لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Which of the following attacks is BEST mitigated by utilizing strong passwords?
A. Man-in-the-middle attack
B. Brute force attack
C. Remote buffer overflow
D. Root kit
عرض الإجابة
اجابة صحيحة: B
السؤال #2
Which of the following areas is MOST susceptible to the introduction of security weaknesses?
A. Database management
B. Tape backup management
C. Configuration management
D. Incident response management
عرض الإجابة
اجابة صحيحة: B
السؤال #3
Which of the following would generally have the GREATEST negative impact on an organization?
A. Theft of computer software
B. Interruption of utility services
C. Loss of customer confidence
D. Internal fraud resulting in monetary loss
عرض الإجابة
اجابة صحيحة: A
السؤال #4
An online banking institution is concerned that the breach of customer personal information will have a significant financial impact due to the need to notify and compensate customers whose personal information may have been compromised. The institution determines that residual risk will always be too high and decides to:
A. mitigate the impact by purchasing insurance
B. implement a circuit-level firewall to protect the network
C. increase the resiliency of security measures in place
D. implement a real-time intrusion detection system
عرض الإجابة
اجابة صحيحة: B
السؤال #5
Security monitoring mechanisms should PRIMARILY:
A. focus on business-critical information
B. assist owners to manage control risks
C. focus on detecting network intrusions
D. record all security violations
عرض الإجابة
اجابة صحيحة: B
السؤال #6
After a risk assessment study, a bank with global operations decided to continue doing business in certain regions of the world where identity theft is rampant. The information security manager should encourage the business to:
A. increase its customer awareness efforts in those regions
B. implement monitoring techniques to detect and react to potential fraud
C. outsource credit card processing to a third party
D. make the customer liable for losses if they fail to follow the bank's advice
عرض الإجابة
اجابة صحيحة: B
السؤال #7
An organization plans to outsource its customer relationship management (CRM) to a third-party service provider. Which of the following should the organization do FIRST?
A. Request that the third-party provider perform background checks on their employees
B. Perform an internal risk assessment to determine needed controls
C. Audit the third-party provider to evaluate their security controls
D. Perform a security assessment to detect security vulnerabilities
عرض الإجابة
اجابة صحيحة: C
السؤال #8
The PRIMARY purpose of using risk analysis within a security program is to:
A. justify the security expenditure
B. help businesses prioritize the assets to be protected
C. inform executive management of residual risk value
D. assess exposures and plan remediation
عرض الإجابة
اجابة صحيحة: B
السؤال #9
To justify the need to invest in a forensic analysis tool, an information security manager should FIRST:
A. review the functionalities and implementation requirements of the solution
B. review comparison reports of tool implementation in peer companies
C. provide examples of situations where such a tool would be useful
D. substantiate the investment in meeting organizational needs
عرض الإجابة
اجابة صحيحة: D
السؤال #10
A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in-house staff and by external consultants outside the organization's local area network (LAN). What should the security manager do FIRST?
A. Understand the business requirements of the developer portal
B. Perform a vulnerability assessment of the developer portal
C. Install an intrusion detection system (IDS)
D. Obtain a signed nondisclosure agreement (NDA) from the external consultants before allowing external access to the server
عرض الإجابة
اجابة صحيحة: A
السؤال #11
The systems administrator did not immediately notify the security officer about a malicious attack. An information security manager could prevent this situation by:
A. periodically testing the incident response plans
B. regularly testing the intrusion detection system (IDS)
C. establishing mandatory training of all personnel
D. periodically reviewing incident response procedures
عرض الإجابة
اجابة صحيحة: D
السؤال #12
During which phase of development is it MOST appropriate to begin assessing the risk of a new application system?
A. Feasibility
B. Design
C. Development
D. Testing
عرض الإجابة
اجابة صحيحة: C
السؤال #13
The BEST way to ensure that information security policies are followed is to:
A. distribute printed copies to all employees
B. perform periodic reviews for compliance
C. include escalating penalties for noncompliance
D. establish an anonymous hotline to report policy abuses
عرض الإجابة
اجابة صحيحة: A
السؤال #14
Which of the following is the BEST approach to mitigate online brute-force attacks on user accounts?
A. Passwords stored in encrypted form
B. User awareness
C. Strong passwords that are changed periodically
D. Implementation of lock-out policies
عرض الإجابة
اجابة صحيحة: A
السؤال #15
Which of the following would be the FIRST step in establishing an information security program?
A. Develop the security policy
B. Develop security operating procedures
C. Develop the security plan
D. Conduct a security controls study
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Which of the following is the MAIN reason for performing risk assessment on a continuous basis'?
A. Justification of the security budget must be continually made
B. New vulnerabilities are discovered every day
C. The risk environment is constantly changing
D. Management needs to be continually informed about emerging risks
عرض الإجابة
اجابة صحيحة: C
السؤال #17
The decision on whether new risks should fall under periodic or event-driven reporting should be based on which of the following?
A. Mitigating controls
B. Visibility of impact
C. Likelihood of occurrence
D. Incident frequency
عرض الإجابة
اجابة صحيحة: D
السؤال #18
An effective way of protecting applications against Structured Query Language (SQL) injection vulnerability is to:
A. validate and sanitize client side inputs
B. harden the database listener component
C. normalize the database schema to the third normal form
D. ensure that the security patches are updated on operating systems
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Which of the following BEST indicates a successful risk management practice?
A. Overall risk is quantified
B. Inherent risk is eliminated
C. Residual risk is minimized
D. Control risk is tied to business units
عرض الإجابة
اجابة صحيحة: A
السؤال #20
A multinational organization operating in fifteen countries is considering implementing an information security program. Which factor will MOST influence the design of the Information security program?
A. Representation by regional business leaders
B. Composition of the board
C. Cultures of the different countries
D. IT security skills
عرض الإجابة
اجابة صحيحة: A
السؤال #21
A risk management program would be expected to:
A. remove all inherent risk
B. maintain residual risk at an acceptable level
C. implement preventive controls for every threat
D. reduce control risk to zero
عرض الإجابة
اجابة صحيحة: A
السؤال #22
In assessing risk, it is MOST essential to:
A. provide equal coverage for all asset types
B. use benchmarking data from similar organizations
C. consider both monetary value and likelihood of loss
D. focus primarily on threats and recent business losses
عرض الإجابة
اجابة صحيحة: B
السؤال #23
An information security manager has been assigned to implement more restrictive preventive controls. By doing so, the net effect will be to PRIMARILY reduce the:
A. threat
B. loss
C. vulnerability
D. probability
عرض الإجابة
اجابة صحيحة: C
السؤال #24
What is the MOS T cost-effective means of improving security awareness of staff personnel?
A. Employee monetary incentives
B. User education and training
C. A zero-tolerance security policy
D. Reporting of security infractions
عرض الإجابة
اجابة صحيحة: A
السؤال #25
The MOST appropriate owner of customer data stored in a central database, used only by an organization's sales department, would be the:
A. sales department
B. database administrator
C. chief information officer (CIO)
D. head of the sales department
عرض الإجابة
اجابة صحيحة: C
السؤال #26
Which of the following is the BEST metric for evaluating the effectiveness of an intrusion detection mechanism?
A. Number of attacks detected
B. Number of successful attacks
C. Ratio of false positives to false negatives
D. Ratio of successful to unsuccessful attacks
عرض الإجابة
اجابة صحيحة: C
السؤال #27
There is reason to believe that a recently modified web application has allowed unauthorized access. Which is the BEST way to identify an application backdoor?
A. Black box pen test
B. Security audit
C. Source code review
D. Vulnerability scan
عرض الإجابة
اجابة صحيحة: A
السؤال #28
When performing a risk assessment, the MOST important consideration is that:
A. management supports risk mitigation efforts
B. annual loss expectations (ALEs) have been calculated for critical assets
C. assets have been identified and appropriately valued
D. attack motives, means and opportunities be understood
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Which of the following is the MOST important element to ensure the success of a disaster recovery test at a vendor-provided hot site?
A. Tests are scheduled on weekends
B. Network IP addresses are predefined
C. Equipment at the hot site is identical
D. Business management actively participates
عرض الإجابة
اجابة صحيحة: B
السؤال #30
Security awareness training should be provided to new employees:
A. on an as-needed basis
B. during system user training
C. before they have access to data
D. along with department staff
عرض الإجابة
اجابة صحيحة: B
السؤال #31
Which of the following is MOST effective in preventing security weaknesses in operating systems?
A. Patch management Change management
B.
C. Security baselines
D. Configuration management
عرض الإجابة
اجابة صحيحة: C
السؤال #32
Logging is an example of which type of defense against systems compromise?
A. Containment
B. DetectionC
D. Recovery
عرض الإجابة
اجابة صحيحة: B
السؤال #33
Several business units reported problems with their systems after multiple security patches were deployed. The FIRST step in handling this problem would be to:
A. assess the problems and institute rollback procedures, if needed
B. disconnect the systems from the network until the problems are corrected
C. immediately uninstall the patches from these systems
D. immediately contact the vendor regarding the problems that occurred
عرض الإجابة
اجابة صحيحة: A
السؤال #34
The BEST time to perform a penetration test is after:
A. an attempted penetration has occurred
B. an audit has reported weaknesses in security controls
C. various infrastructure changes are made
D. a high turnover in systems staff
عرض الإجابة
اجابة صحيحة: D
السؤال #35
Which of the following is generally considered a fundamental component of an information security program?
A. Role-based access control systems
B. Automated access provisioning
C. Security awareness training
D. Intrusion prevention systems (IPSs)
عرض الإجابة
اجابة صحيحة: C
السؤال #36
The MOST appropriate individual to determine the level of information security needed for a specific business application is the:
A. system developer
B. information security manager
C. steering committee
D. system data owner
عرض الإجابة
اجابة صحيحة: C
السؤال #37
Who can BEST approve plans to implement an information security governance framework?
A. Internal auditor
B. Information security management Steering committee
C.
D. Infrastructure management
عرض الإجابة
اجابة صحيحة: A
السؤال #38
When application-level security controlled by business process owners is found to be poorly managed, which of the following could BEST improve current practices?
A. Centralizing security management
B. Implementing sanctions for noncompliance
C. Policy enforcement by IT management
D. Periodic compliance reviews
عرض الإجابة
اجابة صحيحة: A
السؤال #39
Data owners are PRIMARILY responsible for establishing risk mitigation methods to address which of the following areas?
A. Platform security
B. Entitlement changes
C. Intrusion detection
D. Antivirus controls
عرض الإجابة
اجابة صحيحة: A
السؤال #40
For risk management purposes, the value of an asset should be based on:
A. original cost
B. net cash flow
C. net present value
عرض الإجابة
اجابة صحيحة: C
السؤال #41
An organization is entering into an agreement with a new business partner to conduct customer mailings. What is the MOST important action that the information security manager needs to perform?
A. A due diligence security review of the business partner's security controls
B. Ensuring that the business partner has an effective business continuity program
C. Ensuring that the third party is contractually obligated to all relevant security requirements
D. Talking to other clients of the business partner to check references for performance
عرض الإجابة
اجابة صحيحة: B
السؤال #42
A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site. Which of the following would be the GREATEST weakness in recovery capability?
A. Exclusive use of the hot site is limited to six weeks
B. The hot site may have to be shared with other customers
C. The time of declaration determines site access priority
D. The provider services all major companies in the area
عرض الإجابة
اجابة صحيحة: C
السؤال #43
An organization plans to contract with an outside service provider to host its corporate web site. The MOST important concern for the information security manager is to ensure that:
A. an audit of the service provider uncovers no significant weakness
B. the contract includes a nondisclosure agreement (NDA) to protect the organization's intellectual property
C. the contract should mandate that the service provider will comply with security policies
D. the third-party service provider conducts regular penetration testing
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: