لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
The FIRST step in an incident response plan is to:
A. notify- the appropriate individuals
B. contain the effects of the incident to limit damage
C. develop response strategies for systematic attacks
D. validate the incident
عرض الإجابة
اجابة صحيحة: C
السؤال #2
The MOST effective way to ensure that outsourced service providers comply with the organization's information security policy would be:
A. service level monitoring
B. penetration testing
C. periodically auditing
D. security awareness training
عرض الإجابة
اجابة صحيحة: B
السؤال #3
Identification and prioritization of business risk enables project managers to:
A. establish implementation milestones
B. reduce the overall amount of slack time
C. address areas with most significance
D. accelerate completion of critical paths
عرض الإجابة
اجابة صحيحة: D
السؤال #4
Which of the following is the MOST usable deliverable of an information security risk analysis?
A. Business impact analysis (BIA) report
B. List of action items to mitigate risk
C. Assignment of risks to process owners
D. Quantification of organizational risk
عرض الإجابة
اجابة صحيحة: D
السؤال #5
After completing a full IT risk assessment, who can BEST decide which mitigating controls should be implemented?
A. Senior management
B. Business manager
C. IT audit manager
D. Information security officer (ISO)
عرض الإجابة
اجابة صحيحة: D
السؤال #6
Which of the following BEST ensures that information transmitted over the Internet will remain confidential?
A. Virtual private network (VPN)
B. Firewalls and routers
C. Biometric authentication
D. Two-factor authentication
عرض الإجابة
اجابة صحيحة: C
السؤال #7
A business impact analysis (BIA) is the BEST tool for calculating:
A. total cost of ownership
B. priority of restoration
C. annualized loss expectancy (ALE)
D. residual risk
عرض الإجابة
اجابة صحيحة: B
السؤال #8
To justify the establishment of an incident management team, an information security manager would find which of the following to be the MOST effective?
A. Assessment of business impact of past incidents
B. Need of an independent review of incident causes
C. Need for constant improvement on the security level
D. Possible business benefits from incident impact reduction
عرض الإجابة
اجابة صحيحة: C
السؤال #9
The BEST strategy for risk management is to:
A. achieve a balance between risk and organizational goals
B. reduce risk to an acceptable level
C. ensure that policy development properly considers organizational risks
D. ensure that all unmitigated risks are accepted by management
عرض الإجابة
اجابة صحيحة: B
السؤال #10
Which of the following risks would BEST be assessed using qualitative risk assessment techniques?
A. Theft of purchased software
B. Power outage lasting 24 hours
C. Permanent decline in customer confidence
D. Temporary loss of e-mail due to a virus attack
عرض الإجابة
اجابة صحيحة: C
السؤال #11
A company's mail server allows anonymous file transfer protocol (FTP) access which could be exploited. What process should the information security manager deploy to determine the necessity for remedial action? A penetration test
B. A security baseline review
C. A risk assessment
D. A business impact analysis (BIA)
عرض الإجابة
اجابة صحيحة: A
السؤال #12
Ongoing tracking of remediation efforts to mitigate identified risks can BEST be accomplished through the use of which of the following?
A. Tree diagrams
B. Venn diagrams
C. Heat charts
D. Bar charts
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Because of its importance to the business, an organization wants to quickly implement a technical solution which deviates from the company's policies. An information security manager should:
A. conduct a risk assessment and allow or disallow based on the outcome
B. recommend a risk assessment and implementation only if the residual risks are accepted
C. recommend against implementation because it violates the company's policies
D. recommend revision of current policy
عرض الإجابة
اجابة صحيحة: A
السؤال #14
During the security review of organizational servers it was found that a file server containing confidential human resources (HR) data was accessible to all user IDs. As a FIRST step, the Real 289 Isaca CISM Exam security manager should:
A. copy sample files as evidence
B. remove access privileges to the folder containing the data
C. report this situation to the data owner
D. train the HR team on properly controlling file permissions
عرض الإجابة
اجابة صحيحة: B
السؤال #15
All risk management activities are PRIMARILY designed to reduce impacts to:
A. a level defined by the security manager
B. an acceptable level based on organizational risk tolerance
C. a minimum level consistent with regulatory requirements
D. the minimum level possible
عرض الإجابة
اجابة صحيحة: C
السؤال #16
The MOST important objective of a post incident review is to:
A. capture lessons learned to improve the process
B. develop a process for continuous improvement
C. develop a business case for the security program budget
D. identify new incident management tools
عرض الإجابة
اجابة صحيحة: C
السؤال #17
The BEST protocol to ensure confidentiality of transmissions in a business-to-customer (B2C) financial web application is:
A. Secure Sockets Layer (SSL)
B. Secure Shell (SSH)
C. IP Security (IPSec)
D. Secure/Multipurpose Internet Mail Extensions (S/MIME )
عرض الإجابة
اجابة صحيحة: C
السؤال #18
Which of the following is the MOST effective type of access control?
A. Centralized
B. Role-based
C. Decentralized
D. Discretionary
عرض الإجابة
اجابة صحيحة: A
السؤال #19
The criticality and sensitivity of information assets is determined on the basis of: C.
A. threat assessment
B. vulnerability assessment
D. impact assessment
عرض الإجابة
اجابة صحيحة: B
السؤال #20
Who can BEST approve plans to implement an information security governance framework? C.
A. Internal auditor
B. Information security management Steering committee
D. Infrastructure management
عرض الإجابة
اجابة صحيحة: A
السؤال #21
Which of the following devices should be placed within a demilitarized zone (DMZ)?
B.
A. Network switch Web server
C. Database server
D. File/print server
عرض الإجابة
اجابة صحيحة: C
السؤال #22
There is a time lag between the time when a security vulnerability is first published, and the time when a patch is delivered. Which of the following should be carried out FIRST to mitigate the risk during this time period?.
A. Identify the vulnerable systems and apply compensating controls
B. Minimize the use of vulnerable systems
C. Communicate the vulnerability to system users
D. Update the signatures database of the intrusion detection system (IDS)
عرض الإجابة
اجابة صحيحة: B
السؤال #23
A customer credit card database has been breached by hackers. The FIRST step in dealing with this attack should be to:
A. confirm the incident
C. start containment
D. notify law enforcement
عرض الإجابة
اجابة صحيحة: D
السؤال #24
Which of the following controls is MOST effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices? C.
A. Regular review of access control lists
B. Security guard escort of visitors Visitor registry log at the door
D. A biometric coupled with a PIN
عرض الإجابة
اجابة صحيحة: A
السؤال #25
When implementing security controls, an information security manager must PRIMARILY focus on:
A. minimizing operational impacts
B. eliminating all vulnerabilities
C. usage by similar organizations
D. certification from a third party
عرض الإجابة
اجابة صحيحة: D
السؤال #26
A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in-house staff and by external consultants outside the organization's local area network (LAN). What should the security manager do FIRST?
A. Understand the business requirements of the developer portal
B. Perform a vulnerability assessment of the developer portal
C. Install an intrusion detection system (IDS)
D. Obtain a signed nondisclosure agreement (NDA) from the external consultants before allowing external access to the server
عرض الإجابة
اجابة صحيحة: D
السؤال #27
Which of the following would be the BEST metric for the IT risk management process?
A. Number of risk management action plans
B. Percentage of critical assets with budgeted remedial
C. Percentage of unresolved risk exposures
D. Number of security incidents identified
عرض الإجابة
اجابة صحيحة: B
السؤال #28
Which of the following disaster recovery testing techniques is the MOST cost-effective way to determine the effectiveness of the plan?
A. Preparedness tests B
C. Full operational tests
D. Actual service disruption
عرض الإجابة
اجابة صحيحة: B
السؤال #29
When application-level security controlled by business process owners is found to be poorly managed, which of the following could BEST improve current practices?
A. Centralizing security management
B. Implementing sanctions for noncompliance
C. Policy enforcement by IT management Periodic compliance reviews
عرض الإجابة
اجابة صحيحة: A
السؤال #30
Which of the following is the MOST important consideration when securing customer credit card data acquired by a point-of-sale (POS) cash register?
A. Authentication
B. Hardening
C. Encryption
D. Nonrepudiation
عرض الإجابة
اجابة صحيحة: C
السؤال #31
Who would be in the BEST position to determine the recovery point objective (RPO) for business applications?
A. Business continuity coordinator
B. Chief operations officer (COO)
C. Information security manager
D. Internal audit
عرض الإجابة
اجابة صحيحة: C
السؤال #32
The MOST important reason that statistical anomaly-based intrusion detection systems (slat IDSs) are less commonly used than signature-based IDSs, is that stat IDSs:
A. create more overhead than signature-based IDSs
B. cause false positives from minor changes to system variables
C. generate false alarms from varying user or system actions
D. cannot detect new types of attacks
عرض الإجابة
اجابة صحيحة: C
السؤال #33
Which of the following is MOST effective in preventing security weaknesses in operating systems?
B.
A. Patch management Change management
C. Security baselines
D. Configuration management
عرض الإجابة
اجابة صحيحة: C
السؤال #34
To determine how a security breach occurred on the corporate network, a security manager looks Real 285 Isaca CISM Exam at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs?
A. Database server
B. Domain name server (DNS)
C. Time server
D. Proxy server
عرض الإجابة
اجابة صحيحة: B
السؤال #35
The MOST appropriate owner of customer data stored in a central database, used only by an organization's sales department, would be the:
A. sales department
B. database administrator
C. chief information officer (CIO)
D. head of the sales department
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: