لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Malicious code protection is which type control?
A. Configuration management control
B. System and information integrity control
C. Media protection control
D. Personal security control
عرض الإجابة
اجابة صحيحة: B
السؤال #2
You are the project manager of GHT project. You have identified a risk event on your project that could save $100,000 in project costs if it occurs. Which of the following statements BEST describes this risk event?
A. This risk event should be mitigated to take advantage of the savings
B. This is a risk event that should be accepted because the rewards outweigh the threat to the project
C. This risk event should be avoided to take full advantage of the potential savings
D. This risk event is an opportunity to the project and should be exploited
عرض الإجابة
اجابة صحيحة: C
السؤال #3
Which of the following are the principles of access controls? Each correct answer represents a complete solution. Choose three.
A. Confidentiality
B. Availability
C. Reliability
D. Integrity
عرض الإجابة
اجابة صحيحة: D
السؤال #4
06.Which of the following examples includes ALL required components of a risk calculation?
A. ver the next quarter, it is estimated that there is a 30 percent chance of two projects failing to meet a contract deadline, resulting in a US $500,000 fine related to breach of service level agreements
B. ecurity experts believe that if a system is compromised, it will result in the loss of US $15 million in lost contracts
C. he likelihood of disk corruption resulting from a single event of uncontrolled system power failure is estimated by engineers to be 15 percent
D. he impact to security of a business line of a malware-related workstation event is estimated to be low
عرض الإجابة
اجابة صحيحة: a
السؤال #5
You are the project manager of GHT project. You have selected appropriate Key Risk Indicators for your project. Now, you need to maintain those Key Risk Indicators. What is the MOST important reason to maintain Key Risk Indicators? A. Risk reports need to be timely
B. Complex metrics require fine-tuning
C. Threats and vulnerabilities change over time
D. They help to avoid risk
عرض الإجابة
اجابة صحيحة: B
السؤال #6
Which of the following statements BEST describes policy?
A. A minimum threshold of information security controls that must be implemented
B. A checklist of steps that must be completed to ensure information security
C. An overall statement of information security scope and direction
D. A technology-dependent statement of best practices
عرض الإجابة
اجابة صحيحة: AB
السؤال #7
You are working in an enterprise. Your enterprise owned various risks. Which among the following is MOST likely to own the risk to an information system that supports a critical business process?
A. System users
B. Senior management
C. IT director
D. Risk management department
عرض الإجابة
اجابة صحيحة: AD
السؤال #8
Which of the following process ensures that extracted data are ready for analysis?
A. Data analysis
B. Data validation
C. Data gathering
D. Data access
عرض الإجابة
اجابة صحيحة: D
السؤال #9
Which of the following would be a risk practitioners BEST recommendation for preventing cyber intrusion?
A. Establish a cyber response plan
B. Implement data loss prevention (DLP) tools
C. Implement network segregation
D. Strengthen vulnerability remediation efforts
عرض الإجابة
اجابة صحيحة: D
السؤال #10
When a risk cannot be sufficiently mitigated through manual or automatic controls, which of the following options will BEST protect the enterprise from the potential financial impact of the risk?
A. Updating the IT risk registry
B. Insuring against the risk
C. Outsourcing the related business process to a third party
D. Improving staff-training in the risk area
عرض الإجابة
اجابة صحيحة: C
السؤال #11
Which of the following vulnerability assessment software can check for weak passwords on the network?
A. Password cracker
B. Antivirus software
C. Anti-spyware software
D. Wireshark
عرض الإجابة
اجابة صحيحة: AC
السؤال #12
You are the project manager of the NNN Project. Stakeholders in the two-year project have requested to send status reports to them via. email every week. You have agreed and send reports every Thursday. After six months of the project, the stakeholders are pleased with the project progress and they would like you to reduce the status reports to every two weeks. What process will examine the change to this project process and implement it in the project?
A. Configuration management B
C. Perform integrated change control process
D. Project change control process
عرض الإجابة
اجابة صحيحة: D
السؤال #13
An enterprise has identified risk events in a project. While responding to these identified risk events, which among the following stakeholders is MOST important for reviewing risk response options to an IT risk.
A. Information security managers
B. Internal auditors
C. Incident response team members
D. Business managers
عرض الإجابة
اجابة صحيحة: D
السؤال #14
Which of the following parameters would affect the prioritization of the risk responses and development of the risk response plan? Each correct answer represents a complete solution. Choose three.
A. Importance of the risk
B. Time required to mitigate risk
C. Effectiveness of the response
D. Cost of the response to reduce risk within tolerance levels
عرض الإجابة
اجابة صحيحة: D
السؤال #15
What is the most important benefit of classifying information assets?
A. Linking security requirements to business objectives
B. Allotting risk ownership
C. Defining access rights
D. Identifying controls that should be applied
عرض الإجابة
اجابة صحيحة: C
السؤال #16
Which of the following are external risk factors? Each correct answer represents a complete solution. Choose three.
A. Geopolitical situation
B. Complexity of the enterprise
C. Market D
عرض الإجابة
اجابة صحيحة: A
السؤال #17
Which of the following are true for quantitative analysis? Each correct answer represents a complete solution. Choose three.
A. Determines risk factors in terms of high/medium/low
B. Produces statistically reliable results
C. Allows discovery of which phenomena are likely to be genuine and which are merely chance occurrences
D. Allows data to be classified and counted
عرض الإجابة
اجابة صحيحة: A
السؤال #18
You work as a Project Manager for Company Inc. You are incorporating a risk response owner to take the job for each agreed-to and funded risk response. On which of the following processes are you working? A. Quantitative Risk Analysis
B. Identify Risks
C. Plan risk response
D. Qualitative Risk Analysis
عرض الإجابة
اجابة صحيحة: D
السؤال #19
You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?
A. Resource Management Plan
B. Risk Management Plan
C. Stakeholder management strategy
D. Communications Management Plan
عرض الإجابة
اجابة صحيحة: C
السؤال #20
You are working in Bluewell Inc. which make advertisement Websites. Someone had made unauthorized changes to a your Website. Which of the following terms refers to this type of loss?
A. Loss of confidentiality B
C. Loss of availability
D. Loss of revenue
عرض الإجابة
اجابة صحيحة: D
السؤال #21
You work as a project manager for TechSoft Inc. You are working with the project stakeholders on the qualitative risk analysis process in youproject. You have used all the tools to the qualitative risk analysis process in your project. Which of the following techniques is NOT used asa tool in qualitative risk analysis process?
A. Risk Urgency Assessment
B. Risk Reassessment
C. Risk Data Quality Assessment
D. Risk Categorization
عرض الإجابة
اجابة صحيحة: B
السؤال #22
In response to the threat of ransomware, an organization has implemented cybersecurity awareness activities. The risk practitioner's BEST recommendation to further reduce the impact of ransomware attacks would be to implement:
A. two-factor authentication
B. continuous data backup controls
C. encryption for data at rest
D. encryption for data in motion
عرض الإجابة
اجابة صحيحة: A
السؤال #23
When does the Identify Risks process take place in a project?
A. At the Planning stage
B. At the Executing stage
C. At the Initiating stage
D. Throughout the project life-cycle
عرض الإجابة
اجابة صحيحة: C
السؤال #24
David is the project manager of the HRC Project. He has identified a risk in the project, which could cause the delay in the project. David does not want this risk event to happen so he takes few actions to ensure that the risk event will not happen. These extra steps, however, cost the project an additional $10,000. What type of risk response has David adopted?
A. Avoidance
B. Mitigation
C. Acceptance
D. Transfer
عرض الإجابة
اجابة صحيحة: ABD
السؤال #25
Which of the following BEST describes the utility of a risk?
A. The finance incentive behind the risk
B. The potential opportunity of the risk
C. The mechanics of how a risk works
D. The usefulness of the risk to individuals or groups
عرض الإجابة
اجابة صحيحة: AD
السؤال #26
Which of the following role carriers are responsible for setting up the risk governance process, establishing and maintaining a common risk view, making risk- aware business decisions, and setting the enterprise's risk culture? Each correct answer represents a complete solution. Choose two.
A. Senior management
B. Chief financial officer (CFO)
C. Human resources (HR)
D. Board of directors
عرض الإجابة
اجابة صحيحة: CD
السؤال #27
Which of the following methods involves the use of predictive or diagnostic analytical tool for exposing risk factors?
A. Scenario analysis
B. Sensitivity analysis
C. Fault tree analysis
D. Cause and effect analysis
عرض الإجابة
اجابة صحيحة: ACD
السؤال #28
Which of the following is true for risk management frameworks, standards and practices? Each correct answer represents a part of the solution. Choose three.
A. They act as a guide to focus efforts of variant teams
B. They result in increase in cost of training, operation and performance improvement
C. They provide a systematic view of "things to be considered" that could harm clients or an enterprise
D. They assist in achieving business objectives quickly and easily
عرض الإجابة
اجابة صحيحة: C
السؤال #29
Which of the following business requirements MOST relates to the need for resilient business and information systems processes?
A. Confidentiality
B. Effectiveness
C. Integrity
D. Availability
عرض الإجابة
اجابة صحيحة: D
السؤال #30
Which of the following risk responses include feedback and guidance from well-qualified risk officials and those internal to the project?
A. Contingent response strategy
B. Risk Acceptance
C. Expert judgment
D. Risk transfer
عرض الإجابة
اجابة صحيحة: B
السؤال #31
02.Which of the following factors will have the GREATEST impact on the type of information security governance model that an enterprise adopts?
A. he number of employees
B. he enterprise’s budget
C. he organizational structure
D. he type of technology that the enterprise uses
عرض الإجابة
اجابة صحيحة: c
السؤال #32
Which of the following is BEST described by the definition below? "They are heavy influencers of the likelihood and impact of risk scenarios and should be taken into account during every risk analysis, when likelihood and impact are assessed."
A. Obscure risk
B. Risk factors
C. Risk analysis
D. Risk event
عرض الإجابة
اجابة صحيحة: ACD
السؤال #33
07.Which of the following is MOST useful in developing a series of recovery time objectives?
A. egression analysis
B. isk analysis
C. ap analysis
D. usiness impact analysis
عرض الإجابة
اجابة صحيحة: d
السؤال #34
John works as a project manager for BlueWell Inc. He is determining which risks can affect the project. Which of the following inputs of the identify risks process is useful in identifying risks associated to the time allowances for the activities or projects as a whole, with a width of the range indicating the degrees of risk?
A. Activity duration estimates
B. Activity cost estimates
C. Risk management plan
D. Schedule management plan
عرض الإجابة
اجابة صحيحة: C
السؤال #35
In the project initiation phase of System Development Life Cycle, there is information on project initiated by which of the following role carriers?
A. CRO
B. Sponsor
C. Business management
D. CIO
عرض الإجابة
اجابة صحيحة: A
السؤال #36
You are the project manager of GHT project. Your project utilizes a machine for production of goods. This machine has the specification that if its temperature would rise above 450 degree Fahrenheit then it may result in burning of windings. So, there is an alarm which blows when machine's temperature reaches 430 degree Fahrenheit and the machine is shut off for 1 hour. What role does alarm contribute here?
A. Of risk indicator B
C. Of risk trigger
D. Of risk response
عرض الإجابة
اجابة صحيحة: D
السؤال #37
You are the project manager for your organization to install new workstations, servers, and cabling throughout a new building, where your company will be moving into. The vendor for the project informs you that the cost of the cabling has increased due to the some reason. This new cost will cause the cost of your project to increase by nearly eight percent. What change control system should the costs be entered into for review?
A. Cost change control system
B. Contract change control system
C. Scope change control system
D. Only changes to the project scope should pass through a change control system
عرض الإجابة
اجابة صحيحة: C
السؤال #38
Which of the following is the way to verify control effectiveness?
A. The capability of providing notification of failure
B. Whether it is preventive or detective
C. Its reliability
D. The test results of intended objectives
عرض الإجابة
اجابة صحيحة: C
السؤال #39
A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?
A. Transference
B. Mitigation
C. Avoidance
D. Exploit
عرض الإجابة
اجابة صحيحة: ACD
السؤال #40
What is the process for selecting and implementing measures to impact risk called? A. Risk Treatment
B. Control
C. Risk Assessment
D. Risk Management
عرض الإجابة
اجابة صحيحة: AD
السؤال #41
Which of the following events refer to loss of integrity? Each correct answer represents a complete solution. Choose three.
A. Someone sees company's secret formula
B. Someone makes unauthorized changes to a Web site
C. An e-mail message is modified in transit
D. A virus infects a file
عرض الإجابة
اجابة صحيحة: B
السؤال #42
You are the risk professional of your enterprise. You need to calculate potential revenue loss if a certain risks occurs. Your enterprise has an electronic (e- commerce) web site that is producing US $1 million of revenue each day, then if a denial of service (DoS) attack occurs that lasts half a day creates how much loss?
A. US $250,000 loss
B. US $500,000 loss C
D. US $100,000 loss
عرض الإجابة
اجابة صحيحة: D
السؤال #43
09.Which of the following is the BEST way to ensure that contract programmers comply with organizational security policies?
A. ave the contractors acknowledge the security policies in writing
B. xplicitly refer to contractors in the security standards
C. erform periodic security reviews of the contractors
D. reate penalties for noncompliance in the contracting agreement
عرض الإجابة
اجابة صحيحة: c
السؤال #44
You are the project manager of the GHT project. You are accessing data for further analysis. You have chosen such a data extraction method in which management monitors its own controls. Which of the following data extraction methods you are using here?
A. Extracting data directly from the source systems after system owner approval
B. Extracting data from the system custodian (IT) after system owner approval
C. Extracting data from risk register
D. Extracting data from lesson learned register
عرض الإجابة
اجابة صحيحة: C
السؤال #45
You work as a project manager for BlueWell Inc. You are preparing for the risk identification process. You will need to involve several of the project's key stakeholders to help you identify and communicate the identified risk events. You will also need several documents to help you and the stakeholders identify the risk events. Which one of the following is NOT a document that will help you identify and communicate risks within the project? A. Stakeholder registers
B. Activity duration estimates
C. Activity cost estimates
D. Risk register
عرض الإجابة
اجابة صحيحة: A
السؤال #46
You are the project manager of GHT project. You have analyzed the risk and applied appropriate controls. In turn, you got residual risk as a result of this. Residual risk can be used to determine which of the following? A. Status of enterprise's risk
B. Appropriate controls to be applied next
C. The area that requires more control
D. Whether the benefits of such controls outweigh the costs
عرض الإجابة
اجابة صحيحة: D
السؤال #47
What are the requirements for creating risk scenarios? Each correct answer represents a part of the solution. Choose three.
A. Determination of cause and effect
B. Determination of the value of business process at risk
C. Potential threats and vulnerabilities that could cause loss
D. Determination of the value of an asset
عرض الإجابة
اجابة صحيحة: B
السؤال #48
05.A global financial institution has decided not to take any further action on a denial-of-service vulnerability found by the risk assessment team. The MOST likely reason for making this decision is that:
A. he needed countermeasure is too complicated to deploy
B. here are sufficient safeguards in place to prevent this risk from happening
C. he likelihood of the risk occurring is unknown
D. he cost of countermeasure outweighs the value of the asset and potential loss
عرض الإجابة
اجابة صحيحة: d
السؤال #49
Which of the following is an acceptable method for handling positive project risk?
A. Exploit
B. Avoid
C. Mitigate
D. Transfer
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.