لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
An online banking institution is concerned that the breach of customer personal information will have a significant financial impact due to the need to notify and compensate customers whose personal information may have been compromised. The institution determines that residual risk will always be too high and decides to:
A. mitigate the impact by purchasing insuranc
B. implement a circuit-level firewall to protect the networ
C. increase the resiliency of security measures in plac
D. implement a real-time intrusion detection syste
عرض الإجابة
اجابة صحيحة: B
السؤال #2
What is the MAIN risk when there is no user management representation on the Information Security Steering Committee?
A. Functional requirements are not adequately considere
B. User training programs may be inadequat
C. Budgets allocated to business units are not appropriat
D. Information security plans are not aligned with business requirements
عرض الإجابة
اجابة صحيحة: A
السؤال #3
The MAIN goal of an information security strategic plan is to:
A. develop a risk assessment pla
B. develop a data protection pla
C. protect information assets and resource
D. establish security governanc
عرض الإجابة
اجابة صحيحة: B
السؤال #4
In assessing risk, it is MOST essential to:
A. provide equal coverage for all asset type
B. use benchmarking data from similar organization
C. consider both monetary value and likelihood of los
D. focus primarily on threats and recent business losse
عرض الإجابة
اجابة صحيحة: C
السؤال #5
Which of the following is the MOST important consideration when implementing an intrusion detection system (IDS)?
A. Tuning
B. Patching
C. Encryption
D. Packet filtering
عرض الإجابة
اجابة صحيحة: A
السؤال #6
The PRIMARY reason for assigning classes of sensitivity and criticality to information resources is to provide a basis for:
A. determining the scope for inclusion in an information security progra
B. defining the level of access control
C. justifying costs for information resource
D. determining the overall budget of an information security progra
عرض الإجابة
اجابة صحيحة: A
السؤال #7
The MOST effective use of a risk register is to:
A. identify risks and assign roles and responsibilities for mitigatio
B. identify threats and probabilitie
C. facilitate a thorough review of all IT-related risks on a periodic basi
D. record the annualized financial amount of expected losses due to risk
عرض الإجابة
اجابة صحيحة: B
السؤال #8
How would an information security manager balance the potentially conflicting requirements of an international organization's security standards and local regulation?
A. Give organization standards preference over local regulations
B. Follow local regulations only
C. Make the organization aware of those standards where local regulations causes conflicts
D. Negotiate a local version of the organization standards
عرض الإجابة
اجابة صحيحة: A
السؤال #9
An information security strategy document that includes specific links to an organization's business activities is PRIMARILY an indicator of:
A. performance measuremen
B. integratio
C. alignmen
D. value deliver
عرض الإجابة
اجابة صحيحة: C
السؤال #10
Which of the following roles would represent a conflict of interest for an information security manager?
A. Evaluation of third parties requesting connectivity
B. Assessment of the adequacy of disaster recovery plans
C. Final approval of information security policies
D. Monitoring adherence to physical security controls
عرض الإجابة
اجابة صحيحة: A
السؤال #11
Acceptable risk is achieved when:
A. residual risk is minimize
B. transferred risk is minimize
C. control risk is minimize
D. inherent risk is minimize
عرض الإجابة
اجابة صحيحة: D
السؤال #12
Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:
A. it implies compliance risk
B. short-term impact cannot be determine
C. it violates industry security practice
D. changes in the roles matrix cannot be detecte
عرض الإجابة
اجابة صحيحة: B
السؤال #13
When performing a quantitative risk analysis, which of the following is MOST important to estimate the potential loss?
A. Evaluate productivity losses
B. Assess the impact of confidential data disclosure
C. Calculate the value of the information or asset
D. Measure the probability of occurrence of each threat
عرض الإجابة
اجابة صحيحة: C
السؤال #14
Which of the following is the MOST important element of an information security strategy?
A. Defined objectives
B. Time frames for delivery
C. Adoption of a control framework
D. Complete policies
عرض الإجابة
اجابة صحيحة: A
السؤال #15
When speaking to an organization's human resources department about information security, an information security manager should focus on the need for:
A. an adequate budget for the security progra
B. recruitment of technical IT employee
C. periodic risk assessment
D. security awareness training for employee
عرض الإجابة
اجابة صحيحة: C
السؤال #16
Nonrepudiation can BEST be ensured by using:
A. strong password
B. a digital has
C. symmetric encryptio
D. digital signature
عرض الإجابة
اجابة صحيحة: C
السؤال #17
An organization's information security strategy should be based on:
A. managing risk relative to business objective
B. managing risk to a zero level and minimizing insurance premium
C. avoiding occurrence of risks so that insurance is not require
D. transferring most risks to insurers and saving on control cost
عرض الإجابة
اجابة صحيحة: A
السؤال #18
An information security manager has been assigned to implement more restrictive preventive controls. By doing so, the net effect will be to PRIMARILY reduce the:
A. threa
B. los
C. vulnerabilit
D. probabilit
عرض الإجابة
اجابة صحيحة: C
السؤال #19
Who can BEST advocate the development of and ensure the success of an information security program?
A. Internal auditor
B. Chief operating officer (COO)
C. Steering committee
D. IT management
عرض الإجابة
اجابة صحيحة: D
السؤال #20
A digital signature using a public key infrastructure (PKI) will:
A. not ensure the integrity of a messag
B. rely on the extent to which the certificate authority (CA) is truste
C. require two parties to the message exchang
D. provide a high level of confidentialit
عرض الإجابة
اجابة صحيحة: B
السؤال #21
All risk management activities are PRIMARILY designed to reduce impacts to:
A. a level defined by the security manage
B. an acceptable level based on organizational risk toleranc
C. a minimum level consistent with regulatory requirement
D. the minimum level possibl
عرض الإجابة
اجابة صحيحة: C
السؤال #22
The MOST important factor in ensuring the success of an information security program is effective:
A. communication of information security requirements to all users in the organizatio
B. formulation of policies and procedures for information securit
C. alignment with organizational goals and objectives
D. monitoring compliance with information security policies and procedure
عرض الإجابة
اجابة صحيحة: A
السؤال #23
The PRIMARY objective of a security steering group is to:
A. ensure information security covers all business function
B. ensure information security aligns with business goal
C. raise information security awareness across the organizatio
D. implement all decisions on security management across the organizatio
عرض الإجابة
اجابة صحيحة: B
السؤال #24
An organization has adopted a practice of regular staff rotation to minimize the risk of fraud and encourage crosstraining. Which type of authorization policy would BEST address this practice?
A. Multilevel
B. Role-based
C. Discretionary
D. Attribute-based
عرض الإجابة
اجابة صحيحة: B
السؤال #25
Identification and prioritization of business risk enables project managers to:
A. establish implementation milestone
B. reduce the overall amount of slack tim
C. address areas with most significanc
D. accelerate completion of critical path
عرض الإجابة
اجابة صحيحة: B
السؤال #26
The MAIN advantage of implementing automated password synchronization is that it:
A. reduces overall administrative workloa
B. increases security between multi-tier system
C. allows passwords to be changed less frequentl
D. reduces the need for two-factor authenticatio
عرض الإجابة
اجابة صحيحة: A
السؤال #27
The MOST important reason for conducting periodic risk assessments is because:
A. risk assessments are not always precis
B. security risks are subject to frequent chang
C. reviewers can optimize and reduce the cost of control
D. it demonstrates to senior management that the security function can add valu
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: