لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
An organization's recent risk assessment has identified many areas of security risk, and senior management has asked for a five-minute overview of the assessment results. Which of the following is the information security manager's BEST option for presenting this information?
A. Risk register
B. Risk heat map
C. Spider diagram
D. Balanced scorecard
عرض الإجابة
اجابة صحيحة: B
السؤال #2
What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?
A. Agreeing on baseline values for the metrics
B. Developing a dashboard for communicating the metrics
C. Providing real-time insight on the security posture of the organization
D. Benchmarking the expected value of the metrics against industry standards
عرض الإجابة
اجابة صحيحة: A
السؤال #3
Several significant risks have been identified after a centralized risk register was compiled and prioritized. The information security manager’s most important action is to:
A. provide senior management with risk treatment options
B. design and implement controls to reduce the risk
C. consult external third parties on how to treat the risk
D. ensure that employees are aware of the risk
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Which of the following is MOST important to consider when prioritizing threats during the risk assessment process?
A. The criticality of threatened systems
B. The severity of exploited vulnerabilities
C. The potential impact on operations
D. The capability of threat actors
عرض الإجابة
اجابة صحيحة: A
السؤال #5
Which of the following should be the PRIMARY consideration for an information security manager when designing security controls for a newly acquired business application?
A. Known vulnerabilities in the application
B. The IT security architecture framework
C. Cost-benefit analysis of current controls
D. Business processes supported by the application
عرض الإجابة
اجابة صحيحة: C
السؤال #6
A PRIMARY purpose of creating security policies is to:
A. implement management’s governance strategy
B. establish the way security tasks should be executed
C. communicate management’s security expectations
D. define allowable security boundaries
عرض الإجابة
اجابة صحيحة: B
السؤال #7
Which of the following is the BEST indicator of a successful external intrusion into computer systems?
A. Unexpected use of protocols within the DMZ
B. Unexpected increase of malformed URLs
C. Decrease in the number of login failures
D. Spikes in the number of login failures
عرض الإجابة
اجابة صحيحة: A
السؤال #8
In assessing the degree to which an organization may be affected by new privacy legislation, information security management should FIRST:
A. develop an operational plan for achieving compliance with the legislation
B. identify systems and processes that contain privacy components
C. restrict the collection of personal information until compliant
D. identify privacy legislation in other countries that may contain similar requirements
عرض الإجابة
اجابة صحيحة: B
السؤال #9
Which of the following should be PRIMARILY included in a security training program for business process owners?
A. Impact of security risks
B. Application vulnerabilities
C. Application recovery time
D. List of security incidents reported
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Which of the following guarantees that data in a file have not changed?
A. Inspecting the modified date of the file
B. Encrypting the file with symmetric encryption
C. Using stringent access control to prevent unauthorized access
D. Creating a hash of the file, then comparing the file hashes
عرض الإجابة
اجابة صحيحة: D
السؤال #11
Implementing a strong password policy is part of an organization’s information security strategy for the year. A business unit believes the strategy may adversely affect a client’s adoption of a recently developed mobile application and has decided not to implement the policy. Which of the following is the information security manager’s BEST course of action?
A. Analyze the risk and impact of not implementing the policy
B. Develop and implement a password policy for the mobile application
C. Escalate non-implementation of the policy to senior management
D. Benchmark with similar mobile applications to identify gaps
عرض الإجابة
اجابة صحيحة: C
السؤال #12
An organization has decided to implement additional security controls to treat the risks of a new process. This is an example of:
A. eliminating the risk
B. transferring the risk
C. mitigating the risk
عرض الإجابة
اجابة صحيحة: C
السؤال #13
Which of the following is the MOST effective approach for integrating security into application development?
A. Defining security requirements
B. Performing vulnerability scans
C. Including security in user acceptance testing sign-off
D. Developing security models in parallel
عرض الإجابة
اجابة صحيحة: A
السؤال #14
Which of the following is the MOST effective method of preventing deliberate internal security breaches?
A. Screening prospective employees
B. Well-designed firewall system
C. Well-designed intrusion detection system (IDS)
D. Biometric security access control
عرض الإجابة
اجابة صحيحة: B
السؤال #15
Which of the following is the PRIMARY prerequisite to implementing data classification within an organization?
A. Defining job roles
B. Performing a risk assessment
C. Identifying data owners
D. Establishing data retention policies
عرض الإجابة
اجابة صحيحة: C
السؤال #16
Which of the following would provide senior management with the BEST information to better understand the organization’s information security risk profile?
A. Scenarios that impact business operations
B. Scenarios that disrupt client services
C. Scenarios that impact business goals
D. Scenarios that have a monetary impact
عرض الإجابة
اجابة صحيحة: C
السؤال #17
Risk assessment should be conducted on a continuing basis because:
A. controls change on a continuing basis
B. the number of hacking incidents is increasing
C. management should be updated about changes in risk
D. factors that affect information security change
عرض الإجابة
اجابة صحيحة: A
السؤال #18
Which of the following is the MOST important action when using a web application that has recognized vulnerabilities?
A. Deploy an application firewall
B. Deploy host-based intrusion detection
C. Install anti-spyware software
D. Monitor application level logs
عرض الإجابة
اجابة صحيحة: A
السؤال #19
The MAIN advantage of implementing automated password synchronization is that it:
A. reduces overall administrative workload
B. increases security between multi-tier systems
C. allows passwords to be changed less frequently
D. reduces the need for two-factor authentication
عرض الإجابة
اجابة صحيحة: A
السؤال #20
An inexperienced information security manager is relying on its internal audit department to design and implement key security controls. Which of the following is the GREATEST risk?
A. Inadequate implementation of controls
B. Conflict of interest
C. Violation of the audit charter
D. Inadequate audit skills
عرض الإجابة
اجابة صحيحة: B
السؤال #21
A PRIMARY advantage of involving business management in evaluating and managing information security risks is that they:
A. better understand organizational risks
B. can balance technical and business risks
C. are more objective than security management
D. better understand the security architecture
عرض الإجابة
اجابة صحيحة: B
السؤال #22
Deciding the level of protection a particular asset should be given in BEST determined by:
A. a threat assessment
B. a vulnerability assessment
C. a risk analysis
D. the corporate risk appetite
عرض الإجابة
اجابة صحيحة: C
السؤال #23
Which of the following is the BEST course of action for the information security manager when residual risk is above the acceptable level of risk?
A. Perform a cost-benefit analysis
B. Recommend additional controls
C. Carry out a risk assessment
D. Defer to business management
عرض الإجابة
اجابة صحيحة: B
السؤال #24
Which of the following is MOST important to consider when developing a disaster recovery plan?
A. Business continuity plan (BCP)
B. Business impact analysis (BIA)
C. Cost-benefit analysis
D. Feasibility assessment
عرض الإجابة
اجابة صحيحة: B
السؤال #25
Which of the following BEST validates that security controls are implemented in a new business process?
A. Assess the process according to information security policy
B. Benchmark the process against industry practices
C. Verify the use of a recognized control framework
D. Review the process for conformance with information security best practices
عرض الإجابة
اجابة صحيحة: A
السؤال #26
An organization has adopted a practice of regular staff rotation to minimize the risk of fraud and encourage cross training. Which type of authorization policy would BEST address this practice?
A. Multilevel
B. Role-based
C. Discretionary
D. Attribute-based
عرض الإجابة
اجابة صحيحة: B
السؤال #27
A CEO requests access to corporate documents from a mobile device that does not comply with organizational policy. The information security manager should FIRST:
A. evaluate a third-party solution
B. deploy additional security controls
C. evaluate the business risk
D. initiate an exception approval process
عرض الإجابة
اجابة صحيحة: C
السؤال #28
Which of the following contributes MOST to the effective implementation of an information security strategy?
A. Reporting of security metrics
B. Regular security awareness training
C. Endorsement by senior management
D. Implementation of security standards
عرض الإجابة
اجابة صحيحة: C
السؤال #29
An organization with a strict need-to-know information access policy is about to launch a knowledge management intranet. Which of the following is the MOST important activity to ensure compliance with existing security policies?
A. Develop a control procedure to check content before it is published
B. Change organization policy to allow wider use of the new web site
C. Ensure that access to the web site is limited to senior managers and the board
D. Password-protect documents that contain confidential information
عرض الإجابة
اجابة صحيحة: A
السؤال #30
The contribution of recovery point objective (RPO) to disaster recovery is to:
A. define backup strategy
B. eliminate single points of failure
C. reduce mean time between failures (MTBF)
D. minimize outage period
عرض الإجابة
اجابة صحيحة: D
السؤال #31
After assessing and mitigating the risks of a web application, who should decide on the acceptance of residual application risks?
A. Information security officer
B. Chief information officer (CIO)
C. Business owner
D. Chief executive officer (CFO)
عرض الإجابة
اجابة صحيحة: C
السؤال #32
Which of the following is the MOST important reason for an information security review of contracts? To help ensure that:
A. the parties to the agreement can perform
B. confidential data are not included in the agreement
C. appropriate controls are included
D. the right to audit is a requirement
عرض الإجابة
اجابة صحيحة: C
السؤال #33
Which of the following provides the GREATEST assurance that information security is addressed in change management?
A. Performing a security audit on changes
B. Providing security training for change advisory board
C. Requiring senior management sign-off on change management
D. Reviewing changes from a security perspective
عرض الإجابة
اجابة صحيحة: D
السؤال #34
An organization’s outsourced firewall was poorly configured and allowed unauthorized access that resulted in downtime of 48 hours. Which of the following should be the information security manager’s NEXT course of action?
A. Reconfigure the firewall in accordance with best practices
B. Obtain supporting evidence that the problem has been corrected
C. Revisit the contract and improve accountability of the service provider
D. Seek damages from the service provider
عرض الإجابة
اجابة صحيحة: B
السؤال #35
Conflicting objectives are MOST likely to compromise the effectiveness of the information security process when information security management is:
A. reporting to the network infrastructure manager
B. outside of information technology
C. partially staffed by external security consultants
D. combined with the change management function
عرض الإجابة
اجابة صحيحة: D
السؤال #36
Risk management is MOST cost-effective:
A. when performed on a continuous basis
B. while developing the business case for the security program
C. at the beginning of security program development
D. when integrated into other corporate assurance functions
عرض الإجابة
اجابة صحيحة: D
السؤال #37
Which of the following is the GREATEST risk of single sign-on?
A. It is a single point of failure for an enterprise access control process
B. Password carelessness by one user may render the entire infrastructure vulnerable
C. Integration of single sign-on with the rest of the infrastructure is complicated
D. One administrator maintains the single sign-on solutions without segregation of duty
عرض الإجابة
اجابة صحيحة: A
السؤال #38
Vulnerability scanning has detected a critical risk in a vital business application. Which of the following should the information security manager do FIRST?
A. Report the business risk to senior management
B. Confirm the risk with the business owner
C. Update the risk register
D. Create an emergency change request
عرض الإجابة
اجابة صحيحة: B
السؤال #39
Information security awareness programs are MOST effective when they are:
A. customized for each target audience
B. sponsored by senior management
C. reinforced by computer-based training
D. conducted at employee orientation
عرض الإجابة
اجابة صحيحة: A
السؤال #40
Which of the following is the BEST method for determining whether new risks exist in legacy applications?
A. Regularly scheduled risk assessments
B. Automated vulnerability scans
C. Third-party penetration testing
D. Frequent updates to the risk register
عرض الإجابة
اجابة صحيحة: A
السؤال #41
When configuring a biometric access control system that protects a high-security data center, the system's sensitivity level should be set:
A. to a higher false reject rate (FRR)
B. to a lower crossover error rate
C. to a higher false acceptance rate (FAR)
D. exactly to the crossover error rate
عرض الإجابة
اجابة صحيحة: A
السؤال #42
Which of the following is the PRIMARY goal of a risk management program?
A. Implement preventive controls against threats
B. Manage the business impact of inherent risks
C. Manage compliance with organizational policies
D. Reduce the organization’s risk appetite
عرض الإجابة
اجابة صحيحة: B
السؤال #43
Which of the following is the PRIMARY reason for executive management to be involved in establishing an enterprise’s security management framework?
A. To determine the desired state of enterprise security
B. To establish the minimum level of controls needed
C. To satisfy auditors’ recommendations for enterprise security
D. To ensure industry best practices for enterprise security are followed
عرض الإجابة
اجابة صحيحة: A
السؤال #44
An organization is in the process of adopting a hybrid data infrastructure, transferring all non-core applications to cloud service providers and maintaining all core business functions in-house. The information security manager has determined a defense in depth strategy should be used. Which of the following BEST describes this strategy?
A. Multi-factor login requirements for cloud service applications, timeouts, and complex passwords
B. Deployment of nested firewalls within the infrastructure
C. Separate security controls for applications, platforms, programs, and endpoints
D. Strict enforcement of role-based access control (RBAC)
عرض الإجابة
اجابة صحيحة: C
السؤال #45
Which of the following would provide the MOST effective security outcome in an organization’s contract management process?
A. Extending security assessment to include random penetration testing
B. Extending security assessment to cover asset disposal on contract termination
C. Performing vendor security benchmark analyses at the request-for-proposal stage
D. Ensuring security requirements are defined at the request-for-proposal stage
عرض الإجابة
اجابة صحيحة: C
السؤال #46
When preventative controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?
A. Assess vulnerabilities
B. Manage the impact
C. Evaluate potential threats
D. Identify unacceptable risk levels
عرض الإجابة
اجابة صحيحة: D
السؤال #47
Which of the following BEST describes a buffer overflow?
A. A program contains a hidden and unintended function that presents a security risk
B. A type of covert channel that captures data
C. Malicious code designed to interfere with normal operations
D. A function is carried out with more data than the function can handle
عرض الإجابة
اجابة صحيحة: D
السؤال #48
Which of the following trends would be of GREATEST concern when reviewing the performance of an organization’s intrusion detection systems (IDS)?
A. Decrease in false negatives
B. Increase in false positives
C. Decrease in false positives
D. Increase in false negatives
عرض الإجابة
اجابة صحيحة: D
السؤال #49
What is the role of the information security manager in finalizing contract negotiations with service providers?
A. To update security standards for the outsourced process
B. To ensure that clauses for periodic audits are included
C. To obtain a security standard certification from the provider
D. To perform a risk analysis on the outsourcing process
عرض الإجابة
اجابة صحيحة: A
السؤال #50
Which of the following should an information security manager establish FIRST to ensure security-related activities are adequately monitored?
A. Internal reporting channels
B. Accountability for security functions
C. Scheduled security assessments
D. Regular reviews of computer system logs
عرض الإجابة
اجابة صحيحة: A
السؤال #51
When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?
A. Risk management
B. Change management
C. Access control management
D. Configuration management
عرض الإجابة
اجابة صحيحة: A
السؤال #52
Which of the following is MOST important for an information security manager to ensure when evaluating change requests?
A. Requests are approved by process owners
B. Requests add value to the business
C. Residual risk is within risk tolerance
D. Contingency plans have been created
عرض الإجابة
اجابة صحيحة: D
السؤال #53
When developing a disaster recovery plan, which of the following would be MOST helpful in prioritizing the order in which systems should be recovered?
A. Performing a business impact analysis (BIA)
B. Measuring the volume of data in each system
C. Reviewing the information security policy
D. Reviewing the business strategy
عرض الإجابة
اجابة صحيحة: A
السؤال #54
The objective of risk management is to reduce risk to the minimum level that is:
A. compliant with security policies
B. practical given industry and regulatory environments
C. achievable from technical and financial perspectives
D. acceptable given the preference of the organization
عرض الإجابة
اجابة صحيحة: A
السؤال #55
Which is the BEST way for an organization to monitor security risk?
A. Analyzing key performance indicators (KPIs)
B. Using external risk intelligence services
C. Using a dashboard to assess vulnerabilities
D. Analyzing key risk indicators (KRIs)
عرض الإجابة
اجابة صحيحة: D
السؤال #56
Which of the following BEST protects against web-based cross-domain attacks?
A. Database hardening
B. Application controls
C. Network addressing scheme
D. Encryption controls
عرض الإجابة
اجابة صحيحة: B
السؤال #57
When supporting an organization’s privacy officer, which of the following is the information security manager’s PRIMARY role regarding primacy requirements?
A. Monitoring the transfer of private data
B. Conducting privacy awareness programs
C. Ensuring appropriate controls are in place
D. Determining data classification
عرض الإجابة
اجابة صحيحة: C
السؤال #58
Which of the following if the MOST significant advantage of developing a well-defined information security strategy?
A. Support for buy-in from organizational employees
B. Allocation of resources to highest priorities
C. Prevention of deviations from risk tolerance thresholds
D. Increased maturity of incident response processes
عرض الإجابة
اجابة صحيحة: C
السؤال #59
The PRIMARY advantage of involving end users in continuity planning is that they:
A. are more objective than information security management
B. can balance the technical and business risks
C. have a better understanding of specific business needs
D. can see the overall impact to the business
عرض الإجابة
اجابة صحيحة: B
السؤال #60
When developing a new application, which of the following is the BEST approach to ensure compliance with security requirements?
A. Provide security training for developers
B. Prepare detailed acceptance criteria
C. Adhere to change management processes
D. Perform a security gap analysis
عرض الإجابة
اجابة صحيحة: B
السؤال #61
Which of the following is the GREATEST benefit of integrating information security program requirements into vendor management?
A. The ability to reduce risk in the supply chain
B. The ability to meet industry compliance requirements
C. The ability to define service level agreements (SLAs)
D. The ability to improve vendor performance
عرض الإجابة
اجابة صحيحة: A
السؤال #62
Which of the following is the MOST important function of information security?
A. Managing risk to the organization
B. Reducing the financial impact of security breaches
C. Identifying system vulnerabilities
D. Preventing security incidents
عرض الإجابة
اجابة صحيحة: A
السؤال #63
Threat and vulnerability assessments are important PRIMARILY because they are:
A. needed to estimate risk
B. the basis for setting control objectives
C. elements of the organization’s security posture
D. used to establish security investments
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.