لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
The MOST important characteristic of good security policies is that they:
A. state expectations of IT management
B. state only one general security mandate
C. are aligned with organizational goals
D. govern the creation of procedures and guidelines
عرض الإجابة
اجابة صحيحة: C
السؤال #2
On a company's e-commerce web site, a good legal statement regarding data privacy should include:
A. a statement regarding what the company will do with the information it collects
B. a disclaimer regarding the accuracy of information on its web site
C. technical information regarding how information is protected
D. a statement regarding where the information is being hosted
عرض الإجابة
اجابة صحيحة: A
السؤال #3
The value of information assets is BEST determined by:
A. individual business managers
B. business systems analysts
C. information security management
D. industry averages benchmarking
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Which of the following BEST contributes to the development of a security governance framework that supports the maturity model concept?
A. Continuous analysis, monitoring and feedback
B. Continuous monitoring of the return on security investment (ROSD
C. Continuous risk reduction
D. Key risk indicator (KRD setup to security management processes
عرض الإجابة
اجابة صحيحة: A
السؤال #5
Which of the following should be determined while defining risk management strategies?
A. Risk assessment criteria
B. Organizational objectives and risk appetite
C. IT architecture complexity
D. Enterprise disaster recovery plans
عرض الإجابة
اجابة صحيحة: B
السؤال #6
The decision as to whether a risk has been reduced to an acceptable level should be determined by:
A. organizational requirements
B. information systems requirements
C. information security requirements
D. international standards
عرض الإجابة
اجابة صحيحة: A
السؤال #7
The PRIMARY goal in developing an information security strategy is to:
A. establish security metrics and performance monitoring
B. educate business process owners regarding their duties
C. ensure that legal and regulatory requirements are met
D. support the business objectives of the organization
عرض الإجابة
اجابة صحيحة: D
السؤال #8
For risk management purposes, the value of an asset should be based on:
A. original cost
B. net cash flow
C. net present value
D. replacement cost
عرض الإجابة
اجابة صحيحة: D
السؤال #9
The PRIMARY objective of a security steering group is to:
A. ensure information security covers all business functions
B. ensure information security aligns with business goals
C. raise information security awareness across the organization
D. implement all decisions on security management across the organization
عرض الإجابة
اجابة صحيحة: B
السؤال #10
Investment in security technology and processes should be based on:
A. clear alignment with the goals and objectives of the organization
B. success cases that have been experienced in previous projects
C. best business practices
D. safeguards that are inherent in existing technology
عرض الإجابة
اجابة صحيحة: A
السؤال #11
The MOST important factor in ensuring the success of an information security program is effective:
A. communication of information security requirements to all users in the organization
B. formulation of policies and procedures for information security
C. alignment with organizational goals and objectives
D. monitoring compliance with information security policies and procedures
عرض الإجابة
اجابة صحيحة: C
السؤال #12
Risk acceptance is a component of which of the following?
A. Assessment
B. Mitigation
C. Evaluation
D. Monitoring
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Which of the following risks would BEST be assessed using qualitative risk assessment techniques?
A. Theft of purchased software
B. Power outage lasting 24 hours
C. Permanent decline in customer confidence
D. Temporary loss of e-mail due to a virus attack
عرض الإجابة
اجابة صحيحة: C
السؤال #14
In implementing information security governance, the information security manager is PRIMARILY responsible for:
A. developing the security strategy
B. reviewing the security strategy
C. communicating the security strategy
D. approving the security strategy
عرض الإجابة
اجابة صحيحة: A
السؤال #15
Which of the following is the MOST important reason for an organization to develop an information security governance program?
A. Establishment of accountability
B. Compliance with audit requirements
C. Monitoring of security incidents
D. Creation of tactical solutions
عرض الإجابة
اجابة صحيحة: B
السؤال #16
The organization has decided to outsource the majority of the IT department with a vendor that is hosting servers in a foreign country. Of the following, which is the MOST critical security consideration?
A. Laws and regulations of the country of origin may not be enforceable in the foreign country
B. A security breach notification might get delayed due to the time difference
C. Additional network intrusion detection sensors should be installed, resulting in an additional cost
D. The company could lose physical control over the server and be unable to monitor the physical security posture of the servers
عرض الإجابة
اجابة صحيحة: A
السؤال #17
A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?
A. Enforce the existing security standard
B. Change the standard to permit the deployment
C. Perform a risk analysis to quantify the risk
D. Perform research to propose use of a better technology
عرض الإجابة
اجابة صحيحة: C
السؤال #18
Acceptable risk is achieved when:
A. residual risk is minimized
B. transferred risk is minimized
C. control risk is minimized
D. inherent risk is minimized
عرض الإجابة
اجابة صحيحة: A
السؤال #19
An organization's information security strategy should be based on:
A. managing risk relative to business objectives
B. managing risk to a zero level and minimizing insurance premiums
C. avoiding occurrence of risks so that insurance is not required
D. transferring most risks to insurers and saving on control costs
عرض الإجابة
اجابة صحيحة: A
السؤال #20
When residual risk is minimized:
A. acceptable risk is probable
B. transferred risk is acceptable
C. control risk is reduced
D. risk is transferable
عرض الإجابة
اجابة صحيحة: A
السؤال #21
To achieve effective strategic alignment of security initiatives, it is important that:
A. Steering committee leadership be selected by rotation
B. Inputs be obtained and consensus achieved between the major organizational units
C. The business strategy be updated periodically
D. Procedures and standards be approved by all departmental heads
عرض الإجابة
اجابة صحيحة: B
السؤال #22
Who should be responsible for enforcing access rights to application data?
A. Data owners
B. Business process owners
C. The security steering committee
D. Security administrators
عرض الإجابة
اجابة صحيحة: D
السؤال #23
Which of the following BEST describes the scope of risk analysis?
A. Key financial systems
B. Organizational activities
C. Key systems and infrastructure
D. Systems subject to regulatory compliance
عرض الإجابة
اجابة صحيحة: B
السؤال #24
The MOST important element in achieving executive commitment to an information security governance program is:
A. a defined security framework
B. identified business drivers
C. established security strategies
D. a process improvement model
عرض الإجابة
اجابة صحيحة: B
السؤال #25
The MOST complete business case for security solutions is one that.
A. includes appropriate justification
B. explains the current risk profile
C. details regulatory requirements
D. identifies incidents and losses
عرض الإجابة
اجابة صحيحة: A
السؤال #26
Which of the following is the MOST important requirement for the successful implementation of security governance?
A. Implementing a security balanced scorecard
B. Performing an enterprise-wide risk assessment
C. Mapping to organizational strategies
D. Aligning to an international security framework
عرض الإجابة
اجابة صحيحة: C
السؤال #27
The PRIMARY concern of an information security manager documenting a formal data retention policy would be:
A. generally accepted industry best practices
B. business requirements
C. legislative and regulatory requirements
D. storage availability
عرض الإجابة
اجابة صحيحة: B
السؤال #28
Which of the following is the BEST way to align security and business strategies?
A. Include security risk as part of corporate risk management
B. Develop a balanced scorecard for security
C. Establish key performance indicators (KPIs) for business through security processes
D. Integrate information security governance into corporate governance
عرض الإجابة
اجابة صحيحة: C
السؤال #29
A large organization is in the process of developing its information security program that involves working with several complex organizational functions. Which of the following will BEST enable the successful implementation of this program?
A. Security governance
B. Security policy
C. Security metrics
D. Security guidelines
عرض الإجابة
اجابة صحيحة: A
السؤال #30
The PRIMARY goal of information security governance to an organization is to:
A. align with business processes
B. align with business objectives
C. establish a security strategy
D. manage security costs
عرض الإجابة
اجابة صحيحة: B
السؤال #31
Information security projects should be prioritized on the basis of:
A. time required for implementation
B. impact on the organization
C. total cost for implementation
D. mix of resources required
عرض الإجابة
اجابة صحيحة: B
السؤال #32
Which of the following is the MOST effective way for senior management to support the integration of information security governance into corporate governance?
A. Develop the information security strategy based on the enterprise strategy
B. Appoint a business manager as heard of information security
C. Promote organization-wide information security awareness campaigns
D. Establish a steering committee with representation from across the organization
عرض الإجابة
اجابة صحيحة: A
السؤال #33
A multinational organization operating in fifteen countries is considering implementing an information security program. Which factor will MOST influence the design of the Information security program?
A. Representation by regional business leaders
B. Composition of the board
C. Cultures of the different countries
D. IT security skills
عرض الإجابة
اجابة صحيحة: C
السؤال #34
When an organization is implementing an information security governance program, its board of directors should be responsible for:
A. drafting information security policies
B. reviewing training and awareness programs
C. setting the strategic direction of the program
D. auditing for compliance
عرض الإجابة
اجابة صحيحة: C
السؤال #35
An information security manager discovers that the organization’s new information security policy is not being followed across all departments. Which of the following should be of GREATEST concern to the information security manager?
A. Different communication methods may be required for each business unit
B. Business unit management has not emphasized the importance of the new policy
C. The corresponding controls are viewed as prohibitive to business operations
D. The wording of the policy is not tailored to the audience
عرض الإجابة
اجابة صحيحة: C
السؤال #36
An information security manager at a global organization has to ensure that the local information security program will initially ensure compliance with the:
A. corporate data privacy policy
B. data privacy policy where data are collected
C. data privacy policy of the headquarters' country
D. data privacy directive applicable globally
عرض الإجابة
اجابة صحيحة: B
السؤال #37
An organization has detected potential risk emerging from noncompliance with new regulations in its industry. Which of the following is the MOST important reason to report this situation to senior management?
A. The risk profile needs to be updated
B. An external review of the risk needs to be conducted
C. Specific monitoring controls need to be implemented
D. A benchmark analysis needs to be performed
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: