لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
What information is MOST helpful in demonstrating to senior management how information security governance aligns with business objectives?
A. Updates on information security projects in development
B. Drafts of proposed policy changes
C. Metrics of key information security deliverables
D. A list of monitored threats, risks, and exposures
عرض الإجابة
اجابة صحيحة: C
السؤال #2
An organization is considering moving one of its critical business applications to a cloud hosting service. The cloud provider may not provide the same level of security for this application as the organization. Which of the following will provide the BEST information to help maintain the security posture?
A. Risk assessment
B. Cloud security strategy
C. Vulnerability assessment
D. Risk governance framework
عرض الإجابة
اجابة صحيحة: A
السؤال #3
The BEST metric for evaluating the effectiveness of a firewall is the:
A. number of attacks blocked
B. number of packets dropped
C. average throughput rate
D. number of firewall rules
عرض الإجابة
اجابة صحيحة: C
السؤال #4
Which of the following would be the BEST indicator that an organization is appropriately managing risk?
A. The number of security incident events reported by staff has increased
B. Risk assessment results are within tolerance
C. A penetration test does not identify any high-risk system vulnerabilities
D. The number of events reported from the intrusion detection system has declined
عرض الإجابة
اجابة صحيحة: B
السؤال #5
A business previously accepted the risk associated with a zero-day vulnerability. The same vulnerability was recently exploited in a high-profile attack on another organization in the same industry. Which of the following should be the information security manager’s FIRST course of action?
A. Reassess the risk in terms of likelihood and impact
B. Develop best and worst case scenarios
C. Report the breach of the other organization to senior management
D. Evaluate the cost of remediating the vulnerability
عرض الإجابة
اجابة صحيحة: B
السؤال #6
The MAIN reason for having the Information Security Steering Committee review a new security controls implementation plan is to ensure that:
A. the plan aligns with the organization's business plan
B. departmental budgets are allocated appropriately to pay for the plan
C. regulatory oversight requirements are met
D. the impact of the plan on the business units is reduced
عرض الإجابة
اجابة صحيحة: A
السؤال #7
An organization's board of directors has learned of recent legislation requiring organizations within the industry to enact specific safeguards to protect confidential customer information. What actions should the board take next?
A. Direct information security on what they need to do
B. Research solutions to determine the proper solutions
C. Require management to report on compliance
D. Nothing; information security does not report to the board
عرض الإجابة
اجابة صحيحة: C
السؤال #8
Which of the following would be MOST useful in a report to senior management for evaluating changes in the organization’s information security risk position?
A. Risk register
B. Trend analysis
C. Industry benchmarks
D. Management action plan
عرض الإجابة
اجابة صحيحة: B
السؤال #9
Which of the following situations would MOST inhibit the effective implementation of security governance?
A. The complexity of technology
B. Budgetary constraints
C. Conflicting business priorities
D. High-level sponsorship
عرض الإجابة
اجابة صحيحة: D
السؤال #10
Following a recent acquisition, an information security manager has been requested to address the outstanding risk reported early in the acquisition process. Which of the following would be the manager’s BEST course of action?
A. Add the outstanding risk to the acquiring organization’s risk registry
B. Re-assess the outstanding risk of the acquired company
C. Re-evaluate the risk treatment plan for the outstanding risk
D. Perform a vulnerability assessment of the acquired company’s infrastructure
عرض الإجابة
اجابة صحيحة: A
السؤال #11
Which of the following is MOST essential for a risk management program to be effective?
A. Flexible security budget
B. Sound risk baseline
C. New risks detection
D. Accurate risk reporting
عرض الإجابة
اجابة صحيحة: C
السؤال #12
An information security manager uses security metrics to measure the:
A. performance of the information security program
B. performance of the security baseline
C. effectiveness of the security risk analysis
D. effectiveness of the incident response team
عرض الإجابة
اجابة صحيحة: C
السؤال #13
When considering the value of assets, which of the following would give the information security manager the MOST objective basis for measurement of value delivery in information security governance?
A. Number of controls
B. Cost of achieving control objectives
C. Effectiveness of controls
D. Test results of controls
عرض الإجابة
اجابة صحيحة: D
السؤال #14
When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:
A. monitor for business changes
B. review the residual risk level
C. report compliance to management
D. implement controls to mitigate the risk
عرض الإجابة
اجابة صحيحة: B
السؤال #15
When selecting risk response options to manage risk, an information security manager’s MAIN focus should be on reducing:
A. exposure to meet risk tolerance levels
B. the likelihood of threat
C. financial loss by transferring risk
D. the number of security vulnerabilities
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Which of the following is MOST effective in preventing the introduction of a code modification that may reduce the security of a critical business application?
A. Patch management
B. Change management
C. Security metricsD
عرض الإجابة
اجابة صحيحة: D
السؤال #17
A risk mitigation report would include recommendations for:
A. assessment
B. acceptance
C. evaluation
D. quantification
عرض الإجابة
اجابة صحيحة: B
السؤال #18
The effectiveness of virus detection software is MOST dependent on which of the following?
A. Packet filtering
B. Intrusion detection
C. Software upgrades
D. Definition tables
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Which of the following is an indicator of improvement in the ability to identify security risks?
A. Increased number of reported security incidents
B. Decreased number of staff requiring information security training
C. Decreased number of information security risk assessments
D. Increased number of security audit issues resolved
عرض الإجابة
اجابة صحيحة: A
السؤال #20
What should be the PRIMARY basis for prioritizing incident containment?
A. Legal and regulatory requirements
B. The recovery cost of affected assets
C. The business value of affected assets
D. Input from senior management
عرض الإجابة
اجابة صحيحة: A
السؤال #21
Which of the following would be the BEST metric for the IT risk management process?
A. Number of risk management action plans
B. Percentage of critical assets with budgeted remedial
C. Percentage of unresolved risk exposures
D. Number of security incidents identified
عرض الإجابة
اجابة صحيحة: B
السؤال #22
Which of the following devices should be placed within a DMZ?
A. Router
B. Firewall
C. Mail relay
D. Authentication server
عرض الإجابة
اجابة صحيحة: B
السؤال #23
What is the BEST technique to determine which security controls to implement with a limited budget?
A. Risk analysis
B. Annualized loss expectancy (ALE) calculations
C. Cost-benefit analysis
D. Impact analysis
عرض الإجابة
اجابة صحيحة: C
السؤال #24
In addition to business alignment and security ownership, which of the following is MOST critical for information security governance?
A. Auditability of systems
B. Compliance with policies
C. Reporting of security metrics
D. Executive sponsorship
عرض الإجابة
اجابة صحيحة: A
السؤال #25
In a business impact analysis, the value of an information system should be based on the overall cost:
A. of recovery
B. to recreate
C. if unavailable
D. of emergency operations
عرض الإجابة
اجابة صحيحة: C
السؤال #26
Which of the following is the BEST method to protect against data exposure when a mobile device is stolen?
A. Remote wipe capability
B. Password protection
C. Insurance
D. Encryption
عرض الإجابة
اجابة صحيحة: A
السؤال #27
To justify the need to invest in a forensic analysis tool, an information security manager should FIRST:
A. review the functionalities and implementation requirements of the solution
B. review comparison reports of tool implementation in peer companies
C. provide examples of situations where such a tool would be useful
D. substantiate the investment in meeting organizational needs
عرض الإجابة
اجابة صحيحة: D
السؤال #28
Which of the following is the MOST relevant metric to include in an information security quarterly report to the executive committee?
A. Security compliant servers trend report
B. Percentage of security compliant servers
C. Number of security patches applied
D. Security patches applied trend report
عرض الإجابة
اجابة صحيحة: D
السؤال #29
Following a significant change to the underlying code of an application, it is MOST important for the information security manager to:
A. inform senior management
B. update the risk assessment
C. validate the user acceptance testing
D. modify key risk indicators
عرض الإجابة
اجابة صحيحة: A
السؤال #30
The data access requirements for an application should be determined by the:
A. legal department
B. compliance officer
C. information security manager
D. business owner
عرض الإجابة
اجابة صحيحة: D
السؤال #31
The information classification scheme should:
A. consider possible impact of a security breach
B. classify personal information in electronic form
C. be performed by the information security manager
D. classify systems according to the data processed
عرض الإجابة
اجابة صحيحة: B
السؤال #32
A mission-critical system has been identified as having an administrative system account with attributes that prevent locking and change of privileges and name. Which would be the BEST approach to prevent successful brute forcing of the account?
A. Prevent the system from being accessed remotely D
B. Create a strong random password
C. Ask for a vendor patch Track usage of the account by audit trails
عرض الإجابة
اجابة صحيحة: B
السؤال #33
The MOST important reason for conducting periodic risk assessments is because:
A. risk assessments are not always precise
B. security risks are subject to frequent change
C. reviewers can optimize and reduce the cost of controls
D. it demonstrates to senior management that the security function can add value
عرض الإجابة
اجابة صحيحة: B
السؤال #34
When implementing a new risk assessment methodology, which of the following is the MOST important requirement?
A. Risk assessments must be conducted by certified staff
B. The methodology must be approved by the chief executive officer
C. Risk assessments must be reviewed annually
D. The methodology used must be consistent across the organization
عرض الإجابة
اجابة صحيحة: D
السؤال #35
C. What is the MOST important item to be included in an information security policy?A
عرض الإجابة
اجابة صحيحة: B
السؤال #36
A global financial institution has decided not to take any further action on a denial of service (DoS) risk found by the risk assessment team. The MOST likely reason they made this decision is that:
A. there are sufficient safeguards in place to prevent this risk from happening
B. the needed countermeasure is too complicated to deploy
C. the cost of countermeasure outweighs the value of the asset and potential loss
D. The likelihood of the risk occurring is unknown
عرض الإجابة
اجابة صحيحة: C
السؤال #37
B. Who can BEST approve plans to implement an information security governance framework?A
عرض الإجابة
اجابة صحيحة: A
السؤال #38
Which of the following BEST provides message integrity, sender identity authentication and nonrepudiation?
A. Symmetric cryptography
B. Public key infrastructure (PKI)
C. Message hashing
D. Message authentication code
عرض الإجابة
اجابة صحيحة: C
السؤال #39
When application-level security controlled by business process owners is found to be poorly managed, which of the following could BEST improve current practices?
A. Centralizing security management
B. Implementing sanctions for noncompliance
C. Policy enforcement by IT management
D. Periodic compliance reviews
عرض الإجابة
اجابة صحيحة: D
السؤال #40
Who can BEST advocate the development of and ensure the success of an information security program?
A. Internal auditor
B. Chief operating officer (COO)
C. Steering committee
D. IT management
عرض الإجابة
اجابة صحيحة: A
السؤال #41
Who should drive the risk analysis for an organization?
A. Senior management
B. Security managerC
D. Legal department
عرض الإجابة
اجابة صحيحة: B
السؤال #42
The effectiveness of the information security process is reduced when an outsourcing organization:
A. is responsible for information security governance activities
B. receives additional revenue when security service levels are met
C. incurs penalties for failure to meet security service-level agreements
D. standardizes on a single access-control software product
عرض الإجابة
اجابة صحيحة: A
السؤال #43
Acceptable risk is achieved when:
A. residual risk is minimized
B. transferred risk is minimized
C. control risk is minimized
D. inherent risk is minimized
عرض الإجابة
اجابة صحيحة: A
السؤال #44
In order to highlight to management, the importance of integrating information security in the business processes, a newly hired information security officer should FIRST:
A. prepare a security budget
B. conduct a risk assessment
C. develop an information security policy
D. obtain benchmarking information
عرض الإجابة
اجابة صحيحة: B
السؤال #45
An incident was detected where customer records were altered without authorization. The GREATEST concern for forensic analysis would be that the log data:
A. has been disclosed
B. could be temporarily available
C. may not be time-synchronized
D. may be modified
عرض الإجابة
اجابة صحيحة: D
السؤال #46
Effective IT governance is BEST ensured by:
A. utilizing a bottom-up approach
B. management by the IT department
C. referring the matter to the organization's legal department
D. utilizing a top-down approach
عرض الإجابة
اجابة صحيحة: D
السؤال #47
Which of the following is the BEST way to facilitate the alignment between an organization’s information security program and business objectives?
A. Information security is considered at the feasibility stage of all IT projects
B. The information security governance committee includes representation from key business areas
C. The chief executive officer reviews and approves the information security program
D. The information security program is audited by the internal audit department
عرض الإجابة
اجابة صحيحة: B
السؤال #48
Which of the following practices completely prevents a man-in-the-middle (MitM) attack between two hosts?
A. Use security tokens for authentication
B. Connect through an IPSec VPN
C. Use https with a server-side certificate
D. Enforce static media access control (MAC) addresses
عرض الإجابة
اجابة صحيحة: A
السؤال #49
Which of the following BEST enables the deployment of consistent security throughout international branches within a multinational organization?
A. Maturity of security processes
B. Remediation of audit findings
C. Decentralization of security governance
D. Establishment of security governance
عرض الإجابة
اجابة صحيحة: D
السؤال #50
How would an information security manager balance the potentially conflicting requirements of an international organization's security standards and local regulation?
A. Give organization standards preference over local regulations
B. Follow local regulations only
C. Make the organization aware of those standards where local regulations causes conflicts
D. Negotiate a local version of the organization standards
عرض الإجابة
اجابة صحيحة: D
السؤال #51
Business units within an organization are resistant to proposed changes to the information security program. Which of the following is the BEST way to address this issue?
A. Implementing additional security awareness training
B. Communicating critical risk assessment results to business unit managers
C. Including business unit representation on the security steering committee
D. Publishing updated information security policies
عرض الإجابة
اجابة صحيحة: B
السؤال #52
Which of the following is MOST effective in preventing security weaknesses in operating systems?
A. Patch management
B. Change management
C. Security baselines
D. Configuration management
عرض الإجابة
اجابة صحيحة: C
السؤال #53
Which of the following is the BEST metric for evaluating the effectiveness of an intrusion detection mechanism?
A. Number of attacks detected
B. Number of successful attacks
C. Ratio of false positives to false negatives
D. Ratio of successful to unsuccessful attacks
عرض الإجابة
اجابة صحيحة: C
السؤال #54
Which of the following controls is MOST effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices? C.
A. Regular review of access control lists
B. Security guard escort of visitors Visitor registry log at the door
D. A biometric coupled with a PIN
عرض الإجابة
اجابة صحيحة: B
السؤال #55
Which of the following is the MOST effective solution for preventing individuals external to the organization from modifying sensitive information on a corporate database?
A. Screened subnets
B. Information classification policies and procedures
C. Role-based access controls
D. Intrusion detection system (IDS)
عرض الإجابة
اجابة صحيحة: D
السؤال #56
An organization has recently experienced unauthorized device access to its network. To proactively manage the problem and mitigate this risk, the BEST preventive control would be to:
A. keep an inventory of network and hardware addresses of all systems connected to the network
B. install a stateful inspection firewall to prevent unauthorized network traffic
C. implement network-level authentication and login to regulate access of devices to the network
D. deploy an automated asset inventory discovery tool to identify devices that access the network
عرض الإجابة
اجابة صحيحة: B
السؤال #57
Which of the following is generally used to ensure that information transmitted over the Internet is authentic and actually transmitted by the named sender?
A. Biometric authentication
B. Embedded steganographic Two-factor authentication
D. Embedded digital signature
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: