لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
The MOST important function of a risk management program is to:
A. quantify overall risk
B. minimize residual risk
C. eliminate inherent risk
D. maximize the sum of all annualized loss expectancies (ALEs)
عرض الإجابة
اجابة صحيحة: B
السؤال #2
The PRIMARY goal of a corporate risk management program is to ensure that an organization's: A. IT assets in key business functions are protected.
B. business risks are addressed by preventive controls
C. stated objectives are achievable
D. IT facilities and systems are always available
عرض الإجابة
اجابة صحيحة: C
السؤال #3
The PRIMARY objective of a security steering group is to:
A. ensure information security covers all business functions
B. ensure information security aligns with business goals
C. raise information security awareness across the organization
D. implement all decisions on security management across the organization
عرض الإجابة
اجابة صحيحة: B
السؤال #4
An information security strategy document that includes specific links to an organization's business activities is PRIMARILY an indicator of:
A. performance measurement
B. integration
C. alignment
D. value delivery
عرض الإجابة
اجابة صحيحة: C
السؤال #5
Which of the following is the BEST method or technique to ensure the effective implementation of an information security program?
A. Obtain the support of the board of directors
B. Improve the content of the information security awareness program
C. Improve the employees' knowledge of security policies
D. Implement logical access controls to the information systems
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Which of the following is the PRIMARY prerequisite to implementing data classification within an organization? Real 101 Isaca CISM Exam
A. Defining job roles
B. Performing a risk assessment
C. Identifying data owners
D. Establishing data retention policies
عرض الإجابة
اجابة صحيحة: D
السؤال #7
Who would be in the BEST position to determine the recovery point objective (RPO) for business applications?
A. Business continuity coordinator
B. Chief operations officer (COO)
C. Information security manager
D. Internal audit
عرض الإجابة
اجابة صحيحة: B
السؤال #8
The PRIMARY benefit of performing an information asset classification is to:
A. link security requirements to business objectives
B. identify controls commensurate to risk
C. define access rights
D. establish ownership
عرض الإجابة
اجابة صحيحة: B
السؤال #9
In assessing the degree to which an organization may be affected by new privacy legislation, information security management should FIRST: Real 116 Isaca CISM Exam
A. develop an operational plan for achieving compliance with the legislation
B. identify systems and processes that contain privacy components
C. restrict the collection of personal information until compliant
D. identify privacy legislation in other countries that may contain similar requirements
عرض الإجابة
اجابة صحيحة: D
السؤال #10
Data owners are PRIMARILY responsible for establishing risk mitigation methods to address which of the following areas?
A. Platform security Real 88 Isaca CISM Exam
B. Entitlement changes
C. Intrusion detection
D. Antivirus controls
عرض الإجابة
اجابة صحيحة: B
السؤال #11
The FIRST step in establishing a security governance program is to:
A. conduct a risk assessment
B. conduct a workshop for all end users
C. prepare a security budget
D. obtain high-level sponsorship
عرض الإجابة
اجابة صحيحة: D
السؤال #12
A company recently developed a breakthrough technology. Since this technology could give this company a significant competitive edge, which of the following would FIRST govern how this information is to be protected?
A. Access control policy
B. Data classification policy
C. Encryption standards
D. Acceptable use policy
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Reviewing which of the following would BEST ensure that security controls are effective?
A. Risk assessment policies
B. Return on security investment
C. Security metrics
D. User access rights
عرض الإجابة
اجابة صحيحة: C
السؤال #14
An information security manager at a global organization has to ensure that the local information security program will initially ensure compliance with the: Real 29 Isaca CISM Exam
A. corporate data privacy policy
B. data privacy policy where data are collected
C. data privacy policy of the headquarters' country
D. data privacy directive applicable globally
عرض الإجابة
اجابة صحيحة: B
السؤال #15
Which of the following devices should be placed within a DMZ?
A. Router
B. Firewall
C. Mail relay
D. Authentication server
عرض الإجابة
اجابة صحيحة: A
السؤال #16
An online banking institution is concerned that the breach of customer personal information will have a significant financial impact due to the need to notify and compensate customers whose personal information may have been compromised. The institution determines that residual risk will always be too high and decides to:
A. mitigate the impact by purchasing insurance
B. implement a circuit-level firewall to protect the network
C. increase the resiliency of security measures in place
عرض الإجابة
اجابة صحيحة: D
السؤال #17
Investments in information security technologies should be based on:
A. vulnerability assessments
B. value analysis
C. business climate
D. audit recommendations
عرض الإجابة
اجابة صحيحة: B
السؤال #18
One way to determine control effectiveness is by determining:
A. whether it is preventive, detective or compensatory
B. the capability of providing notification of failure
C. the test results of intended objectives
D. the evaluation and analysis of reliability
عرض الإجابة
اجابة صحيحة: C
السؤال #19
After assessing and mitigating the risks of a web application, who should decide on the acceptance of residual application risks?
A. Information security officer Real 126 Isaca CISM Exam
B. Chief information officer (CIO)
C. Business owner
D. Chief executive officer (CF
عرض الإجابة
اجابة صحيحة: A
السؤال #20
When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint? Real 45 Isaca CISM Exam
A. Compliance with international security standards
B. Use of a two-factor authentication system
C. Existence of an alternate hot site in case of business disruption
D. Compliance with the organization's information security requirements
عرض الإجابة
اجابة صحيحة: D
السؤال #21
A security manager is preparing a report to obtain the commitment of executive management to a security program. Inclusion of which of the following would be of MOST value?
A. Examples of genuine incidents at similar organizations
B. Statement of generally accepted best practices
C. Associating realistic threats to corporate objectives D
عرض الإجابة
اجابة صحيحة: C
السؤال #22
Who in an organization has the responsibility for classifying information? A. Data custodian
B. Database administrator
C. Information security officer
D. Data owner
عرض الإجابة
اجابة صحيحة: D
السؤال #23
Who is responsible for ensuring that information is categorized and that specific protective measures are taken?
A. The security officer B
C. The end user
D. The custodian
عرض الإجابة
اجابة صحيحة: B
السؤال #24
At what stage of the applications development process should the security department initially become involved? Real 31 Isaca CISM Exam
A. When requested
B. At testing
C. At programming
D. At detail requirements
عرض الإجابة
اجابة صحيحة: D
السؤال #25
Which of the following is the MOST important to keep in mind when assessing the value of information?
A. The potential financial loss B
C. The cost of insurance coverage
D. Regulatory requirement
عرض الإجابة
اجابة صحيحة: A
السؤال #26
Which of the following would a security manager establish to determine the target for restoration of normal processing?
A. Recover)' time objective (RTO)
B. Maximum tolerable outage (MTO)
C. Recovery point objectives (RPOs)
D. Services delivery objectives (SDOs)
عرض الإجابة
اجابة صحيحة: C
السؤال #27
An organization has to comply with recently published industry regulatory requirements--compliance that potentially has high implementation costs. What should the information security manager do FIRST?
A. Implement a security committee
C. Implement compensating controls
D. Demand immediate compliance
عرض الإجابة
اجابة صحيحة: C
السؤال #28
Which of the following risks would BEST be assessed using qualitative risk assessment techniques?
A. Theft of purchased software
B. Power outage lasting 24 hours Real 77 Isaca CISM Exam
C. Permanent decline in customer confidence
D. Temporary loss of e-mail due to a virus attack
عرض الإجابة
اجابة صحيحة: C
السؤال #29
Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise? A. Chief security officer (CSO)
B. Chief operating officer (COO)
C. Chief privacy officer (CPO)
D. Chief legal counsel (CLC)
عرض الإجابة
اجابة صحيحة: B
السؤال #30
The PRIMARY concern of an information security manager documenting a formal data retention policy would be:
A. generally accepted industry best practices
B. business requirements
C. legislative and regulatory requirements
D. storage availability
عرض الإجابة
اجابة صحيحة: B
السؤال #31
What does a network vulnerability assessment intend to identify?
A. 0-day vulnerabilities B
C. Security design flaws
D. Misconfiguration and missing updates
عرض الإجابة
اجابة صحيحة: B
السؤال #32
What mechanisms are used to identify deficiencies that would provide attackers with an opportunity to compromise a computer system?
A. Business impact analyses
B. Security gap analyses
C. System performance metrics
D. Incident response processes Real 102 Isaca CISM Exam
عرض الإجابة
اجابة صحيحة: C
السؤال #33
Which of the following requirements would have the lowest level of priority in information security? A. Technical
B. Regulatory
C. Privacy
D. Business
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: