security architecture
عرض الإجابة
اجابة صحيحة: C
السؤال #14
Which of the following results from the risk assessment process would BEST assist risk management decision making?
A. Control risk
B. Inherent risk
C. Risk exposure
D. Residual risk
عرض الإجابة
اجابة صحيحة: D
السؤال #15
Which of the following provides the linkage to ensure that procedures are correctly aligned with information security policy requirements?
A. Standards
B. Guidelines
C. Security metrics
D. IT governance
عرض الإجابة
اجابة صحيحة: D
السؤال #16
When a proposed system change violates an existing security standard, the conflict would be BEST resolved by:
A. calculating the residual risk
B. enforcing the security standard
C. redesigning the system change
D. implementing mitigating controls
عرض الإجابة
اجابة صحيحة: B
السؤال #17
The PRIMARY purpose of aligning information security with corporate governance objectives is to:
A. build capabilities to improve security processes
B. consistently manage significant areas of risk
C. identify an organization’s tolerance for risk
D. re-align roles and responsibilities
عرض الإجابة
اجابة صحيحة: A
السؤال #18
Quantitative risk analysis is MOST appropriate when assessment data:
A. include customer perceptions
B. contain percentage estimates
C. do not contain specific details
D. contain subjective information
عرض الإجابة
اجابة صحيحة: B
السؤال #19
Which of the following tools is MOST appropriate for determining how long a security project will take to implement?
A. Gantt chart
B. Waterfall chart
C. Critical path
D. Rapid Application Development (RAD)
عرض الإجابة
اجابة صحيحة: C
السؤال #20
In order to protect a network against unauthorized external connections to corporate systems, the information security manager should BEST implement:
A. a strong authentication
B. IP antispoofing filtering
C. network encryption protocol
D. access lists of trusted devices
عرض الإجابة
اجابة صحيحة: C
السؤال #21
Which of the following should be the FIRST step in developing an information security plan?
A. Perform a technical vulnerabilities assessment
B. Analyze the current business strategy
C. Perform a business impact analysis
D. Assess the current levels of security awareness
عرض الإجابة
اجابة صحيحة: B
السؤال #22
Which of the following would help to change an organization's security culture?
A. Develop procedures to enforce the information security policy
B. Obtain strong management support
C. Implement strict technical security controls
D. Periodically audit compliance with the information security policy
عرض الإجابة
اجابة صحيحة: B
السؤال #23
Which of the following groups would be in the BEST position to perform a risk analysis for a business?
A. External auditors
B. A peer group within a similar business
C. Process owners
D. A specialized management consultant
عرض الإجابة
اجابة صحيحة: C
السؤال #24
To justify its ongoing security budget, which of the following would be of MOST use to the information security' department?
A. Security breach frequency
B. Annualized loss expectancy (ALE)
C. Cost-benefit analysis
D. Peer group comparison
عرض الإجابة
اجابة صحيحة: C
السؤال #25
A good privacy statement should include:
A. notification of liability on accuracy of information
B. notification that information will be encrypted
C. what the company will do with information it collects
D. a description of the information classification process
عرض الإجابة
اجابة صحيحة: C
السؤال #26
Real 152 Isaca CISM Exam Which of the following is the MOST important consideration when implementing an intrusion detection system (IDS)?
A. Tuning
B. Patching
C. Encryption
D. Packet filtering
عرض الإجابة
اجابة صحيحة: D
السؤال #27
Which of the following would be the FIRST step in establishing an information security program?
A. Develop the security policy
B. Develop security operating procedures
C. Develop the security plan
D. Conduct a security controls study
عرض الإجابة
اجابة صحيحة: A
السؤال #28
When configuring a biometric access control system that protects a high-security data center, the system's sensitivity level should be set:
A. to u higher false reject rate (FRR)
B. to a lower crossover error rate
C. to a higher false acceptance rate (FAR)
D. exactly to the crossover error rate
عرض الإجابة
اجابة صحيحة: B
السؤال #29
The MOST important component of a privacy policy is:
A. notifications
B. warranties
C. liabilities
D. geographic coverage
عرض الإجابة
اجابة صحيحة: A
السؤال #30
When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?
A. Business management
B. Operations manager
C. Information security manager
D. System users
عرض الإجابة
اجابة صحيحة: C
السؤال #31
The BEST approach in managing a security incident involving a successful penetration should be to:
A. allow business processes to continue during the response
B. allow the security team to assess the attack profile
C. permit the incident to continue to trace the source
D. examine the incident response process for deficiencies
عرض الإجابة
اجابة صحيحة: C
السؤال #32
What is the MOST important factor in the successful implementation of an enterprise wide information security program?
A. Realistic budget estimates
B. Security awareness
C. Support of senior management
D. Recalculation of the work factor
عرض الإجابة
اجابة صحيحة: C
السؤال #33
A new regulation for safeguarding information processed by a specific type of transaction has come to the attention of an information security officer. The officer should FIRST:
A. meet with stakeholders to decide how to comply
B. analyze key risks in the compliance process
C. assess whether existing controls meet the regulation
D. update the existing security/privacy policy
عرض الإجابة
اجابة صحيحة: C
السؤال #34
When an emergency security patch is received via electronic mail, the patch should FIRST be:
A. loaded onto an isolated test machine
C. validated to ensure its authenticity
D. copied onto write-once media to prevent tampering
عرض الإجابة
اجابة صحيحة: D
السؤال #35
What would be the MOST significant security risks when using wireless local area network (LAN) technology?
A. Man-in-the-middle attack
B. Spoofing of data packets
C. Rogue access point
D. Session hijacking
عرض الإجابة
اجابة صحيحة: C
السؤال #36
Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:
A. baseline
B. strategy
C. procedure
D. policy
عرض الإجابة
اجابة صحيحة: D
السؤال #37
Who is responsible for ensuring that information is categorized and that specific protective measures are taken?
A. The security officer
B. Senior management
C. The end user
D. The custodian
عرض الإجابة
اجابة صحيحة: B
السؤال #38
Data owners are normally responsible for which of the following?
A. Applying emergency changes to application data
B. Administering security over database records
C. Migrating application code changes to production
D. Determining the level of application security required
عرض الإجابة
اجابة صحيحة: B
السؤال #39
When personal information is transmitted across networks, there MUST be adequate controls over:
A. change management
B. privacy protection
C. consent to data transfer
D. encryption devices
عرض الإجابة
اجابة صحيحة: B
السؤال #40
Real 151 Isaca CISM Exam Secure customer use of an e-commerce application can BEST be accomplished through:
A. data encryption
B. digital signatures
C. strong passwords
D. two-factor authentication
عرض الإجابة
اجابة صحيحة: B
السؤال #41
An organization's information security processes are currently defined as ad hoc. In seeking to improve their performance level, the next step for the organization should be to:
A. ensure that security processes are consistent across the organization
B. enforce baseline security levels across the organization
C. ensure that security processes are fully documented
D. implement monitoring of key performance indicators for security processes
عرض الإجابة
اجابة صحيحة: A
السؤال #42
Which of the following is the MOST appropriate method for deploying operating system (OS) patches to production application servers?
A. Batch patches into frequent server updates
B. Initially load the patches on a test machine
C. Set up servers to automatically download patches
D. Automatically push all patches to the servers
عرض الإجابة
اجابة صحيحة: B
السؤال #43
The BEST time to perform a penetration test is after:
A. an attempted penetration has occurred
B. an audit has reported weaknesses in security controls
D. a high turnover in systems staff
عرض الإجابة
اجابة صحيحة: A
السؤال #44
The MOST useful way to describe the objectives in the information security strategy is through:
A. attributes and characteristics of the 'desired state
B. overall control objectives of the security program
C. mapping the IT systems to key business processes
D. calculation of annual loss expectations
عرض الإجابة
اجابة صحيحة: A
السؤال #45
Which of the following environments represents the GREATEST risk to organizational security?
A. Locally managed file server B
C. Load-balanced, web server cluster
D. Centrally managed data switch
عرض الإجابة
اجابة صحيحة: B
السؤال #46
An information security organization should PRIMARILY:
A. support the business objectives of the company by providing security-related support services
B. be responsible for setting up and documenting the information security responsibilities of the information security team members
C. ensure that the information security policies of the company are in line with global best practices and standards
D. ensure that the information security expectations are conveyed to employees
عرض الإجابة
اجابة صحيحة: D
السؤال #47
What is the BEST policy for securing data on mobile universal serial bus (USB) drives?
A. Authentication
B. Encryption
C. Prohibit employees from copying data to l)SB devices
D. Limit the use of USB devices
عرض الإجابة
اجابة صحيحة: A
السؤال #48
Which of the following will MOST likely reduce the chances of an unauthorized individual gaining access to computing resources by pretending to be an authorized individual needing to have his, her password reset?
A. Performing reviews of password resets B
C. Increasing the frequency of password changes
D. Implementing automatic password syntax checking
عرض الإجابة
اجابة صحيحة: C
السؤال #49
The MOST important reason that statistical anomaly-based intrusion detection systems (slat IDSs) are less commonly used than signature-based IDSs, is that stat IDSs:
A. create more overhead than signature-based IDSs
B. cause false positives from minor changes to system variables
C. generate false alarms from varying user or system actions
D. cannot detect new types of attacks
عرض الإجابة
اجابة صحيحة: C
السؤال #50
Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message?
A. Encrypting first by receiver's private key and second by sender's public key
B. Encrypting first by sender's private key and second by receiver's public key
C. Encrypting first by sender's private key and second decrypting by sender's public key
D. Encrypting first by sender's public key and second by receiver's private key
عرض الإجابة
اجابة صحيحة: A
السؤال #51
A risk mitigation report would include recommendations for:
A. assessment
B. acceptance
C. evaluation
D. quantification
عرض الإجابة
اجابة صحيحة: B
السؤال #52
Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs?
A. Penetration attempts investigated
B. Violation log reports produced
C. Violation log entries D
عرض الإجابة
اجابة صحيحة: A
السؤال #53
A third party was engaged to develop a business application. Which of the following would an information security manager BEST test for the existence of back doors?
A. System monitoring for traffic on network ports
B. Security code reviews for the entire application
C. Reverse engineering the application binaries D
عرض الإجابة
اجابة صحيحة: A
السؤال #54
An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?
A. Review the procedures for granting access B
C. Meet with data owners to understand business needs
D. Redefine and implement proper access rights
عرض الإجابة
اجابة صحيحة: A
السؤال #55
A critical component of a continuous improvement program for information security is: Real 242 Isaca CISM Exam
A. measuring processes and providing feedback
B. developing a service level agreement (SLA) for security
C. tying corporate security standards to a recognized international standard
D. ensuring regulatory compliance
عرض الإجابة
اجابة صحيحة: B
السؤال #56
The MOST effective use of a risk register is to: A. identify risks and assign roles and responsibilities for mitigation.
B. identify threats and probabilities
C. facilitate a thorough review of all IT-related risks on a periodic basis
D. record the annualized financial amount of expected losses due to risks
عرض الإجابة
اجابة صحيحة: A
السؤال #57
Which of the following is MOST effective in preventing weaknesses from being introduced into existing production systems?
A. Patch management
B. Change management Real 136 Isaca CISM Exam
C. Security baselines
D. Virus detection
عرض الإجابة
اجابة صحيحة: C
السؤال #58
Managing the life cycle of a digital certificate is a role of a(n):
A. system administrator
B. security administrator
C. system developer
D. independent trusted source
عرض الإجابة
اجابة صحيحة: C
السؤال #59
What is the BEST method to confirm that all firewall rules and router configuration settings are adequate?
A. Periodic review of network configuration
B. Review intrusion detection system (IDS) logs for evidence of attacks
C. Periodically perform penetration tests
D. Daily review of server logs for evidence of hacker activity Real 209 Isaca CISM Exam
عرض الإجابة
اجابة صحيحة: D
السؤال #60
Which of the following would be MOST useful in developing a series of recovery time objectives (RTOs)?
A. Gap analysis
B. Risk analysis
C. Regression analysis
D. Business impact analysis
عرض الإجابة
اجابة صحيحة: D
السؤال #61
Which of the following should be included in an annual information security budget that is submitted for management approval?
A. A cost-benefit analysis of budgeted resources
B. All of the resources that are recommended by the business
C. Total cost of ownership (TCO)
D. Baseline comparisons
عرض الإجابة
اجابة صحيحة: A
السؤال #62
A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site. Which of the following would be the GREATEST weakness in recovery capability?
A. Exclusive use of the hot site is limited to six weeks The hot site may have to be shared with other customers
C. The time of declaration determines site access priority
D. The provider services all major companies in the area
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: