لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which of the following features is normally missing when using Secure Sockets Layer (SSL) in a web browser?
A. Certificate-based authentication of web client
B. Certificate-based authentication of web server
C. Data confidentiality between client and web server
D. Multiple encryption algorithms
عرض الإجابة
اجابة صحيحة: B
السؤال #2
Security audit reviews should PRIMARILY:
A. ensure that controls operate as require
B. ensure that controls are cost-effectiv
C. focus on preventive control
D. ensure controls are technologically curren
عرض الإجابة
اجابة صحيحة: D
السؤال #3
Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?
A. More uniformity in quality of service
B. Better adherence to policies
C. Better alignment to business unit needs
D. More savings in total operating costs
عرض الإجابة
اجابة صحيحة: B
السؤال #4
Which of the following activities is MOST likely to increase the difficulty of totally eradicating malicious code that is not immediately detected?
A. Applying patches
B. Changing access rules
C. Upgrading hardware
D. Backing up files
عرض الإجابة
اجابة صحيحة: D
السؤال #5
The security responsibility of data custodians in an organization will include:
A. assuming overall protection of information asset
B. determining data classification level
C. implementing security controls in products they instal
D. ensuring security measures are consistent with polic
عرض الإجابة
اجابة صحيحة: C
السؤال #6
The MOST important function of a risk management program is to:
A. quantify overall ris
B. minimize residual ris
C. eliminate inherent ris
D. maximize the sum of all annualized loss expectancies (ALEs)
عرض الإجابة
اجابة صحيحة: C
السؤال #7
The cost of implementing a security control should not exceed the:
A. annualized loss expectanc
B. cost of an inciden
C. asset valu
D. implementation opportunity cost
عرض الإجابة
اجابة صحيحة: D
السؤال #8
After a risk assessment, it is determined that the cost to mitigate the risk is much greater than the benefit to be derived. The information security manager should recommend to business management that the risk be:
A. transferre
B. treate
C. accepte
D. terminate
عرض الإجابة
اجابة صحيحة: B
السؤال #9
Which of the following is the MOST important guideline when using software to scan for security exposures within a corporate network?
A. Never use open source tools
B. Focus only on production servers
C. Follow a linear process for attacks
D. Do not interrupt production processes
عرض الإجابة
اجابة صحيحة: D
السؤال #10
Topic 5Which of the following is the MOST important reason to document information security incidents that are reported across theorganization?
A. Identify unmitigated risk
B. Prevent incident recurrence
C. Evaluate the security posture of the organization
D. Support business investments in security
عرض الإجابة
اجابة صحيحة: B
السؤال #11
The value of information assets is BEST determined by:
A. individual business manager
B. business systems analyst
C. information security managemen
D. industry averages benchmarkin
عرض الإجابة
اجابة صحيحة: B
السؤال #12
Which of the following security activities should be implemented in the change management process to identify key vulnerabilities introduced by changes?
A. Business impact analysis (BIA)
B. Penetration testing
C. Audit and review
D. Threat analysis
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Topic 5A measure of the effectiveness of the incident response capabilities of an organization is the:
A. time to closure of incidents
B. number of employees receiving incident response training
C. reduction of the annual loss expectancy (ALE)
D. number of incidents detected
عرض الإجابة
اجابة صحيحة: C
السؤال #14
A benefit of using a full disclosure (white box) approach as compared to a blind (black box) approach to penetration testing is that:
A. it simulates the real-1ife situation of an external security attac
B. human intervention is not required for this type of tes
C. less time is spent on reconnaissance and information gatherin
D. critical infrastructure information is not revealed to the teste
عرض الإجابة
اجابة صحيحة: C
السؤال #15
The configuration management plan should PRIMARILY be based upon input from:
A. business process owner
B. the information security manage
C. the security steering committe
D. IT senior managemen
عرض الإجابة
اجابة صحيحة: C
السؤال #16
The criticality and sensitivity of information assets is determined on the basis of:
A. threat assessmen
B. vulnerability assessmen
C. resource dependency assessmen
D. impact assessmen
عرض الإجابة
اجابة صحيحة: B
السؤال #17
Information security should be:
A. focused on eliminating all risk
B. a balance between technical and business requirement
C. driven by regulatory requirement
D. defined by the board of director
عرض الإجابة
اجابة صحيحة: B
السؤال #18
On a company's e-commerce web site, a good legal statement regarding data privacy should include:
A. a statement regarding what the company will do with the information it collect
B. a disclaimer regarding the accuracy of information on its web sit
C. technical information regarding how information is protecte
D. a statement regarding where the information is being hoste
عرض الإجابة
اجابة صحيحة: C
السؤال #19
Topic 5Which of the following is MOST important to ensuring that incident management plans are executed effectively?
A. An incident response maturity assessment has been conducted
B. A reputable managed security services provider has been engaged
C. The incident response team has the appropriate training
D. Management support and approval has been obtained
عرض الإجابة
اجابة صحيحة: A
السؤال #20
Topic 5Which of the following should be determined FIRST when establishing a business continuity program?
A. Cost to rebuild information processing facilities
B. Incremental daily cost of the unavailability of systems
C. Location and cost of offsite recovery facilities
D. Composition and mission of individual recovery teams
عرض الإجابة
اجابة صحيحة: B
السؤال #21
To ensure that all information security procedures are functional and accurate, they should be designed with the involvement of:
A. end user
B. legal counse
C. operational unit
D. audit managemen
عرض الإجابة
اجابة صحيحة: A
السؤال #22
The BEST way to justify the implementation of a single sign-on (SSO) product is to use:
A. return on investment (RO
B. a vulnerability assessmen
C. annual loss expectancy (ALE)
D. a business cas
عرض الإجابة
اجابة صحيحة: C
السؤال #23
Requiring all employees and contractors to meet personnel security/suitability requirements commensurate with their position sensitivity level and subject to personnel screening is an example of a security:
A. polic
B. strateg
C. guideline
D. baselin
عرض الإجابة
اجابة صحيحة: D
السؤال #24
Which of the following is the MOST appropriate method for deploying operating system (OS) patches to production application servers?
A. Batch patches into frequent server updates
B. Initially load the patches on a test machine
C. Set up servers to automatically download patches
D. Automatically push all patches to the servers
عرض الإجابة
اجابة صحيحة: A
السؤال #25
To help ensure that contract personnel do not obtain unauthorized access to sensitive information, an information security manager should PRIMARILY:
A. set their accounts to expire in six months or les
B. avoid granting system administration role
C. ensure they successfully pass background check
D. ensure their access is approved by the data owne
عرض الإجابة
اجابة صحيحة: D
السؤال #26
The BEST way to ensure that an external service provider complies with organizational security policies is to:
A. Explicitly include the service provider in the security policie
B. Receive acknowledgment in writing stating the provider has read all policie
C. Cross-reference to policies in the service level agreement
D. Perform periodic reviews of the service provide
عرض الإجابة
اجابة صحيحة: D
السؤال #27
Topic 5Which of the following should be an information security managers MOST important criterion for determining when to reviewthe incident response plan?
A. When missing information impacts recovery from an incident
B. At intervals indicated by industry best practice
C. Before an internal audit of the incident response process
D. When recovery time objectives (RTOs) are not met
عرض الإجابة
اجابة صحيحة: B
السؤال #28
An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. The MOST important element of the request for proposal (RI P) is the:
A. references from other organization
B. past experience of the engagement tea
C. sample deliverabl
D. methodology used in the assessmen
عرض الإجابة
اجابة صحيحة: C
السؤال #29
Topic 5The MOST likely cause of a security information event monitoring (SIEM) solution failing to identify a serious incident is thatthe system:
A. is not collecting logs from relevant devices
B. has not been updated with the latest patches
C. is hosted by a cloud service provider
D. has performance issues
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.