لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Identification and prioritization of business risk enables project managers to:
A. establish implementation milestones
B. reduce the overall amount of slack time
C. address areas with most significance
D. accelerate completion of critical paths
عرض الإجابة
اجابة صحيحة: A
السؤال #2
A new port needs to be opened in a perimeter firewall. Which of the following should be the FIRST step before initiating any changes?
A. Prepare an impact assessment report
B. Conduct a penetration test
C. Obtain approval from senior management
D. Back up the firewall configuration and policy files
عرض الإجابة
اجابة صحيحة: D
السؤال #3
The FIRST step in an incident response plan is to:
A. notify the appropriate individuals
B. contain the effects of the incident to limit damage
C. develop response strategies for systematic attacks
D. validate the incident
عرض الإجابة
اجابة صحيحة: B
السؤال #4
What is the MOST cost-effective means of improving security awareness of staff personnel?
A. Employee monetary incentives
B. User education and training
C. A zero-tolerance security policy
D. Reporting of security infractions
عرض الإجابة
اجابة صحيحة: B
السؤال #5
Which of the following would BEST protect an organization's confidential data stored on a laptop computer from unauthorized access?
A. Strong authentication by password
B. Encrypted hard drives
C. Multifactor authentication procedures
D. Network-based data backup
عرض الإجابة
اجابة صحيحة: A
السؤال #6
What is the BEST way to ensure data protection upon termination of employment?
A. Retrieve identification badge and card keys
B. Retrieve all personal computer equipment
C. Erase all of the employee's folders
D. Ensure all logical access is removed
عرض الإجابة
اجابة صحيحة: D
السؤال #7
Good information security standards should:
A. define precise and unambiguous allowable limits
B. describe the process for communicating violations
C. address high-level objectives of the organization
D. be updated frequently as new software is released
عرض الإجابة
اجابة صحيحة: B
السؤال #8
The MAIN reason why asset classification is important to a successful information security program is because classification determines:
A. the priority and extent of risk mitigation efforts
B. the amount of insurance needed in case of loss
C. the appropriate level of protection to the asset
D. how protection levels compare to peer organizations
عرض الإجابة
اجابة صحيحة: A
السؤال #9
A root kit was used to capture detailed accounts receivable information. To ensure admissibility of evidence from a legal standpoint, once the incident was identified and the server isolated, the next step should be to:
A. document how the attack occurred
B. notify law enforcement
C. take an image copy of the media
D. close the accounts receivable system
عرض الإجابة
اجابة صحيحة: C
السؤال #10
The management staff of an organization that does not have a dedicated security function decide to use its IT manager to perform a security review. The MAIN job requirement in this arrangement is that the IT manager:
A. report risks in other departments
B. obtain support from other departments
C. report significant security risks
D. have knowledge of security standards
عرض الإجابة
اجابة صحيحة: A
السؤال #11
When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST?
A. Develop a security architecture
B. Establish good communication with steering committee members
C. Assemble an experienced staff
D. Benchmark peer organizations
عرض الإجابة
اجابة صحيحة: B
السؤال #12
When an organization is using an automated tool to manage and house its business continuity plans, which of the following is the PRIMARY concern?
A. Ensuring accessibility should a disasteroccur
B. Versioning control as plans are modified
C. Broken hyperlinks to resources stored elsewhere
D. Tracking changes in personnel and plan assets
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Which of the following is the MOST important process that an information security manager needs to negotiate with an outsource service provider?
A. The right to conduct independent security reviews
B. A legally binding data protection agreement
C. Encryption between the organization and the provider
D. A joint risk assessment of the system
عرض الإجابة
اجابة صحيحة: D
السؤال #14
The MAIN goal of an information security strategic plan is to:
A. develop a risk assessment plan
B. develop a data protection plan
C. protect information assets and resources
D. establish security governance
عرض الإجابة
اجابة صحيحة: D
السؤال #15
Which would be the BEST recommendation to protect against phishing attacks?
A. Install an anti spam system
B. Publish security guidance for customers
C. Provide security awareness to the organization's staff
D. Install an application-level firewall
عرض الإجابة
اجابة صحيحة: A
السؤال #16
When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?
A. Compliance with international security standards
B. Use of a two-factor authentication system
C. Existence of an alternate hot site in case of business disruption
D. Compliance with the organization's information security requirements
عرض الإجابة
اجابة صحيحة: B
السؤال #17
When a major vulnerability in the security of a critical web server is discovered, immediate notification should be made to the:
A. system owner to take corrective action
B. incident response team to investigate
C. data owners to mitigate damage
D. development team to remediate
عرض الإجابة
اجابة صحيحة: A
السؤال #18
Security technologies should be selected PRIMARILY on the basis of their: A. ability to mitigate business risks.
B. evaluations in trade publications
C. use of new and emerging technologies
D. benefits in comparison to their costs
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Which of the following is the MOST important factor when designing information security architecture?
A. Technical platform interfaces
B. Scalability of the network
C. Development methodologies
D. Stakeholder requirements Real 18 Isaca CISM Exam
عرض الإجابة
اجابة صحيحة: D
السؤال #20
Which of the following is the MOST likely outcome of a well-designed information security awareness course?
A. Increased reporting of security incidents to the incident response function
B. Decreased reporting of security incidents to the incident response function
C. Decrease in the number of password resets
D. Increase in the number of identified system vulnerabilities
عرض الإجابة
اجابة صحيحة: A
السؤال #21
Retention of business records should PRIMARILY be based on:
A. business strategy and direction
B. regulatory and legal requirements
C. storage capacity and longevity
D. business ease and value analysis
عرض الإجابة
اجابة صحيحة: B
السؤال #22
The BEST way to justify the implementation of a single sign-on (SSO) product is to use:
A. return on investment (ROI)
B. a vulnerability assessment
C. annual loss expectancy (ALE)
D. a business case
عرض الإجابة
اجابة صحيحة: C
السؤال #23
The cost of implementing a security control should not exceed the:
A. annualized loss expectancy
B. cost of an incident
C. asset value
D. implementation opportunity costs
عرض الإجابة
اجابة صحيحة: C
السؤال #24
Which of the following would be MOST helpful to achieve alignment between information security and organization objectives?
A. Key control monitoring
B. A robust security awareness program
C. A security program that enables business activities
عرض الإجابة
اجابة صحيحة: A
السؤال #25
How would an information security manager balance the potentially conflicting requirements of an international organization's security standards and local regulation?
A. Give organization standards preference over local regulations
B. Follow local regulations only
C. Make the organization aware of those standards where local regulations causes conflicts
D. Negotiate a local version of the organization standards
عرض الإجابة
اجابة صحيحة: A
السؤال #26
The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is:
A. Messages displayed at every logon
B. Periodic security-related e-mail messages
C. An Intranet web site for information security
D. Circulating the information security policy
عرض الإجابة
اجابة صحيحة: B
السؤال #27
What is the MOST appropriate change management procedure for the handling of emergency program changes?
A. Formal documentation does not need to be completed before the change
B. Business management approval must be obtained prior to change
C. Documentation is completed with approval soon after the change
D. All changes must follow the same process
عرض الإجابة
اجابة صحيحة: B
السؤال #28
Which of the following will BEST protect an organization from internal security attacks?
A. Static IP addressing
B. Internal address translation
C. Prospective employee background checks
D. Employee awareness certification program
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Which of the following would raise security awareness among an organization's employees?
A. Distributing industry statistics about security incidents
B. Monitoring the magnitudegf incidents
C. Encouraging employees to behave in a more conscious manner
D. Continually reinforcing the security policy
عرض الإجابة
اجابة صحيحة: A
السؤال #30
During the security review of organizational servers it was found that a file server containing confidential human resources (HR) data was accessible to all user IDs. As a FIRST step, the security manager should:
A. copy sample files as evidence
B. remove access privileges to the folder containing the data
C. report this situation to the data owner
D. train the HR team on properly controlling file permissions
عرض الإجابة
اجابة صحيحة: A
السؤال #31
When developing metrics to measure and monitor information security programs, the information security manager should ensure that the metrics reflect the:
A. residual risks
B. levels of security
C. security objectives
D. statistics of security incidents
عرض الإجابة
اجابة صحيحة: D
السؤال #32
Real 8 Isaca CISM Exam Which of the following is MOST appropriate for inclusion in an information security strategy?
A. Business controls designated as key controls
B. Security processes, methods, tools and techniques
C. Firewall rule sets, network defaults and intrusion detection system (IDS) settings
D. Budget estimates to acquire specific security tools
عرض الإجابة
اجابة صحيحة: B
السؤال #33
Change management procedures to ensure that disaster recovery/business continuity plans are kept up-to-date can be BEST achieved through which of the following?
A. Reconciliation of the annual systems inventory to the disaster recovery/business continuity plans
B. Periodic audits of the disaster recovery/business continuity plans
C. Comprehensive walk-through testing
D. Inclusion as a required step in the system life cycle process
عرض الإجابة
اجابة صحيحة: B
السؤال #34
Which of the following factors is a primary driver for information security governance that does not require any further justification?
A. Alignment with industry best practices
B. Business continuity investment
C. Business benefits
D. Regulatory compliance
عرض الإجابة
اجابة صحيحة: D
السؤال #35
Which of the following BEST contributes to the development of a security governance framework that supports the maturity model concept?
A. Continuous analysis, monitoring and feedback
B. Continuous monitoring of the return on security investment (ROSI)
C. Continuous risk reduction
D. Key risk indicator (KRI) setup to security management processes
عرض الإجابة
اجابة صحيحة: A
السؤال #36
An organization has decided to implement additional security controls to treat the risks of a new process. This is an example of:
A. eliminating the risk
B. transferring the risk
C. mitigating the risk
D. accepting the risk
عرض الإجابة
اجابة صحيحة: B
السؤال #37
Te MAIN goal of an information security strategic plan is to:
A. develop a risk assessment plan
B. develop a data protection plan
C. protect information assets and resources
D. establish security governance
عرض الإجابة
اجابة صحيحة: D
السؤال #38
Three employees reported the theft or loss of their laptops while on business trips. The FIRST course of action for the security manager is to:
A. assess the impact of the loss and determine mitigating steps
B. communicate the best practices in protecting laptops to all laptop users
C. instruct the erring employees to pay a penalty for the lost laptops
D. recommend that management report the incident to the police and file for insurance
عرض الإجابة
اجابة صحيحة: A
السؤال #39
Which item would be the BEST to include in the information security awareness training program for new general staff employees?
A. Review of various securityrribdels
B. Discussion of how to construct strong passwords
C. Review of roles that have privileged access
D. Discussion of vulnerability assessment results
عرض الإجابة
اجابة صحيحة: B
السؤال #40
In a forensic investigation, which of the following would be the MOST important factor?
A. Operation of a robust incident management process
B. Identification of areas of responsibility
C. Involvement of law enforcement
D. Expertise of resources
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.