السؤال #1

When performing a risk assessment, the MOST important consideration is that:

A. management supports risk mitigation efforts

B. annual loss expectations (ALEs) have been calculated for critical assets

C. assets have been identified and appropriately valued

D. attack motives, means and opportunitiesbe understood

عرض الإجابة

اجابة صحيحة: A

السؤال #2

What would a security manager PRIMARILY utilize when proposing the implementation of a security solution?

A. Risk assessment report

B. Technical evaluation report

C. Business case

D. Budgetary requirements

عرض الإجابة

اجابة صحيحة: D

السؤال #3

Which of the following is the MOST appropriate method of ensuring password strength in a large organization?

A. Attempt to reset several passwords to weaker values

B. Install code to capture passwords for periodic audit

C. Sample a subset of users and request their passwords for review

D. Review general security settings on each platform

عرض الإجابة

اجابة صحيحة: B

السؤال #4

Which of the following tools is MOST appropriate to assess whether information security governance objectives are being met?

A. SWOT analysis

B. Waterfall chart

C. Gap analysis

D. Balanced scorecard

عرض الإجابة

اجابة صحيحة: C

السؤال #5

Risk assessment is MOST effective when performed:

A. at the beginning of security program development

B. on a continuous basis

C. while developing the business case for the security program

D. during the business change process

عرض الإجابة

اجابة صحيحة: B

السؤال #6

One way to determine control effectiveness is by determining:

A. whether it is preventive, detective or compensatory

B. the capability of providing notification of failure

C. the test results of intended objectives

D. the evaluation and analysis of reliability

عرض الإجابة

اجابة صحيحة: C

السؤال #7

Which of the following provides the BEST confirmation that the business continuity/disaster recovery plan objectives have been achieved?

A. The recovery time objective (RTO) was not exceeded during testing

B. Objective testing of the business continuity/disaster recovery plan has been carried out consistently

C. The recovery point objective (RPO) was proved inadequate by disaster recovery plan testing

D. Information assets have been valued and assigned to owners per the business continuity plan/disaster recovery plan

عرض الإجابة

اجابة صحيحة: D

السؤال #8

Which of the following is the BEST approach for an organization desiring to protect its intellectual property?

A. Conduct awareness sessions on intellectual property policy

B. Require all employees to sign a nondisclosure agreement

C. Promptly remove all access when an employee leaves the organization

D. Restrict access to a need-to-know basis

عرض الإجابة

اجابة صحيحة: C

السؤال #9

A security risk assessment exercise should be repeated at regular intervals because:

A. business threats are constantly changing

B. omissions in earlier assessments can be addressed

C. repetitive assessments allow various methodologies

D. they help raise awareness on security in the business

عرض الإجابة

اجابة صحيحة: B

السؤال #10

Obtaining senior management support for establishing a warm site can BEST be accomplished by:

A. establishing a periodic risk assessment

B. promoting regulatory requirements

C. developing a business case

D. developing effective metrics

عرض الإجابة

اجابة صحيحة: A

السؤال #11

A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in- house staff and by external consultants outside the organization's local are network (LAN). What should the security manager do FIRST?

A. Understand the business requirements of the developer portal

B. Perform a vulnerability assessment of the developer portal

C. Install an intrusion detection system (IDS)

D. Obtain a signed nondisclosure agreement (NDA) from the external consultants before allowing external access to the server

عرض الإجابة

اجابة صحيحة: D

السؤال #12

An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. The vulnerability identified is:

A. broken authentication

B. unvalidated input

C. cross-site scripting

D. Structured query language (SQL) injection

عرض الإجابة

اجابة صحيحة: D

السؤال #13

In order to highlight to management the importance of network security, the security manager should FIRST:

A. develop a security architecture

B. install a network intrusion detection system (NIDS) and prepare a list of attacks

C. develop a network security policy

D. conduct a risk assessment

عرض الإجابة

اجابة صحيحة: A

السؤال #14

What is the BEST way to alleviate security team understaffing while retaining the capability in- house?

A. Hire a contractor that would not be included in the permanent headcount

B. Outsource with a security services provider while retaining the control internally

C. Establish a virtual security team from competent employees across the company

D. Provide cross training to minimize the existing resources gap

عرض الإجابة

اجابة صحيحة: C

السؤال #15

Successful social engineering attacks can BEST be prevented through:

A. reemployment screening

B. close monitoring of users' access patterns

C. periodic awareness training

D. efficient termination procedures

عرض الإجابة

اجابة صحيحة: A

السؤال #16

There is a time lag between the time when a security vulnerability is first published, and the time when a patch is delivered. Which of the following should be carried out FIRST to mitigate the risk during this time period?

A. Identify the vulnerable systems and apply compensating controls

B. Minimize the use of vulnerable systems

C. Communicate the vulnerability to system users

D. Update the signatures database of the intrusion detection system (IDS)

عرض الإجابة

اجابة صحيحة: D

السؤال #17

A risk assessment should be conducted:

A. once a year for each business process andsubprocess

B. every three-to-six months for critical business processes

C. by external parties to maintain objectivity

D. annually or whenever there is a significant change

عرض الإجابة

اجابة صحيحة: C

السؤال #18

Which of the following is the MAIN reason for performing risk assessment on a continuous basis?

A. Justification of the security budget must be continually made

B. New vulnerabilities are discovered every day

C. The risk environment is constantly changing

D. Management needs to be continually informed about emerging risks

عرض الإجابة

اجابة صحيحة: B

السؤال #19

When contracting with an outsourcer to provide security administration, the MOST important contractual element is the:

A. right-to-terminate clause

B. limitations of liability

C. service level agreement (SLA)

D. financial penalties clause

عرض الإجابة

اجابة صحيحة: A

السؤال #20

Which of the following is the MOST important action to take when engaging third party consultants to conduct an attack and penetration test?

A. Request a list of the software to be used

B. Provide clear directions to IT staff

C. Monitor intrusion detection system (IDS) and firewall logs closely

D. Establish clear rules of engagement

عرض الإجابة

اجابة صحيحة: C

السؤال #21

Which of the following is the MOST critical consideration when collecting and preserving admissible evidence during an incident response?

A. Unplugging the systems

B. Chain of custody

C. Separation of duties

D. Clock synchronization

عرض الإجابة

اجابة صحيحة: C

السؤال #22

Which would be the BEST recommendation to protect against phishing attacks?

A. Install anantispam system

B. Publish security guidance for customers

C. Provide security awareness to the organization's staff

D. Install an application-level firewall

عرض الإجابة

اجابة صحيحة: A

السؤال #23

The MOST complete business case for security solutions is one that:

A. includes appropriate justification

B. explains the current risk profile

C. details regulatory requirements

D. identifies incidents and losses

عرض الإجابة

اجابة صحيحة: C

السؤال #24

An organization has learned of a Security breach at another company that utilizes similar technology. The FIRST thing the information security manager should do is:

A. assess the likelihood of incidents from the reported cause

B. discontinue the use of the vulnerable technology

C. report to senior management that the organization is not affected

D. remind staff that no similar security breaches have taken place

عرض الإجابة

اجابة صحيحة: C

السؤال #25

An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. The MOST important element of the request for proposal (RFP) is the:

A. references from other organizations

B. past experience of the engagement team

C. sample deliverable

D. methodology used in the assessment

عرض الإجابة

اجابة صحيحة: A

السؤال #26

The MOST useful way to describe the objectives in the information security strategy is through:

A. attributes and characteristics of the 'desired state

B. overall control objectives of the security program

C. mapping the IT systems to key business processes

D. calculation of annual loss expectations

عرض الإجابة

اجابة صحيحة: B

السؤال #27

Which of the following provides the BEST confirmation that the business continuity/disaster recovery plan objectives have been achieved?

A. The recovery time objective (RTO) was not exceeded during testing

B. Objective testing of the business continuity/disaster recovery plan has been carried out consistently

C. The recovery point objective (RPO) was proved inadequate by disaster recovery plan testing

D. Information assets have been valued and assigned to owners per the business continuity plan/disaster recovery plan

عرض الإجابة

اجابة صحيحة: A

السؤال #28

What is the BEST method for mitigating against network denial of service (DoS) attacks?

A. Ensure all servers are up-to-date on OS patches

B. Employ packet filtering to drop suspect packets

C. Implement network address translation to make internal addresses nonroutable

D. Implement load balancing for Internet facing devices

عرض الإجابة

اجابة صحيحة: A

السؤال #29

Security technologies should be selected PRIMARILY on the basis of their:

A. ability to mitigate business risks

B. evaluations in trade publications

C. use of new and emerging technologies

D. benefits in comparison to their costs

عرض الإجابة

اجابة صحيحة: C

السؤال #30

Several business units reported problems with their systems after multiple security patches were deployed. The FIRST step in handling this problem would be to:

A. assess the problems and institute rollback procedures, if needed

B. disconnect the systems from the network until the problems are corrected

C. immediatelyuninstall the patches from these systems

D. immediatelycontact the vendor regarding the problems that occurred

عرض الإجابة

اجابة صحيحة: A

السؤال #31

What is the MOST cost-effective method of identifying new vendor vulnerabilities?

A. External vulnerability reporting sources

B. Periodic vulnerability assessments performed by consultants

C. Intrusion prevention software

D. Honey pots located in the DMZ

عرض الإجابة

اجابة صحيحة: A

السؤال #32

A digital signature using a public key infrastructure (PKI) will:

A. notensure the integrity of a message

B. rely on the extent to which the certificate authority (CA) is trusted

C. require two parties to the message exchange

D. provide a high level of confidentiality

عرض الإجابة

اجابة صحيحة: B

السؤال #33

The PRIMARY reason for involving information security at each stage in the systems development life cycle (SDLC) is to identify the security implications and potential solutions required for:

A. identifying vulnerabilities in the system

B. sustaining the organization's security posture

C. the existing systems that will be affected

D. complying with segregation of duties

عرض الإجابة

اجابة صحيحة: B

السؤال #34

From an information security manager perspective, what is the immediate benefit of clearly- defined roles and responsibilities?

A. Enhanced policy compliance

B. Improved procedure flows

C. Segregation of duties

D. Better accountability

عرض الإجابة

اجابة صحيحة: D

السؤال #35

The implementation of continuous monitoring controls is the BEST option where:

A. Incidents may have a high impact and frequency

B. Legislation requires strong in/orrnation security controls

C. Incidents may have a high impact but low frequency

D. Electronic commerce is a primary business driver

عرض الإجابة

اجابة صحيحة: A

السؤال #36

The MAIN reason for deploying a public key infrastructure (PKI) when implementing an information security program is to:

A. ensure the confidentiality of sensitive material

B. provide a high assurance of identity

C. allow deployment of the active directory

D. Implement secure sockets layer (SSL) encryption

عرض الإجابة

اجابة صحيحة: A

السؤال #37

An organization has to comply with recently published industry regulatory requirements- compliance that potentially has high implementation costs. What should the information security manager do FIRST?

A. Implement a security committee

B. Perform a gap analysis

C. Implement compensating controls

D. Demand immediate compliance

عرض الإجابة

اجابة صحيحة: B

السؤال #38

To achieve effective strategic alignment of security initiatives, it is important that:

A. steering committee leadershipbe selected by rotation

B. inputs be obtained and consensus achieved between the major organizational units

C. the business strategybe updated periodically

D. procedures and standardsbe approved by all departmental heads

عرض الإجابة

اجابة صحيحة: C

السؤال #39

The MOST important factor in ensuring the success of an information security program, is effective:

A. communication of information security requirements to all users in the organization

B. formulation of policies and procedures for information security

C. alignment with organizational goals andobjectives

D. monitoring compliance with information security policies and procedures

عرض الإجابة

اجابة صحيحة: C

السؤال #40

Which of the following would be MOST relevant to include in a cost-benefit analysis of a two-factor authentication system?

A. Annual loss expectancy (ALE) of incidents

B. frequency incidents

C. Total cost of ownership (TCO)

D. Approved budget for the project

عرض الإجابة

اجابة صحيحة: D

السؤال #41

Which of the following would be the MOST relevant factor when defining the information classification policy?

A. Quantity of information

B. Available IT infrastructure

C. Benchmarking

D. Requirements of data owners

عرض الإجابة

اجابة صحيحة: C

السؤال #42

Which of the following is MOST important in developing a security strategy?

A. Creating a positive business security environment

B. Understanding key business objectives

C. Having a reporting line to senior management

D. Allocating sufficient resources to information security

عرض الإجابة

اجابة صحيحة: B

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان

عرض الإجابات بعد التقديم

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع! احصل الان

عرض الإجابات بعد التقديم

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان