لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
The PRIMARY purpose of installing an intrusion detection system (IDS) is to identify:
A. weaknesses in network security
B. patterns of suspicious access
C. how an attack was launched on the network
D. potential attacks on the internal network
عرض الإجابة
اجابة صحيحة: B
السؤال #2
A large number of exceptions to an organization's information security standards have been granted after senior management approved a bring your own device (BYOD) program. To address this situation, it is MOST important for the information security manager to:
A. introduce strong authentication on devices
B. reject new exception requests
C. update the information security policy
D. require authorization to wipe lost devices
عرض الإجابة
اجابة صحيحة: D
السؤال #3
Which of the following risks is represented in the risk appetite of an organization?
A. Control
B. Inherent
C. Residual
D. Audit
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Which of the following messages would be MOST effective in obtaining senior management’s commitment to information security management?
A. Effective security eliminates risk to the business
B. Adopt a recognized framework with metrics
C. Security is a business product and not a process
D. Security supports and protects the business
عرض الإجابة
اجابة صحيحة: D
السؤال #5
Logging is an example of which type of defense against systems compromise?
A. Containment
B. Detection
C. Reaction
D. Recovery
عرض الإجابة
اجابة صحيحة: B
السؤال #6
Which of the following change management procedures is MOST likely to cause concern to the information security manager?
A. Fallback processes are tested the weekend before changes are made
B. The development manager migrates programs into production
C. A manual rather than an automated process is used to compare program versions
D. Users are not notified of scheduled system changes
عرض الإجابة
اجابة صحيحة: C
السؤال #7
A global organization processes and stores large volumes of personal data. Which of the following would be the MOST important attribute in creating a data access policy?
A. Availability
B. Integrity
C. Reliability
D. Confidentiality
عرض الإجابة
اجابة صحيحة: C
السؤال #8
An organization has learned of a security breach at another company that utilizes similar technology. The FIRST thing the information security manager should do is:
A. assess the likelihood of incidents from the reported cause
B. discontinue the use of the vulnerable technology
C. report to senior management that the organization is not affected
D. remind staff that no similar security breaches have taken place
عرض الإجابة
اجابة صحيحة: C
السؤال #9
Which of the following is the PRIMARY responsibility of the information security manager when an organization implements the use of personally-owned devices on the corporate network?
A. Requiring remote wipe capabilities
B. Enforcing defined policy and procedures
C. Conducting security awareness training
D. Encrypting the data on mobile devices
عرض الإجابة
اجابة صحيحة: B
السؤال #10
Which of the following is the PRIMARY responsibility of the designated spokesperson during incident response testing?
A. Communicating the severity of the incident to the board
B. Establishing communication channels throughout the organization
C. Evaluating the effectiveness of the communication processes
D. Acknowledging communications from the incident response team
عرض الإجابة
اجابة صحيحة: B
السؤال #11
Which of the following metrics is the BEST indicator of an abuse of the change management process that could compromise information security?
A. Small number of change request
B. Large percentage decrease in monthly change requests
C. Percentage of changes that include post-approval supplemental add-ons
D. High ratio of lines of code changed to total lines of code
عرض الإجابة
اجابة صحيحة: A
السؤال #12
Which of the following will BEST protect confidential data when connecting large wireless networks to an existing wired-network infrastructure?
A. Mandatory access control (MAC) address filtering
B. Strong passwords
C. Virtual private network (VPN)
D. Firewall
عرض الإجابة
اجابة صحيحة: D
السؤال #13
In which of the following system development life cycle (SDLC) phases are access control and encryption algorithms chosen?
A. Procedural design
B. Architectural design
C. System design specifications
D. Software development
عرض الإجابة
اجابة صحيحة: A
السؤال #14
An information security manager believes that a network file server was compromised by a hacker. Which of the following should be the FIRST action taken?
A. Unsure that critical data on the server are backed up
B. Shut down the compromised server
C. Initiate the incident response process
D. Shut down the network
عرض الإجابة
اجابة صحيحة: D
السؤال #15
Which of the following should be the MOST important criteria when defining data retention policies?
A. Capacity requirements
B. Audit findings
C. Regulatory requirements
D. Industry best practices
عرض الإجابة
اجابة صحيحة: B
السؤال #16
Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:
A. it implies compliance risks
B. short-term impact cannot be determined
C. it violates industry security practices
D. changes in the roles matrix cannot be detected
عرض الإجابة
اجابة صحيحة: B
السؤال #17
Organization A offers e-commerce services and uses secure transport protocol to protect Internet communication. To confirm communication with Organization A, which of the following would be the BEST for a client to verify?
A. The certificate of the e-commerce server
B. The browser’s indication of SSL use
C. The IP address of the e-commerce server
D. The URL of the e-commerce server
عرض الإجابة
اجابة صحيحة: C
السؤال #18
Which of the following is MOST likely to reduce the effectiveness of a signature-based intrusion detection system (IDS)?
A. The activities being monitored deviate from what is considered normal
B. The information regarding monitored activities becomes stale
C. The pattern of normal behavior changes quickly and dramatically
D. The environment is complex
عرض الإجابة
اجابة صحيحة: C
السؤال #19
When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:
A. reduce the costs of future preventive controls
B. provide metrics for reporting to senior management
C. learn of potential areas of improvement
D. verify compliance with the service level agreement (SLA)
عرض الإجابة
اجابة صحيحة: D
السؤال #20
To mitigate a situation where one of the programmers of an application requires access to production data, the information security manager could BEST recommend to.
A. create a separate account for the programmer as a power user
B. log all of the programmers' activity for review by supervisor
C. have the programmer sign a letter accepting full responsibility
D. perform regular audits of the application
عرض الإجابة
اجابة صحيحة: D
السؤال #21
Of the following, retention of business records should be PRIMARILY based on:
A. periodic vulnerability assessment
B. regulatory and legal requirements
C. device storage capacity and longevity
D. past litigation
عرض الإجابة
اجابة صحيحة: D
السؤال #22
Recovery point objectives (RPOs) can be used to determine which of the following?
A. Maximum tolerable period of data loss
B. Maximum tolerable downtime
C. Baseline for operational resiliency
D. Time to restore backups
عرض الإجابة
اجابة صحيحة: C
السؤال #23
Who should determine data access requirements for an application hosted at an organization's data center?
A. Business owner
B. Information security manager
C. Systems administrator
D. Data custodian
عرض الإجابة
اجابة صحيحة: B
السؤال #24
The PRIMARY purpose of vulnerability assessments is to:
A. determine the impact of potential threats
B. test intrusion detection systems (IDS) and response procedures
C. provide clear evidence that the system is sufficiently secure
D. detect deficiencies that could lead to a system compromise
عرض الإجابة
اجابة صحيحة: A
السؤال #25
Which of the following is MOST important to verify when reviewing the effectiveness of response to an information security incident?
A. Lessons learned have been implemented
B. Testing has been completed on time
C. Test results have been properly recorded
D. Metrics have been captured in a dashboard
عرض الإجابة
اجابة صحيحة: C
السؤال #26
Executive management is considering outsourcing all IT operations. Which of the following functions should remain internal?
A. Data ownership
B. Data monitoring
C. Data custodian
D. Data encryption
عرض الإجابة
اجابة صحيحة: D
السؤال #27
To reduce the possibility of service interruptions, an entity enters into contracts with multiple Internet service providers (ISPs). Which of the following would be the MOST important item to include?
A. Service level agreements (SLAs)
B. Right to audit clause
C. Intrusion detection system (IDS) services
D. Spam filtering services
عرض الإجابة
اجابة صحيحة: C
السؤال #28
An information security manager developing an incident response plan MUST ensure it includes:
A. an inventory of critical data
B. criteria for escalation
C. critical infrastructure diagrams
D. a business impact analysis
عرض الإجابة
اجابة صحيحة: B
السؤال #29
The business continuity policy should contain which of the following?
A. Emergency call trees
B. Recovery criteria
C. Business impact assessment (BIA)
D. Critical backups inventory
عرض الإجابة
اجابة صحيحة: C
السؤال #30
Which of the following is MOST important to the successful development of an information security strategy?
A. A well-implemented governance framework
B. Current state and desired objectives
C. An implemented development life cycle process
D. Approved policies and standards
عرض الإجابة
اجابة صحيحة: A
السؤال #31
The GREATEST benefit resulting from well-documented information security procedures is that they:
A. ensure that security policies are consistently applied
B. ensure that critical processes can be followed by temporary staff
C. facilitate security training of new staff
D. provide a basis for auditing security practices
عرض الإجابة
اجابة صحيحة: D
السؤال #32
The MOST important component of a privacy policy is:
A. notifications
B. warranties
C. liabilities
D. geographic coverage
عرض الإجابة
اجابة صحيحة: A
السؤال #33
Which of the following is the MOST important reason to consider the role of the IT service disk when developing incident handling procedures?
A. Service desk personnel have information on how to resolve common systems issues
B. The service desk provides a source for the identification of security incidents
C. The service desk provides information to prioritize systems recovery based on user
D. Untrained service desk personnel may be a cause of security incidents
عرض الإجابة
اجابة صحيحة: B
السؤال #34
Which of the following is MOST important for an information security manager to verify before conducting full-functional continuity testing?
A. Risk acceptance by the business has been documented
B. Incident response and recovery plans are documented in simple language
C. Teams and individuals responsible for recovery have been identified
D. Copies of recovery and incident response plans are kept offsite
عرض الإجابة
اجابة صحيحة: A
السؤال #35
Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of integrity?
A. Enforcing service level agreements
B. Implementing a data classification schema
C. Ensuring encryption for data in transit
D. Utilizing a formal change management process
عرض الإجابة
اجابة صحيحة: C
السؤال #36
The PRIMARY purpose of involving third-party teams for carrying out post event reviews of information security incidents is to:
A. enable independent and objective review of the root cause of the incidents
B. obtain support for enhancing the expertise of the third-party teams
C. identify lessons learned for further improving the information security management process
D. obtain better buy-in for the information security program
عرض الإجابة
اجابة صحيحة: B
السؤال #37
An information security steering group should:
A. provide general oversight and guidance
B. develop information security policies
C. establish information security baselines
D. oversee the daily operations of the security program
عرض الإجابة
اجابة صحيحة: A
السؤال #38
An organization is entering into an agreement with a new business partner to conduct customer mailings. What is the MOST important action that the information security manager needs to perform?
A. A due diligence security review of the business partner's security controls
B. Ensuring that the business partner has an effective business continuity program
C. Ensuring that the third party is contractually obligated to all relevant security requirements
D. Talking to other clients of the business partner to check references for performance
عرض الإجابة
اجابة صحيحة: A
السؤال #39
A global financial institution has decided not to take any further action on a denial of service (DoS) risk found by the risk assessment team. The MOST likely reason they made this decision is that:
A. thereare sufficient safeguards in place to prevent this risk from happening
B. the needed countermeasure is too complicated to deploy
C. the cost of countermeasure outweighs the value of the asset and potential loss
D. The likelihood of the risk occurring is unknown
عرض الإجابة
اجابة صحيحة: C
السؤال #40
Which of the following would be the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)?
A. Perform a penetration test to demonstrate the ability to protect
B. Perform industry research annually and document the overall ranking of the IPS
C. Establish and present appropriate metrics that track performance
D. Provide yearly competitive pricing to illustrate the value of the IPS
عرض الإجابة
اجابة صحيحة: B
السؤال #41
Which of the following is the BEST indication of information security strategy alignment with the business?
A. Number of business objectives directly supported by information security initiatives
B. Percentage of corporate budget allocated to information security initiatives
C. Number of business executives who have attended information security awareness sessions
D. Percentage of information security incidents resolved within defined service level agreements
عرض الإجابة
اجابة صحيحة: B
السؤال #42
A business impact analysis should be periodically executed PRIMARILY to:
A. validate vulnerabilities on environmental changes
B. analyze the importance of assets
C. verify the effectiveness of controls
D. check compliance with regulations
عرض الإجابة
اجابة صحيحة: C
السؤال #43
During an information security audit, it was determined that IT staff did not follow the established standard when configuring and managing IT systems. Which of the following is the BEST way to prevent future occurrences?
A. Updating configuration baselines to allow exceptions
B. Conducting periodic vulnerability scanning
C. Providing annual information security awareness training
D. Implementing a strict change control process
عرض الإجابة
اجابة صحيحة: D
السؤال #44
What is the MAIN reason for an organization to develop an incident response plan?
A. Trigger immediate recovery procedures
B. Identify training requirements for the incident response team
C. Prioritize treatment based on incident criticality
D. Provide a process for notifying stakeholders of the incident
عرض الإجابة
اجابة صحيحة: D
السؤال #45
An organization establishes an internal document collaboration site. To ensure data confidentiality of each project group, it is MOST important to:
A. prohibit remote access to the site
B. periodically recertify access rights
C. enforce document lifecycle management
D. conduct a vulnerability assessment
عرض الإجابة
اجابة صحيحة: D
السؤال #46
Which of the following should be the MOST important consideration of business continuity management?
A. Ensuring human safety
B. Identifying critical business processes
C. Ensuring the reliability of backup data
D. Securing critical information assets
عرض الإجابة
اجابة صحيحة: A
السؤال #47
What is the MOST cost-effective method of identifying new vendor vulnerabilities?
A. External vulnerability reporting sources
B. Periodic vulnerability assessments performed by consultants
C. Intrusion prevention software
D. honey pots located in the DMZ
عرض الإجابة
اجابة صحيحة: C
السؤال #48
Change management procedures to ensure that disaster recovery/business continuity plans are kept up-to-date can be BEST achieved through which of the following?
A. Reconciliation of the annual systems inventory to the disaster recovery, business continuity plans
B. Periodic audits of the disaster recovery/business continuity plans
C. Comprehensive walk-through testing
D. Inclusion as a required step in the system life cycle process
عرض الإجابة
اجابة صحيحة: A
السؤال #49
A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?
A. Authority of the subscriber to approve access to its data
B. Right of the subscriber to conduct onsite audits of the vendor
C. Escrow of software code with conditions for code release
D. Comingling of subscribers’ data on the same physical server
عرض الإجابة
اجابة صحيحة: B
السؤال #50
Which of the following is MOST important for an information security manager to communicate to senior management regarding the security program?
A. Potential risks and exposures
B. Impact analysis results
C. Security architecture changes
D. User roles and responsibilities
عرض الإجابة
اجابة صحيحة: A
السؤال #51
The GREATEST benefit of choosing a private cloud over a public cloud would be:
A. server protection
B. collection of data forensics
C. online service availability
D. containment of customer data
عرض الإجابة
اجابة صحيحة: C
السؤال #52
Senior management commitment and support for information security can BEST be obtained through presentations that:
A. use illustrative examples of successful attacks
B. explain the technical risks to the organization
C. evaluate the organization against best security practices
D. tie security risks to key business objectives
عرض الإجابة
اجابة صحيحة: D
السؤال #53
A serious vulnerability is reported in the firewall software used by an organization. Which of the following should be the immediate action of the information security manager?
A. Ensure that all OS patches are up-to-date
B. Block inbound traffic until a suitable solution is found
C. Obtain guidance from the firewall manufacturer
D. Commission a penetration test
عرض الإجابة
اجابة صحيحة: B
السؤال #54
Which of the following provides the MOST relevant information to determine the overall effectiveness of an information security program and underlying business processes?
A. Balanced scorecard
B. Cost-benefit analysis
C. Industry benchmarks
D. SWOT analysis
عرض الإجابة
اجابة صحيحة: D
السؤال #55
A multinational organization wants to monitor outbound traffic for data leakage from the use of unapproved cloud services. Which of the following should be the information security manager’s GREATEST consideration when implementing this control?
A. Security of cloud services
B. Data privacy regulations
C. Resistance from business users
D. Allocation of monitoring resources
عرض الإجابة
اجابة صحيحة: C
السؤال #56
Which of the following would be a MAJOR consideration for an organization defining its business continuity plan (BCP) or disaster recovery program (DRP)?
A. Setting up a backup site
B. Maintaining redundant systems
C. Aligning with recovery time objectives (RTOs)
D. Data backup frequency
عرض الإجابة
اجابة صحيحة: B
السؤال #57
For an organization with a large and complex IT infrastructure, which of the following elements of a disaster recovery hot site service will require the closest monitoring?
A. Employee access
B. Audit rights
C. Systems configurations
D. Number of subscribers
عرض الإجابة
اجابة صحيحة: D
السؤال #58
In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?
A. Access to the hardware
B. Data encryption
C. Non-standard event logs
D. Compressed customer data
عرض الإجابة
اجابة صحيحة: D
السؤال #59
An information security manager determines the organization's critical systems may be vulnerable to a new zero-day attack. The FIRST course of action is to:
A. advise management of risk and remediation cost
B. analyze the probability of compromise
C. survey peer organizations to see how they have addressed the issue
D. re-assess the firewall configuration
عرض الإجابة
اجابة صحيحة: A
السؤال #60
A business unit uses an e-commerce application with a strong password policy. Many customers complain that they cannot remember their passwords because they are too long and complex. The business unit states it is imperative to improve the customer experience. The information security manager should FIRST:
A. change the password policy to improve the customer experience
B. research alternative secure methods of identity verification
C. evaluate the impact of the customer’s experience on business revenue
D. recommend implementing two-factor authentication
عرض الإجابة
اجابة صحيحة: C
السؤال #61
The PRIMARY consideration when defining recovery time objectives (RTOs) for information assets is:
A. regulatory' requirements
B. business requirements
C. financial value
D. IT resource availability
عرض الإجابة
اجابة صحيحة: A
السؤال #62
Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control?
A. To present a realistic information security budget
B. To ensure that benefits are aligned with business strategies
C. To ensure that the mitigation effort does not exceed the asset value
D. To justify information security program activities
عرض الإجابة
اجابة صحيحة: A
السؤال #63
A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in- house staff and by external consultants outside the organization's local are network (LAN). What should the security manager do FIRST?
A. Understand the business requirements of the developer portal
B. Perform a vulnerability assessment of the developer portal
C. Install an intrusion detection system (IDS)
D. Obtain a signed nondisclosure agreement (NDA) from the external consultants before allowing external access to the server
عرض الإجابة
اجابة صحيحة: C
السؤال #64
The PRIMARY advantage of single sign-on (SSO) is that it will:
A. support multiple authentication mechanisms
B. increase the security related applications
C. strengthen user password
D. increase efficiency of access management
عرض الإجابة
اجابة صحيحة: B
السؤال #65
Which of the following BEST facilitates the effective execution of an incident response plan?
A. The response team is trained on the plan
B. The plan is based on risk assessment results
C. The incident response plan aligns with the IT disaster recovery plan
D. The plan is based on industry best practice
عرض الإجابة
اجابة صحيحة: B
السؤال #66
Meeting which of the following security objectives BEST ensures that information is protected against unauthorized modification?
A. Authenticity
B. Availability
C. Confidentiality
D. Integrity
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.