لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
The return on investment of information security can BEST be evaluated through which of the following?
A. Support of business objectives
B. Security metrics
C. Security deliverables
D. Process improvement models
عرض الإجابة
اجابة صحيحة: C
السؤال #2
Which of the following devices should be placed within a DMZ?
A. Proxy server
B. Application server
C. Departmental server
D. Data warehouse server
عرض الإجابة
اجابة صحيحة: A
السؤال #3
A benefit of using a full disclosure (white box) approach as compared to a blind (black box) approach to penetration testing is that:
A. it simulates the real-1ife situation of an external security attack
B. human intervention is not required for this type of test
C. less time is spent on reconnaissance and information gathering
D. critical infrastructure information is not revealed to the tester
عرض الإجابة
اجابة صحيحة: D
السؤال #4
The configuration management plan should PRIMARILY be based upon input from:
A. business process owners
B. the information security manager
C. the security steering committee
D. IT senior management
عرض الإجابة
اجابة صحيحة: C
السؤال #5
What is the BEST way to ensure that an intruder who successfully penetrates a network will be detected before significant damage is inflicted? Real 195 Isaca CISM Exam
A. Perform periodic penetration testing
B. Establish minimum security baselines
C. Implement vendor default settings
D. Install a honeypot on the network
عرض الإجابة
اجابة صحيحة: A
السؤال #6
An information security program should focus on: Real 224 Isaca CISM Exam
A. best practices also in place at peer companies
B. solutions codified in international standards
C. key controls identified in risk assessments
D. continued process improvement
عرض الإجابة
اجابة صحيحة: C
السؤال #7
In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?
A. Implementing on-screen masking of passwords Real 196 Isaca CISM Exam
B. Conducting periodic security awareness programs
C. Increasing the frequency of password changes
D. Requiring that passwords be kept strictly confidential
عرض الإجابة
اجابة صحيحة: B
السؤال #8
Which of the following should be determined FIRST when establishing a business continuity program?
A. Cost to rebuild information processing facilities
B. Incremental daily cost of the unavailability of systems
C. Location and cost of offsite recovery facilities
D. Composition and mission of individual recovery teams
عرض الإجابة
اجابة صحيحة: B
السؤال #9
A major trading partner with access to the internal network is unwilling or unable to remediate serious information security exposures within its environment. Which of the following is the BEST recommendation?
A. Sign a legal agreement assigning them all liability for any breach
B. Remove all trading partner access until the situation improves
C. Set up firewall rules restricting network traffic from that location
D. Send periodic reminders advising them of their noncompliance
عرض الإجابة
اجابة صحيحة: D
السؤال #10
The MOST important reason for formally documenting security procedures is to ensure:
A. processes are repeatable and sustainable
C. auditability by regulatory agencies
D. objective criteria for the application of metrics
عرض الإجابة
اجابة صحيحة: A
السؤال #11
What is the MOST effective access control method to prevent users from sharing files with unauthorized users?
A. Mandatory
B. Discretionary
C. Walled garden
D. Role-based
عرض الإجابة
اجابة صحيحة: B
السؤال #12
When considering the value of assets, which of the following would give the information security manager the MOST objective basis for measurement of value delivery in information security governance?
A. Number of controls
B. Cost of achieving control objectives
C. Effectiveness of controls
D. Test results of controls Real 167 Isaca CISM Exam
عرض الإجابة
اجابة صحيحة: D
السؤال #13
The implementation of continuous monitoring controls is the BEST option where:
A. incidents may have a high impact and frequency
B. legislation requires strong information security controls
C. incidents may have a high impact but low frequency
D. Electronic commerce is a primary business driver
عرض الإجابة
اجابة صحيحة: D
السؤال #14
Which of the following security mechanisms is MOST effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network? Real 158 Isaca CISM Exam
A. Configuration of firewalls
B. Strength of encryption algorithms
C. Authentication within application D
عرض الإجابة
اجابة صحيحة: D
السؤال #15
What is the GREATEST risk when there is an excessive number of firewall rules?
A. One rule may override another rule in the chain and create a loophole
B. Performance degradation of the whole network
C. The firewall may not support the increasing number of rules due to limitations
D. The firewall may show abnormal behavior and may crash or automatically shut down
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Which of the following areas is MOST susceptible to the introduction of security weaknesses?
A. Database management
B. Tape backup management C
D. Incident response management
عرض الإجابة
اجابة صحيحة: C
السؤال #17
An information security manager wishing to establish security baselines would:
A. include appropriate measurements in the system development life cycle
B. implement the security baselines to establish information security best practices
C. implement the security baselines to fulfill laws and applicable regulations in different jurisdictions
D. leverage information security as a competitive advantage
عرض الإجابة
اجابة صحيحة: A
السؤال #18
Which of the following is the MOST appropriate individual to implement and maintain the level of information security needed for a specific business application? A. System analyst
B. Quality control manager Real 197 Isaca CISM Exam
C. Process owner
D. Information security manager
عرض الإجابة
اجابة صحيحة: A
السؤال #19
What is an appropriate frequency for updating operating system (OS) patches on production servers?
A. During scheduled rollouts of new applications
B. According to a fixed security patch management schedule
C. Concurrently with quarterly hardware maintenance
D. Whenever important security patches are released
عرض الإجابة
اجابة صحيحة: A
السؤال #20
What is the MOST important reason for conducting security awareness programs throughout an organization? A. Reducing the human risk
B. Maintaining evidence of training records to ensure compliance
C. Informing business units about the security strategy
D. Training personnel in security incident response
عرض الإجابة
اجابة صحيحة: C
السؤال #21
A digital signature using a public key infrastructure (PKI) will:
A. not ensure the integrity of a message
B. rely on the extent to which the certificate authority (CA) is trusted
C. require two parties to the message exchange
D. provide a high level of confidentiality
عرض الإجابة
اجابة صحيحة: B
السؤال #22
Of the following, the BEST method for ensuring that temporary employees do not receive excessive access rights is:
A. mandatory access controls
B. discretionary access controls
C. lattice-based access controls
D. role-based access controls
عرض الإجابة
اجابة صحيحة: D
السؤال #23
Which of the following are the MOST important individuals to include as members of an information security steering committee?
A. Direct reports to the chief information officer Real 204 Isaca CISM Exam
B. IT management and key business process owners
C. Cross-section of end users and IT professionals
D. Internal audit and corporate legal departments
عرض الإجابة
اجابة صحيحة: C
السؤال #24
What is the BEST way to ensure that contract programmers comply with organizational security policies?
A. Explicitly refer to contractors in the security standards
B. Have the contractors acknowledge in writing the security policies
C. Create penalties for noncompliance in the contracting agreement
D. Perform periodic security reviews of the contractors
عرض الإجابة
اجابة صحيحة: D
السؤال #25
What is the MOST appropriate change management procedure for the handling of emergency Real 214 Isaca CISM Exam program changes?
A. Formal documentation does not need to be completed before the change
B. Business management approval must be obtained prior to the change
C. Documentation is completed with approval soon after the change
D. All changes must follow the same process
عرض الإجابة
اجابة صحيحة: B
السؤال #26
Which of the following is the MOST important area of focus when examining potential security compromise of a new wireless network?
A. Signal strength
B. Number of administrators
C. Bandwidth
D. Encryption strength
عرض الإجابة
اجابة صحيحة: A
السؤال #27
As an organization grows, exceptions to information security policies that were not originally specified may become necessary at a later date. In order to ensure effective management of business risks, exceptions to such policies should be:
A. considered at the discretion of the information owner
B. approved by the next higher person in the organizational structure
C. formally managed within the information security framework
D. reviewed and approved by the security manager
عرض الإجابة
اجابة صحيحة: B
السؤال #28
Which of the following is the BEST way to ensure that a corporate network is adequately secured against external attack?
A. Utilize an intrusion detection system
B. Establish minimum security baselines
C. Implement vendor recommended settings
D. Perform periodic penetration testing
عرض الإجابة
اجابة صحيحة: C
السؤال #29
To reduce the possibility of service interruptions, an entity enters into contracts with multiple Internet service providers (ISPs). Which of the following would be the MOS T important item to include?
A. Service level agreements (SLAs)
B. Right to audit clause
C. Intrusion detection system (IDS) services
D. Spam filtering services
عرض الإجابة
اجابة صحيحة: C
السؤال #30
Real 203 Isaca CISM Exam Which of the following presents the GREATEST exposure to internal attack on a network?
A. User passwords are not automatically expired
B. All network traffic goes through a single switch
C. User passwords are encoded but not encrypted
D. All users reside on a single internal subnet
عرض الإجابة
اجابة صحيحة: D
السؤال #31
In business-critical applications, user access should be approved by the:
A. information security manager
B. data owner
C. data custodian
D. business management
عرض الإجابة
اجابة صحيحة: D
السؤال #32
Which of the following would BEST assist an information security manager in measuring the existing level of development of security processes against their desired state?
A. Security audit reports
B. Balanced scorecard
C. Capability maturity model (CMM)
D. Systems and business security architecture
عرض الإجابة
اجابة صحيحة: C
السؤال #33
Security awareness training should be provided to new employees:
A. on an as-needed basis
B. during system user training
C. before they have access to data
D. along with department staff
عرض الإجابة
اجابة صحيحة: C
السؤال #34
Which of the following documents would be the BES T reference to determine whether access control mechanisms are appropriate for a critical application?
A. User security procedures
B. Business process flow
C. IT security policy
D. Regulatory requirements
عرض الإجابة
اجابة صحيحة: D
السؤال #35
The "separation of duties" principle is violated if which of the following individuals has update rights to the database access control list (ACL)?
A. Data owner
B. Data custodian Real 233 Isaca CISM Exam
C. Systems programmer
D. Security administrator
عرض الإجابة
اجابة صحيحة: C
السؤال #36
Prior to having a third party perform an attack and penetration test against an organization, the MOST important action is to ensure that: A. the third party provides a demonstration on a test system.
B. goals and objectives are clearly defined
C. the technical staff has been briefed on what to expect
D. special backups of production servers are taken
عرض الإجابة
اجابة صحيحة: A
السؤال #37
Which of the following would be the MOST appropriate physical security solution for the main entrance to a data center"?
A. Mantrap B
C. Closed-circuit television (CCTV)
D. Security guard
عرض الإجابة
اجابة صحيحة: C
السؤال #38
Which of the following would be the MOST significant security risk in a pharmaceutical institution?
A. Compromised customer information
B. Unavailability of online transactions
C. Theft of security tokens
D. Theft of a Research and Development laptop Real 225 Isaca CISM Exam
عرض الإجابة
اجابة صحيحة: B
السؤال #39
To mitigate a situation where one of the programmers of an application requires access to production data, the information security manager could BEST recommend to.
A. create a separate account for the programmer as a power user
C. have the programmer sign a letter accepting full responsibility
D. perform regular audits of the application
عرض الإجابة
اجابة صحيحة: B
السؤال #40
Which of the following presents the GREATEST threat to the security of an enterprise resource planning (ERP) system?
A. User ad hoc reporting is not logged B
C. Operating system (OS) security patches have not been applied
D. Database security defaults to ERP settings
عرض الإجابة
اجابة صحيحة: B
السؤال #41
What is the MOST important item to be included in an information security policy?
A. The definition of roles and responsibilities
B. The scope of the security program
C. The key objectives of the security program
D. Reference to procedures and standards of the security program
عرض الإجابة
اجابة صحيحة: A
السؤال #42
Which item would be the BEST to include in the information security awareness training program for new general staff employees?
A. Review of various security models
B. Discussion of how to construct strong passwords
C. Review of roles that have privileged access
D. Discussion of vulnerability assessment results
عرض الإجابة
اجابة صحيحة: C
السؤال #43
Which of the following is the MOST important risk associated with middleware in a client-server environment? Real 157 Isaca CISM Exam
A. Server patching may be prevented
B. System backups may be incomplete
C. System integrity may be affected
D. End-user sessions may be hijacked
عرض الإجابة
اجابة صحيحة: B
السؤال #44
Which of the following will BEST prevent an employee from using a USB drive to copy files from desktop computers?
A. Restrict the available drive allocation on all PCs
B. Disable universal serial bus (USB) ports on all desktop devices C
D. Establish strict access controls to sensitive information
عرض الإجابة
اجابة صحيحة: B
السؤال #45
The BEST way to ensure that an external service provider complies with organizational security Real 187 Isaca CISM Exam policies is to:
A. Explicitly include the service provider in the security policies
B. Receive acknowledgment in writing stating the provider has read all policies
C. Cross-reference to policies in the service level agreement
D. Perform periodic reviews of the service provider
عرض الإجابة
اجابة صحيحة: C
السؤال #46
A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site. Which of the following would be the GRF.ATEST weakness in recovery capability?
A. Exclusive use of the hot site is limited to six weeks
B. The hot site may have to be shared with other customers
C. The time of declaration determines site access priority
D. The provider services all major companies in the area
عرض الإجابة
اجابة صحيحة: B
السؤال #47
Good information security procedures should:
A. define the allowable limits of behavior
B. underline the importance of security governance
D. be updated frequently as new software is released
عرض الإجابة
اجابة صحيحة: A
السؤال #48
A web-based business application is being migrated from test to production. Which of the following is the MOST important management signoff for this migration?
A. User
B. Network
C. Operations
D. Database
عرض الإجابة
اجابة صحيحة: A
السؤال #49
An organization has adopted a practice of regular staff rotation to minimize the risk of fraud and encourage crosstraining. Which type of authorization policy would BEST address this practice?
A. Multilevel
B. Role-based
C. Discretionary D
عرض الإجابة
اجابة صحيحة: B
السؤال #50
Which of the following is the MAIN objective in contracting with an external company to perform penetration testing? Real 244 Isaca CISM Exam
A. To mitigate technical risks
B. To have an independent certification of network security
C. To receive an independent view of security exposures
D. To identify a complete list of vulnerabilities
عرض الإجابة
اجابة صحيحة: A
السؤال #51
What is the BEST way to alleviate security team understaffing while retaining the capability in- house? A. Hire a contractor that would not be included in the permanent headcount
B. Outsource with a security services provider while retaining the control internally
C. Establish a virtual security team from competent employees across the company
D. Provide cross training to minimize the existing resources gap
عرض الإجابة
اجابة صحيحة: D
السؤال #52
Which of the following is the MOST important reason why information security objectives should be defined?
A. Tool for measuring effectiveness
B. General understanding of goals
C. Consistency with applicable standards
D. Management sign-off and support initiatives Real 175 Isaca CISM Exam
عرض الإجابة
اجابة صحيحة: D
السؤال #53
The FIRST priority when responding to a major security incident is:
A. documentation
B. monitoring
C. restoration
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.