لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Which of the following enables compliance with a nonrepudiation policy requirement for electronic transactions?
A. Digital certificates
B. Digital signatures
C. Encrypted passwords
D. One-time passwords
عرض الإجابة
اجابة صحيحة: B
السؤال #2
Which of the following is a PRIMARY responsibility of an information security steering committee?
A. Reviewing the information security strategy
B. Approving the information security awareness training strategy
C. Analyzing information security policy compliance reviews
D. Approving the purchase of information security technologies
عرض الإجابة
اجابة صحيحة: A
السؤال #3
The MOST effective approach to address issues that arise between IT management, business units and security management when implementing a new security strategy is for the information security manager to:
A. escalate issues to an external third party for resolution
B. ensure that senior management provides authority for security to address the issues
C. insist that managers or units not in agreement with the security solution accept the risk
D. refer the issues to senior management along with any security recommendations
عرض الإجابة
اجابة صحيحة: D
السؤال #4
From an information security perspective, information that no longer supports the main purpose of the business should be:
A. analyzed under the retention policy
B. protected under the information classification policy
C. analyzed under the backup policy
D. protected under the business impact analysis (BIA)
عرض الإجابة
اجابة صحيحة: A
السؤال #5
When designing an information security quarterly report to management, the MOST important element to be considered should be the:
A. information security metrics
B. knowledge required to analyze each issue
C. linkage to business area objectives
D. baseline against which metrics are evaluated
عرض الإجابة
اجابة صحيحة: C
السؤال #6
Business units within an organization are resistant to proposed changes to the information security program. Which of the following is the BEST way to address this issue?
A. Implementing additional security awareness training
B. Communicating critical risk assessment results to business unit managers
C. Including business unit representation on the security steering committee
D. Publishing updated information security policies
عرض الإجابة
اجابة صحيحة: B
السؤال #7
Which of the following should be performed FIRST in the aftermath of a denial-of-service attack?
A. Restore servers from backup media stored offsite
B. Conduct an assessment to determine system status
C. Perform an impact analysis of the outage
D. Isolate the screened subnet
عرض الإجابة
اجابة صحيحة: C
السؤال #8
Which program element should be implemented FIRST in asset classification and control?
A. Risk assessment
B. Classification
C. Valuation
D. Risk mitigation
عرض الإجابة
اجابة صحيحة: C
السؤال #9
An information security manager must understand the relationship between information security and business operations in order to:
A. support organizational objectives
B. determine likely areas of noncompliance
C. assess the possible impacts of compromise
D. understand the threats to the business
عرض الإجابة
اجابة صحيحة: A
السؤال #10
To gain a clear understanding of the impact that a new regulatory requirement will have on an organization’s information security controls, an information security manager should FIRST:
A. interview senior management
B. conduct a risk assessment
C. conduct a cost-benefit analysis
D. perform a gap analysis
عرض الإجابة
اجابة صحيحة: D
السؤال #11
Which of the following is a benefit of information security governance?
A. Reduction of the potential for civil or legal liability
B. Questioning trust in vendor relationships
C. Increasing the risk of decisions based on incomplete management information
D. Direct involvement of senior management in developing control processes
عرض الإجابة
اجابة صحيحة: A
السؤال #12
Which of the following is the BEST advantage of a centralized information security organizational structure?
A. It allows for a common level of assurance across the enterprise
B. It is easier to manage and control business unit security teams
C. It is more responsive to business unit needs
D. It provides a faster turnaround for security waiver requests
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Of the following, which is the MOST important aspect of forensic investigations?
A. The independence of the investigator
B. Timely intervention
C. Identifying the perpetrator
D. Chain of custody
عرض الإجابة
اجابة صحيحة: B
السؤال #14
When supporting a large corporation’s board of directors in the development of governance, which of the following is the PRIMARY function of the information security manager?
A. Gaining commitment of senior management
B. Preparing the security budget
C. Providing advice and guidance
D. Developing a balanced scorecard
عرض الإجابة
اجابة صحيحة: C
السؤال #15
Which of the following is the BEST way to facilitate the alignment between an organization’s information security program and business objectives?
A. Information security is considered at the feasibility stage of all IT projects
B. The information security governance committee includes representation from key business areas
C. The chief executive officer reviews and approves the information security program
D. The information security program is audited by the internal audit department
عرض الإجابة
اجابة صحيحة: B
السؤال #16
When an organization is using an automated tool to manage and house its business continuity plans, which of the following is the PRIMARY concern?
A. Ensuring accessibility should a disaster occur
B. Versioning control as plans are modified
C. Broken hyperlinks to resources stored elsewhere
D. Tracking changes in personnel and plan assets
عرض الإجابة
اجابة صحيحة: D
السؤال #17
Senior management commitment and support will MOST likely be offered when the value of information security governance is presented from a:
A. threat perspective
B. compliance perspective
C. risk perspective
D. policy perspective
عرض الإجابة
اجابة صحيحة: D
السؤال #18
Minimum standards for securing the technical infrastructure should be defined in a security:
A. strategy
B. guidelines
C. model
D. architecture
عرض الإجابة
اجابة صحيحة: D
السؤال #19
Which of the following is an example of a corrective control? A. Diverting incoming traffic upon responding to the denial of service (DoS) attack
B. Filtering network traffic before entering an internal network from outside
C. Examining inbound network traffic for viruses
D. Logging inbound network traffic
عرض الإجابة
اجابة صحيحة: D
السؤال #20
Which of the following is the BEST mechanism to determine the effectiveness of the incident response process?
A. Incident response metrics
B. Periodic auditing of the incident response process
C. Action recording and review
D. Post incident review
عرض الإجابة
اجابة صحيحة: A
السؤال #21
Which of the following would be MOST appropriate for collecting and preserving evidence?
A. Encrypted hard drives
B. Generic audit software
C. Proven forensic processes
D. Log correlation software
عرض الإجابة
اجابة صحيحة: C
السؤال #22
Which of the following has the highest priority when defining an emergency response plan? Real 290 Isaca CISM Exam A. Critical data
B. Critical infrastructure
C. Safety of personnel
D. Vital records
عرض الإجابة
اجابة صحيحة: A
السؤال #23
A legacy application does not comply with new regulatory requirements to encrypt sensitive data at rest, and remediating this issue would require significant investment. What should the information security manager do FIRST?
A. Investigate alternative options to remediate the noncompliance
B. Assess the business impact to the organization
C. Present the noncompliance risk to senior management
D. Determine the cost to remediate the noncompliance
عرض الإجابة
اجابة صحيحة: B
السؤال #24
An organization has learned of a security breach at another company that utilizes similar Real 288 Isaca CISM Exam technology. The FIRST thing the information security manager should do is:
A. assess the likelihood of incidents from the reported cause
B. discontinue the use of the vulnerable technology
C. report to senior management that the organization is not affected
D. remind staff that no similar security breaches have taken place
عرض الإجابة
اجابة صحيحة: C
السؤال #25
Real 271 Isaca CISM Exam Which of the following is MOST closely associated with a business continuity program?
A. Confirming that detailed technical recovery plans exist
B. Periodically testing network redundancy
C. Updating the hot site equipment configuration every quarter
D. Developing recovery time objectives (RTOs) for critical functions
عرض الإجابة
اجابة صحيحة: B
السؤال #26
A post-incident review should be conducted by an incident management team to determine: Real 263 Isaca CISM Exam A. relevant electronic evidence.
B. lessons learned
C. hacker's identity
D. areas affected
عرض الإجابة
اجابة صحيحة: C
السؤال #27
What is the FIRST action an information security manager should take when a company laptop is reported stolen?
A. Evaluate the impact of the information loss
B. Update the corporate laptop inventory
C. Ensure compliance with reporting procedures
D. Disable the user account immediately
عرض الإجابة
اجابة صحيحة: C
السؤال #28
The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:
A. storage capacity and shelf life
B. regulatory and legal requirements
C. business strategy and direction
D. application systems and media
عرض الإجابة
اجابة صحيحة: D
السؤال #29
What is the PRIMARY objective of a post-event review in incident response?
A. Adjust budget provisioning
B. Preserve forensic data
C. Improve the response process
D. Ensure the incident is fully documented
عرض الإجابة
اجابة صحيحة: B
السؤال #30
Which of the following is the BEST way to verify that all critical production servers are utilizing up- to- date virus signature files?
A. Verify the date that signature files were last pushed out
B. Use a recently identified benign virus to test if it is quarantined
C. Research the most recent signature file and compare to the console
D. Check a sample of servers that the signature files are current
عرض الإجابة
اجابة صحيحة: A
السؤال #31
Which of the following MOST effectively helps an organization to align information security governance with corporate governance?
A. Promoting security as enabler to achieve business objectives
B. Prioritizing security initiatives based on IT strategy
C. Adopting global security standards to achieve business goals
D. Developing security performance metrics
عرض الإجابة
اجابة صحيحة: A
السؤال #32
A serious vulnerability is reported in the firewall software used by an organization. Which of the following should be the immediate action of the information security manager? Real 286 Isaca CISM Exam
A. Ensure that all OS patches are up-to-date
B. Block inbound traffic until a suitable solution is found
C. Obtain guidance from the firewall manufacturer
D. Commission a penetration test
عرض الإجابة
اجابة صحيحة: B
السؤال #33
A possible breach of an organization's IT system is reported by the project manager. What is the FIRST thing the incident response manager should do? A. Run a port scan on the system
B. Disable the logon ID
C. Investigate the system logs
D. Validate the incident
عرض الإجابة
اجابة صحيحة: B
السؤال #34
Which of the following is the MOST important element to ensure the successful recovery of a business during a disaster?
A. Detailed technical recovery plans are maintained offsite Real 267 Isaca CISM Exam
B. Network redundancy is maintained through separate providers
C. Hot site equipment needs are recertified on a regular basis
D. Appropriate declaration criteria have been established
عرض الإجابة
اجابة صحيحة: C
السؤال #35
An organization enacted several information security policies to satisfy regulatory requirements. Which of the following situations would MOST likely increase the probability of noncompliance to these requirements?
A. Inadequate buy-in from system owners to support the policies
B. Availability of security policy documents on a public website
C. Lack of training for end users on security policies
D. Lack of an information security governance framework
عرض الإجابة
اجابة صحيحة: A
السؤال #36
Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:
A. conducts frequent reviews of the security policy
B. has established relationships with external professionals
C. has a clearly defined charter and meeting protocols
D. includes a mix of members from all levels of management
عرض الإجابة
اجابة صحيحة: D
السؤال #37
Which of the following is the PRIMARY reason an information security strategy should be deployed across an organization?
A. To ensure that the business complies with security regulations
B. To ensure that management's intent is reflected in security activities
C. To ensure that employees adhere to security standards
D. To ensure that security-related industry best practices are adopted
عرض الإجابة
اجابة صحيحة: A
السؤال #38
What is the BEST method for mitigating against network denial of service (DoS) attacks?
A. Ensure all servers are up-to-date on OS patches
B. Employ packet filtering to drop suspect packets
C. Implement network address translation to make internal addresses nonroutable
D. Implement load balancing for Internet facing devices
عرض الإجابة
اجابة صحيحة: A
السؤال #39
Which of the following is MOST critical for an effective information security governance framework?
A. Board members are committed to the information security program
B. Information security policies are reviewed on a regular basis
C. The information security program is continually monitored
D. The CIO is accountable for the information security program
عرض الإجابة
اجابة صحيحة: A
السؤال #40
Who is ultimately responsible for the organization's information?
A. Data custodian
B. Chief information security officer (CISO) Board of directors
E. Chief information officer (CIO)
عرض الإجابة
اجابة صحيحة: C
السؤال #41
When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:
A. aligned with the IT strategic plan
B. based on the current rate of technological change
C. three-to-five years for both hardware and software
D. aligned with the business strategy
عرض الإجابة
اجابة صحيحة: D
السؤال #42
Which of the following would BEST enable integration of information security governance into corporate governance?
A. Ensuring appropriate business representation on the information security steering committee
B. Using a balanced scorecard to measure the performance of the information security strategy
C. Implementing IT governance, risk and compliance (IT GRC) dashboards
D. Having the CIO chair the information security steering committee
عرض الإجابة
اجابة صحيحة: C
السؤال #43
Which of the following is a PRIMARY responsibility of the information security governance function?
A. Defining security strategies to support organizational programs
B. Ensuring adequate support for solutions using emerging technologies
C. Fostering a risk-aware culture to strengthen the information security program
D. Advising senior management on optimal levels of risk appetite and tolerance
عرض الإجابة
اجابة صحيحة: A
السؤال #44
Which of the following BEST enables effective information security governance?
A. Periodic vulnerability assessments
B. Established information security metrics
C. Advanced security technologies
D. Security-aware corporate culture
عرض الإجابة
اجابة صحيحة: D
السؤال #45
Which of the following would represent a violation of the chain of custody when a backup tape has been identified as evidence in a fraud investigation? The tape was:
A. removed into the custody of law enforcement investigators
B. kept in the tape library' pending further analysis
C. sealed in a signed envelope and locked in a safe under dual control
D. handed over to authorized independent investigators
عرض الإجابة
اجابة صحيحة: C
السؤال #46
Which of the following should be the FIRST step in developing an information security plan?
A. Perform a technical vulnerabilities assessment
B. Analyze the current business strategy
C. Perform a business impact analysis
D. Assess the current levels of security awareness
عرض الإجابة
اجابة صحيحة: B
السؤال #47
Which of the following is MOST helpful for aligning security operations with the IT governance framework?
A. Information security policy
B. Security risk assessment
C. Security operations program
D. Business impact analysis (BIA)
عرض الإجابة
اجابة صحيحة: A
السؤال #48
Which of the following should an information security manager do FIRST after learning about a new regulation that affects the organization?
A. Evaluate the changes with legal counsel
B. Notify the affected business units
C. Assess the noncompliance risk
D. Inform senior management of the new regulation
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: