السؤال #1

Which of the following is MOST appropriate for inclusion in an information security strategy?

A. Business controls designated as key controls

B. Security processes, methods, tools and techniques

C. Firewall rule sets, network defaults and intrusion detection system (IDS) settings

D. Budget estimates to acquire specific security tools

عرض الإجابة

اجابة صحيحة: B

السؤال #2

Which of the following measures is the MOST effective deterrent against disgruntled stall abusing their privileges?

A. Layered defense strategy

B. System audit log monitoring

C. Signed acceptable use policy

D. High-availability systems

عرض الإجابة

اجابة صحيحة: C

السؤال #3

To determine the selection of controls required to meet business objectives, an information security manager should:

A. prioritize the use of role-based access controls

B. focus on key controls

C. restrict controls to only critical applications

D. focus on automated controls

عرض الإجابة

اجابة صحيحة: C

السؤال #4

For virtual private network (VPN) access to the corporate network, the information security manager is requiring strong authentication. Which of the following is the strongest method to ensure that logging onto the network is secure?

A. Biometrics

B. Symmetric encryption keys

C. Secure Sockets Layer (SSL)-based authentication

D. Two-factor authentication

عرض الإجابة

اجابة صحيحة: B

السؤال #5

Which of the following would be the BEST defense against sniffing?

A. Password protect the files

B. Implement a dynamic IP address scheme

C. Encrypt the data being transmitted

D. Set static mandatory access control (MAC) addresses

عرض الإجابة

اجابة صحيحة: D

السؤال #6

To BEST improve the alignment of the information security objectives in an organization, the chief information security officer (CISO) should:

A. revise the information security program

B. evaluate a balanced business scorecard

C. conduct regular user awareness sessions

D. perform penetration tests

عرض الإجابة

اجابة صحيحة: A

السؤال #7

An organization's operations staff places payment files in a shared network folder and then the disbursement staff picks up the files for payment processing. This manual intervention will be automated some months later, thus cost-efficient controls are sought to protect against file alterations. Which of the following would be the BEST solution?

A. Design a training program for the staff involved to heighten information security awareness

B. Set role-based access permissions on the shared folder

C. The end user develops a PC macro program to compare sender and recipient file contents

D. Shared folder operators sign an agreement to pledge not to commit fraudulent activities

عرض الإجابة

اجابة صحيحة: B

السؤال #8

An operating system (OS) noncritical patch to enhance system security cannot be applied because a critical application is not compatible with the change. Which of the following is the BEST solution? C.

A. Rewrite the application to conform to the upgraded operating system

B. Compensate for not installing the patch with mitigating controls

C. Alter the patch to allow the application to run in a privileged state

D. Run the application on a test platform; tune production to allow patch and application

عرض الإجابة

اجابة صحيحة: A

السؤال #9

The MOST effective use of a risk register is to:

A. identify risks and assign roles and responsibilities for mitigation

B. identify threats and probabilities

C. facilitate a thorough review of all IT-related risks on a periodic basis

D. record the annualized financial amount of expected losses due to risks

عرض الإجابة

اجابة صحيحة: B

السؤال #10

On which of the following should a firewall be placed?

A. Web server

B. Intrusion detection system (IDS) server

C. Screened subnet

D. Domain boundary

عرض الإجابة

اجابة صحيحة: A

السؤال #11

Which of the following practices is BEST to remove system access for contractors and other temporary users when it is no longer required?

A. Log all account usage and send it to their manager

B. Establish predetermined automatic expiration dates

C. Require managers to e-mail security when the user leaves

D. Ensure each individual has signed a security acknowledgement

عرض الإجابة

اجابة صحيحة: B

السؤال #12

In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?

A. Implementing on-screen masking of passwords

B. Conducting periodic security awareness programs

C. Increasing the frequency of password changes

D. Requiring that passwords be kept strictly confidential

عرض الإجابة

اجابة صحيحة: B

السؤال #13

At what stage of the applications development process would encryption key management initially be addressed?

A. Requirements development

B. Deployment

C. Systems testing

D. Code reviews

عرض الإجابة

اجابة صحيحة: A

السؤال #14

Which of the following is the MOST important reason why information security objectives should be defined?

A. Tool for measuring effectiveness

B. General understanding of goals

C. Consistency with applicable standards

D. Management sign-off and support initiatives

عرض الإجابة

اجابة صحيحة: B

السؤال #15

B. Which of the following should be determined FIRST when establishing a business continuity program?

A. Cost to rebuild information processing facilities Incremental daily cost of the unavailability of systems

C. Location and cost of offsite recovery facilities

D. Composition and mission of individual recovery teams

عرض الإجابة

اجابة صحيحة: C

السؤال #16

Which of the following mechanisms is the MOST secure way to implement a secure wireless network?

A. Filter media access control (MAC) addresses

B. Use a Wi-Fi Protected Access (WPA2) protocol

C. Use a Wired Equivalent Privacy (WEP) key

D. Web-based authentication

عرض الإجابة

اجابة صحيحة: A

السؤال #17

When an emergency security patch is received via electronic mail, the patch should FIRST be:

A. loaded onto an isolated test machine

B. decompiled to check for malicious code

C. validated to ensure its authenticity

D. copied onto write-once media to prevent tampering

عرض الإجابة

اجابة صحيحة: C

السؤال #18

Data owners will determine what access and authorizations users will have by:

A. delegating authority to data custodian

B. cloning existing user accounts

C. determining hierarchical preferences

D. mapping to business needs

عرض الإجابة

اجابة صحيحة: A

السؤال #19

Which of the following actions should be taken when an online trading company discovers a network attack in progress?

A. Shut off all network access points

B. Dump all event logs to removable media

C. Isolate the affected network segment

D. Enable trace logging on all event

عرض الإجابة

اجابة صحيحة: B

السؤال #20

Which of the following is MOST effective in protecting against the attack technique known as phishing?

A. Firewall blocking rules

B. Up-to-date signature files

C. Security awareness training

D. Intrusion detection monitoring

عرض الإجابة

اجابة صحيحة: D

السؤال #21

Which of the following is the MOST appropriate individual to implement and maintain the level of information security needed for a specific business application?

A. System analyst

B. Quality control manager

C. Process owner

D. Information security manager

عرض الإجابة

اجابة صحيحة: A

السؤال #22

Which of the following is the MOST likely to change an organization's culture to one that is more security conscious?

A. Adequate security policies and procedures

B. Periodic compliance reviews

C. Security steering committees

D. Security awareness campaigns

عرض الإجابة

اجابة صحيحة: B

السؤال #23

Which of the following is the BEST method to securely transfer a message?

A. Password-protected removable media

B. Facsimile transmission in a secured room

C. Using public key infrastructure (PKI) encryption

D. Steganography

عرض الإجابة

اجابة صحيحة: C

السؤال #24

The MOST appropriate role for senior management in supporting information security is the:

A. evaluation of vendors offering security products

B. assessment of risks to the organization

C. approval of policy statements and funding

D. monitoring adherence to regulatory requirements

عرض الإجابة

اجابة صحيحة: C

السؤال #25

At the conclusion of a disaster recovery test, which of the following should ALWAYS be performed prior to leaving the vendor's hot site facility?

A. Erase data and software from devices

B. Conduct a meeting to evaluate the test

C. Complete an assessment of the hot site provider

D. Evaluate the results from all test scripts

عرض الإجابة

اجابة صحيحة: C

السؤال #26

The MAIN goal of an information security strategic plan is to:

A. develop a risk assessment plan

B. develop a data protection plan

C. protect information assets and resources

D. establish security governance

عرض الإجابة

اجابة صحيحة: C

السؤال #27

Which of the following is MOST important for a successful information security program? C.

A. Adequate training on emerging security technologies

B. Open communication with key process owners Adequate policies, standards and procedures

D. Executive management commitment

عرض الإجابة

اجابة صحيحة: A

السؤال #28

Nonrepudiation can BEST be ensured by using:

A. strong passwords

B. a digital hash

C. symmetric encryption

D. digital signatures

عرض الإجابة

اجابة صحيحة: D

السؤال #29

A test plan to validate the security controls of a new system should be developed during which phase of the project? C.

A. Testing

B. Initiation Design

D. Development

عرض الإجابة

اجابة صحيحة: B

السؤال #30

Which of the following tools is MOST appropriate to assess whether information security governance objectives are being met?

A. SWOT analysis

B. Waterfall chart Gap analysis

D. Balanced scorecard

عرض الإجابة

اجابة صحيحة: B

السؤال #31

An organization is already certified to an international security standard. Which mechanism would BEST help to further align the organization with other data security regulatory requirements as per new business needs?

A. Key performance indicators (KPIs)

B. Business impact analysis (BIA)

C. Gap analysis

D. Technical vulnerability assessment

عرض الإجابة

اجابة صحيحة: D

السؤال #32

In the process of deploying a new e-mail system, an information security manager would like to ensure the confidentiality of messages while in transit. Which of the following is the MOST appropriate method to ensure data confidentiality in a new e-mail system implementation?

A. Encryption

B. Digital certificate

C. Digital signature

D. I lashing algorithm

عرض الإجابة

اجابة صحيحة: C

السؤال #33

Which of the following ensures that newly identified security weaknesses in an operating system are mitigated in a timely fashion? C.

A. Patch management

B. Change management

C. Security baselines

D. Acquisition management

عرض الإجابة

اجابة صحيحة: D

السؤال #34

What is an appropriate frequency for updating operating system (OS) patches on production servers?

A. During scheduled rollouts of new applications

B. According to a fixed security patch management schedule

C. Concurrently with quarterly hardware maintenance

C.

D. Whenever important security patches are released

عرض الإجابة

اجابة صحيحة: B

السؤال #35

When implementing security controls, an information security manager must PRIMARILY focus on:

A. minimizing operational impacts

B. eliminating all vulnerabilities

C. usage by similar organizations

D. certification from a third party

عرض الإجابة

اجابة صحيحة: D

السؤال #36

The PRIMARY objective of an Internet usage policy is to prevent:

B.

A. access to inappropriate sites

C. violation of copyright laws

D. disruption of Internet access

عرض الإجابة

اجابة صحيحة: B

السؤال #37

The BEST method for detecting and monitoring a hacker's activities without exposing information assets to unnecessary risk is to utilize:

A. firewalls

C. decoy files

D. screened subnets

عرض الإجابة

اجابة صحيحة: C

السؤال #38

Security awareness training is MOST likely to lead to which of the following? Decrease in intrusion incidents

B. Increase in reported incidents

C. Decrease in security policy changes

D. Increase in access rule violations

عرض الإجابة

اجابة صحيحة: B

السؤال #39

Priority should be given to which of the following to ensure effective implementation of information security governance?

A. Consultation

B. Negotiation

C. Facilitation

D. Planning

عرض الإجابة

اجابة صحيحة: D

السؤال #40

In order to protect a network against unauthorized external connections to corporate systems, the information security manager should BEST implement: D.

A. a strong authentication

B. IP antispoofing filtering

C. network encryption protocol

E.

عرض الإجابة

اجابة صحيحة: A

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان

عرض الإجابات بعد التقديم

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع! احصل الان

عرض الإجابات بعد التقديم

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان