لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Which of the following would present the GREATEST risk to information security?
A. Virus signature files updates are applied to all servers every day
B. Security access logs are reviewed within five business days Real 208 Isaca CISM Exam
C. Critical patches are applied within 24 hours of their release
D. Security incidents are investigated within five business days
عرض الإجابة
اجابة صحيحة: A
السؤال #2
Security audit reviews should PRIMARILY:
A. ensure that controls operate as required
B. ensure that controls are cost-effective
C. focus on preventive controls
D. ensure controls are technologically current
عرض الإجابة
اجابة صحيحة: B
السؤال #3
When configuring a biometric access control system that protects a high-security data center, the system's sensitivity level should be set:
A. to u higher false reject rate (FRR)
B. to a lower crossover error rate
C. to a higher false acceptance rate (FAR)
عرض الإجابة
اجابة صحيحة: B
السؤال #4
The MOST important success factor to design an effective IT security awareness program is to:
A. customize the content to the target audience
B. ensure senior management is represented
C. ensure that all the staff is trained
D. avoid technical content but give concrete examples
عرض الإجابة
اجابة صحيحة: A
السؤال #5
Which of the following is the MOST appropriate method for deploying operating system (OS) patches to production application servers?
A. Batch patches into frequent server updates
B. Initially load the patches on a test machine C
D. Automatically push all patches to the servers
عرض الإجابة
اجابة صحيحة: B
السؤال #6
Priority should be given to which of the following to ensure effective implementation of information security governance?
A. Consultation
B. Negotiation
C. Facilitation
D. Planning
عرض الإجابة
اجابة صحيحة: B
السؤال #7
The FIRST priority when responding to a major security incident is: A. documentation.
B. monitoring
C. restoration
D. containment
عرض الإجابة
اجابة صحيحة: C
السؤال #8
The IT function has declared that, when putting a new application into production, it is not necessary to update the business impact analysis (BIA) because it does not produce modifications in the business processes. The information security manager should:
A. verify the decision with the business units
B. check the system's risk analysis
C. recommend update after post implementation review
D. request an audit review
عرض الإجابة
اجابة صحيحة: D
السؤال #9
An organization has adopted a practice of regular staff rotation to minimize the risk of fraud and encourage crosstraining. Which type of authorization policy would BEST address this practice?
A. Multilevel B
C. Discretionary
D. Attribute-based
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Documented standards/procedures for the use of cryptography across the enterprise should PRIMARILY:
A. define the circumstances where cryptography should be used
B. define cryp,0£raphic algorithms and key lengths
C. describe handling procedures of cryptographic keys
D. establish the use of cryptographic solutions
عرض الإجابة
اجابة صحيحة: B
السؤال #11
The PRIMARY focus of the change control process is to ensure that changes are:
A. authorized
B. applied
C. documented
D. tested
عرض الإجابة
اجابة صحيحة: A
السؤال #12
Which of the following terms and conditions represent a significant deficiency if included in a commercial hot site contract? Real 266 Isaca CISM Exam
A. A hot site facility will be shared in multiple disaster declarations
B. All equipment is provided "at time of disaster, not on floor"
C. The facility is subject to a "first-come, first-served" policy
D. Equipment may be substituted with equivalent model
عرض الإجابة
اجابة صحيحة: A
السؤال #13
Which is the BEST way to measure and prioritize aggregate risk deriving from a chain of linked system vulnerabilities?
A. Vulnerability scans
B. Penetration tests
C. Code reviews
D. Security audits
عرض الإجابة
اجابة صحيحة: A
السؤال #14
To BEST improve the alignment of the information security objectives in an organization, the chief Real 165 Isaca CISM Exam information security officer (CISO) should:
A. revise the information security program
B. evaluate a balanced business scorecard
C. conduct regular user awareness sessions
D. perform penetration tests
عرض الإجابة
اجابة صحيحة: D
السؤال #15
Which of the following is the MOST appropriate individual to ensure that new exposures have not been introduced into an existing application during the change management process?
A. System analyst
B. System user
C. Operations manager
D. Data security officer
عرض الإجابة
اجابة صحيحة: C
السؤال #16
Which of the following is the MOST important to ensure a successful recovery?
A. Backup media is stored offsite
B. Recovery location is secure and accessible
C. More than one hot site is available
D. Network alternate links are regularly tested
عرض الإجابة
اجابة صحيحة: A
السؤال #17
The BEST way to ensure that security settings on each platform are in compliance with information security policies and procedures is to:
A. perform penetration testing
B. establish security baselines
C. implement vendor default settings
D. link policies to an independent standard
عرض الإجابة
اجابة صحيحة: C
السؤال #18
The PRIMARY objective of an Internet usage policy is to prevent:
A. access to inappropriate sites
B. downloading malicious code
C. violation of copyright laws
D. disruption of Internet access
عرض الإجابة
اجابة صحيحة: B
السؤال #19
The PRIMARY purpose of performing an internal attack and penetration test as part of an incident response program is to identify:
A. weaknesses in network and server security
B. ways to improve the incident response process
C. potential attack vectors on the network perimeter
D. the optimum response to internal hacker attacks
عرض الإجابة
اجابة صحيحة: B
السؤال #20
When designing the technical solution for a disaster recovery site, the PRIMARY factor that should be taken into consideration is the:
A. services delivery objective
B. recovery time objective (RTO)
C. recovery window
D. maximum tolerable outage (MTO)
عرض الإجابة
اجابة صحيحة: B
السؤال #21
An information security manager has been asked to develop a change control process. What is the FIRST thing the information security manager should do?
A. Research best practices
B. Meet with stakeholders
C. Establish change control procedures
D. Identify critical systems
عرض الإجابة
اجابة صحيحة: D
السؤال #22
When a large organization discovers that it is the subject of a network probe, which of the following actions should be taken?
A. Reboot the router connecting the DMZ to the firewall
B. Power down all servers located on the DMZ segment
C. Monitor the probe and isolate the affected segment
D. Enable server trace logging on the affected segment
عرض الإجابة
اجابة صحيحة: D
السؤال #23
In an organization, information systems security is the responsibility of:
A. all personnel
B. information systems personnel
C. information systems security personnel
D. functional personnel
عرض الإجابة
اجابة صحيحة: C
السؤال #24
Real 191 Isaca CISM Exam Which of the following is MOST important to the successful promotion of good security management practices?
A. Security metrics
B. Security baselines
C. Management support
D. Periodic training
عرض الإجابة
اجابة صحيحة: C
السؤال #25
In business-critical applications, user access should be approved by the:
A. information security manager
B. data owner
D. business management
عرض الإجابة
اجابة صحيحة: B
السؤال #26
Which of the following security mechanisms is MOST effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network? Real 158 Isaca CISM Exam
A. Configuration of firewalls
B. Strength of encryption algorithms C
D. Safeguards over keys
عرض الإجابة
اجابة صحيحة: B
السؤال #27
Requiring all employees and contractors to meet personnel security/suitability requirements commensurate with their position sensitivity level and subject to personnel screening is an example of a security:
A. policy
B. strategy
C. guideline
D. baseline
عرض الإجابة
اجابة صحيحة: D
السؤال #28
Which of the following will BEST protect against malicious activity by a former employee?
A. Preemployment screening
B. Close monitoring of users
C. Periodic awareness training
D. Effective termination procedures
عرض الإجابة
اجابة صحيحة: C
السؤال #29
An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. The MOST important element of the request for proposal (RI P) is the:
A. references from other organizations
B. past experience of the engagement team
C. sample deliverable
D. methodology used in the assessment
عرض الإجابة
اجابة صحيحة: A
السؤال #30
Which of the following is MOST important in determining whether a disaster recovery test is successful?
A. Only business data files from offsite storage are used
B. IT staff fully recovers the processing infrastructure
C. Critical business processes are duplicated Real 264 Isaca CISM Exam
D. All systems are restored within recovery time objectives (RTOs)
عرض الإجابة
اجابة صحيحة: D
السؤال #31
What is the MAIN drawback of e-mailing password-protected zip files across the Internet? They:
A. all use weak encryption
B. are decrypted by the firewall
C. may be quarantined by mail filters
D. may be corrupted by the receiving mail server
عرض الإجابة
اجابة صحيحة: C
السؤال #32
A critical device is delivered with a single user and password that is required to be shared for multiple users to access the device. An information security manager has been tasked with ensuring all access to the device is authorized. Which of the following would be the MOST efficient means to accomplish this?
A. Enable access through a separate device that requires adequate authentication
B. Implement manual procedures that require password change after each use Real 216 Isaca CISM Exam
C. Request the vendor to add multiple user IDs
D. Analyze the logs to detect unauthorized access
عرض الإجابة
اجابة صحيحة: C
السؤال #33
Which of the following will BEST ensure that management takes ownership of the decision making process for information security?
A. Security policies and procedures
B. Annual self-assessment by management
C. Security- steering committees
D. Security awareness campaigns
عرض الإجابة
اجابة صحيحة: C
السؤال #34
The PRIMARY purpose of installing an intrusion detection system (IDS) is to identify:
A. weaknesses in network security
B. patterns of suspicious access
C. how an attack was launched on the network
D. potential attacks on the internal network
عرض الإجابة
اجابة صحيحة: A
السؤال #35
Which would be the BEST recommendation to protect against phishing attacks? Real 234 Isaca CISM Exam
A. Install an antispam system
B. Publish security guidance for customers
C. Provide security awareness to the organization's staff
D. Install an application-level firewall
عرض الإجابة
اجابة صحيحة: D
السؤال #36
Which of the following presents the GREATEST threat to the security of an enterprise resource planning (ERP) system? A. User ad hoc reporting is not logged
B. Network traffic is through a single switch
C. Operating system (OS) security patches have not been applied
D. Database security defaults to ERP settings
عرض الإجابة
اجابة صحيحة: D
السؤال #37
Which of the following is the MAIN objective in contracting with an external company to perform penetration testing? Real 244 Isaca CISM Exam
A. To mitigate technical risks
B. To have an independent certification of network security
C. To receive an independent view of security exposures D
عرض الإجابة
اجابة صحيحة: B
السؤال #38
Which of the following are the MOST important criteria when selecting virus protection software?
A. Product market share and annualized cost B
C. Alert notifications and impact assessments for new viruses
D. Ease of maintenance and frequency of updates
عرض الإجابة
اجابة صحيحة: C
السؤال #39
Which of the following would raise security awareness among an organization's employees?
A. Distributing industry statistics about security incidents
B. Monitoring the magnitude of incidents
C. Encouraging employees to behave in a more conscious manner D
عرض الإجابة
اجابة صحيحة: A
السؤال #40
A third party was engaged to develop a business application. Which of the following would an information security manager BEST test for the existence of back doors? A. System monitoring for traffic on network ports
B. Security code reviews for the entire application
C. Reverse engineering the application binaries
D. Running the application from a high-privileged account on a test system
عرض الإجابة
اجابة صحيحة: A
السؤال #41
Which of the following is the BEST approach for improving information security management processes?
A. Conduct periodic security audits
C. Define and monitor security metrics
D. Survey business units for feedback
عرض الإجابة
اجابة صحيحة: C
السؤال #42
In business critical applications, where shared access to elevated privileges by a small group is necessary, the BEST approach to implement adequate segregation of duties is to:
A. ensure access to individual functions can be granted to individual users only
B. implement role-based access control in the application
C. enforce manual procedures ensuring separation of conflicting duties
D. create service accounts that can only be used by authorized team members
عرض الإجابة
اجابة صحيحة: C
السؤال #43
Real 231 Isaca CISM Exam What is the GREATEST advantage of documented guidelines and operating procedures from a security perspective?
A. Provide detailed instructions on how to carry out different types of tasks
B. Ensure consistency of activities to provide a more stable environment
C. Ensure compliance to security standards and regulatory requirements
D. Ensure reusability to meet compliance to quality requirements
عرض الإجابة
اجابة صحيحة: D
السؤال #44
Which of the following measures is the MOST effective deterrent against disgruntled stall abusing their privileges?
A. Layered defense strategy
B. System audit log monitoring
C. Signed acceptable use policy D
عرض الإجابة
اجابة صحيحة: A
السؤال #45
Who is responsible for raising awareness of the need for adequate funding for risk action plans?
A. Chief information officer (CIO)
B. Chief financial officer (CFO)
C. Information security manager
D. Business unit management
عرض الإجابة
اجابة صحيحة: B
السؤال #46
An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?
A. Review the procedures for granting access
B. Establish procedures for granting emergency access Real 220 Isaca CISM Exam
C. Meet with data owners to understand business needs
D. Redefine and implement proper access rights
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: