السؤال #1

Which two components PRIMARILY must be assessed in an effective risk analysis?

A. Visibility and duration

B. Likelihood and impact

C. Probability and frequency

D. Financial impact and duration

عرض الإجابة

اجابة صحيحة: B

السؤال #2

A risk assessment should be conducted:

A. once a year for each business process and subproces

B. every three to six months for critical business processe

C. by external parties to maintain objectivit

D. annually or whenever there is a significant chang

عرض الإجابة

اجابة صحيحة: B

السؤال #3

Retention of business records should PRIMARILY be based on:

A. business strategy and directio

B. regulatory and legal requirement

C. storage capacity and longevit

D. business ease and value analysi

عرض الإجابة

اجابة صحيحة: D

السؤال #4

An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. The vulnerability identified is:

A. broken authenticatio

B. unvalidated inpu

C. cross-site scriptin

D. structured query language (SQL) injectio

عرض الإجابة

اجابة صحيحة: B

السؤال #5

Which of the following is the MOST essential task for a chief information security officer (CISO) to perform?

A. Update platform-level security settings

B. Conduct disaster recovery test exercises

C. Approve access to critical financial systems

D. Develop an information security strategy paper

عرض الإجابة

اجابة صحيحة: C

السؤال #6

Which of the following BEST describes an information security manager's role in a multidisciplinary team that will address a new regulatory requirement regarding operational risk?

A. Ensure that all IT risks are identified

B. Evaluate the impact of information security risks

C. Demonstrate that IT mitigating controls are in place

D. Suggest new IT controls to mitigate operational risk

عرض الإجابة

اجابة صحيحة: B

السؤال #7

The MOST useful way to describe the objectives in the information security strategy is through:

A. attributes and characteristics of the 'desired state

B. overall control objectives of the security progra

C. mapping the IT systems to key business processe

D. calculation of annual loss expectation

عرض الإجابة

اجابة صحيحة: C

السؤال #8

The purpose of a corrective control is to:

A. reduce adverse event

B. indicate compromis

C. mitigate impac

D. ensure complianc

عرض الإجابة

اجابة صحيحة: C

السؤال #9

The BEST reason for an organization to have two discrete firewalls connected directly to the Internet and to the same DMZ would be to:

A. provide in-depth defens

B. separate test and productio

C. permit traffic load balancin

D. prevent a denial-of-service attac

عرض الإجابة

اجابة صحيحة: C

السؤال #10

It is important to classify and determine relative sensitivity of assets to ensure that:

A. cost of protection is in proportion to sensitivit

B. highly sensitive assets are protecte

C. cost of controls is minimize

D. countermeasures are proportional to ris

عرض الإجابة

اجابة صحيحة: B

السؤال #11

Which of the following is the MOST effective way to treat a risk such as a natural disaster that has a low probability and a high impact level?

A. Implement countermeasure

B. Eliminate the ris

C. Transfer the ris

D. Accept the ris

عرض الإجابة

اجابة صحيحة: B

السؤال #12

Which of the following BEST ensures that modifications made to in-house developed business applications do not introduce new security exposures?

A. Stress testing

B. Patch management

C. Change management

D. Security baselines

عرض الإجابة

اجابة صحيحة: C

السؤال #13

After assessing and mitigating the risks of a web application, who should decide on the acceptance of residual application risks?

A. Information security officer

B. Chief information officer (CIO)

C. Business owner

D. Chief executive officer (CF

عرض الإجابة

اجابة صحيحة: A

السؤال #14

When designing an information security quarterly report to management, the MOST important element to be considered should be the:

A. information security metric

B. knowledge required to analyze each issu

C. linkage to business area objective

D. baseline against which metrics are evaluate

عرض الإجابة

اجابة صحيحة: A

السؤال #15

In performing a risk assessment on the impact of losing a server, the value of the server should be calculated using the:

A. original cost to acquir

B. cost of the software store

C. annualized loss expectancy (ALE)

D. cost to obtain a replacemen

عرض الإجابة

اجابة صحيحة: C

السؤال #16

Developing a successful business case for the acquisition of information security software products can BEST be assisted by:

A. assessing the frequency of incident

B. quantifying the cost of control failure

C. calculating return on investment (ROD projection

D. comparing spending against similar organization

عرض الإجابة

اجابة صحيحة: D

السؤال #17

Which of the following is generally used to ensure that information transmitted over the Internet is authentic and actually transmitted by the named sender?

A. Biometric authentication

B. Embedded steganographic

C. Two-factor authentication

D. Embedded digital signature

عرض الإجابة

اجابة صحيحة: D

السؤال #18

The PRIMARY goal of a corporate risk management program is to ensure that an organization's:

A. IT assets in key business functions are protecte

B. business risks are addressed by preventive control

C. stated objectives are achievabl

D. IT facilities and systems are always availabl

عرض الإجابة

اجابة صحيحة: D

السؤال #19

Relationships among security technologies are BEST defined through which of the following?

A. Security metrics

B. Network topology

C. Security architecture

D. Process improvement models

عرض الإجابة

اجابة صحيحة: A

السؤال #20

Security technologies should be selected PRIMARILY on the basis of their:

A. ability to mitigate business risk

B. evaluations in trade publication

C. use of new and emerging technologie

D. benefits in comparison to their cost

عرض الإجابة

اجابة صحيحة: B

السؤال #21

Which of the following would be the BEST option to improve accountability for a system administrator who has security functions?

A. Include security responsibilities in the job description

B. Require the administrator to obtain security certification

C. Train the system administrator on penetration testing and vulnerability assessment

D. Train the system administrator on risk assessment

عرض الإجابة

اجابة صحيحة: B

السؤال #22

When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:

A. aligned with the IT strategic pla

B. based on the current rate of technological chang

C. three-to-five years for both hardware and softwar

D. aligned with the business strateg

عرض الإجابة

اجابة صحيحة: D

السؤال #23

When contracting with an outsourcer to provide security administration, the MOST important contractual element is the:

A. right-to-terminate claus

B. limitations of liabilit

C. service level agreement (SLA)

D. financial penalties claus

عرض الإجابة

اجابة صحيحة: A

السؤال #24

An information security manager mapping a job description to types of data access is MOST likely to adhere to which of the following information security principles?

A. Ethics

B. Proportionality

C. Integration

D. Accountability

عرض الإجابة

اجابة صحيحة: A

السؤال #25

The PRIMARY goal in developing an information security strategy is to:

A. establish security metrics and performance monitorin

B. educate business process owners regarding their dutie

C. ensure that legal and regulatory requirements are met

D. support the business objectives of the organizatio

عرض الإجابة

اجابة صحيحة: B

السؤال #26

In order to highlight to management the importance of integrating information security in the business processes, a newly hired information security officer should FIRST:

A. prepare a security budge

B. conduct a risk assessmen

C. develop an information security polic

D. obtain benchmarking informatio

عرض الإجابة

اجابة صحيحة: B

السؤال #27

Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?

A. Alignment with industry best practices

B. Business continuity investment

C. Business benefits

D. Regulatory compliance

عرض الإجابة

اجابة صحيحة: D

السؤال #28

Previously accepted risk should be:

A. re-assessed periodically since the risk can be escalated to an unacceptable level due to revised condition

B. accepted permanently since management has already spent resources (time and labor) to conclude that the risk level is acceptabl

C. avoided next time since risk avoidance provides the best protection to the compan

D. removed from the risk log once it is accepte

عرض الإجابة

اجابة صحيحة: D

السؤال #29

An information security manager must understand the relationship between information security and business operations in order to:

A. support organizational objective

B. determine likely areas of noncomplianc

C. assess the possible impacts of compromis

D. understand the threats to the busines

عرض الإجابة

اجابة صحيحة: D

السؤال #30

An IS manager has decided to implement a security system to monitor access to the Internet and prevent access to numerous sites. Immediately upon installation, employees Hood the IT helpdesk with complaints of being unable to perform business functions on Internet sites. This is an example of:

A. conflicting security controls with organizational need

B. strong protection of information resource

C. implementing appropriate controls to reduce ris

D. proving information security's protective abilitie

عرض الإجابة

اجابة صحيحة: C

السؤال #31

Senior management commitment and support for information security can BEST be obtained through presentations that:

A. use illustrative examples of successful attack

B. explain the technical risks to the organizatio

C. evaluate the organization against best security practice

D. tie security risks to key business objective

عرض الإجابة

اجابة صحيحة: C

السؤال #32

An information security manager uses security metrics to measure the:

A. performance of the information security progra

B. performance of the security baselin

C. effectiveness of the security risk analysi

D. effectiveness of the incident response tea

عرض الإجابة

اجابة صحيحة: C

السؤال #33

The valuation of IT assets should be performed by:

A. an IT security manage

B. an independent security consultan

C. the chief financial officer (CFO)

D. the information owne

عرض الإجابة

اجابة صحيحة: C

السؤال #34

While implementing information security governance an organization should FIRST:

A. adopt security standard

B. determine security baseline

C. define the security strateg

D. establish security policie

عرض الإجابة

اجابة صحيحة: B

السؤال #35

A security risk assessment exercise should be repeated at regular intervals because:

A. business threats are constantly changin

B. omissions in earlier assessments can be addresse

C. repetitive assessments allow various methodologie

D. they help raise awareness on security in the busines

عرض الإجابة

اجابة صحيحة: B

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان

عرض الإجابات بعد التقديم

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع! احصل الان

عرض الإجابات بعد التقديم

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان