لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Change management procedures to ensure that disaster recovery/business continuity plans are kept up-to- date can be BEST achieved through which of the following?
A. Reconciliation of the annual systems inventory to the disaster recovery, business continuity plans
B. Periodic audits of the disaster recovery/business continuity plans
C. Comprehensive walk-through testing
D. Inclusion as a required step in the system life cycle process
عرض الإجابة
اجابة صحيحة: A
السؤال #2
A risk management program should reduce risk to:
A. zer
B. an acceptable leve
C. an acceptable percent of revenu
D. an acceptable probability of occurrenc
عرض الإجابة
اجابة صحيحة: D
السؤال #3
To justify the need to invest in a forensic analysis tool, an information security manager should FIRST:
A. review the functionalities and implementation requirements of the solutio
B. review comparison reports of tool implementation in peer companie
C. provide examples of situations where such a tool would be usefu
D. substantiate the investment in meeting organizational need
عرض الإجابة
اجابة صحيحة: D
السؤال #4
The advantage of Virtual Private Network (VPN) tunneling for remote users is that it:
A. helps ensure that communications are secur
B. increases security between multi-tier system
C. allows passwords to be changed less frequentl
D. eliminates the need for secondary authenticatio
عرض الإجابة
اجابة صحيحة: B
السؤال #5
The BEST strategy for risk management is to:
A. achieve a balance between risk and organizational goal
B. reduce risk to an acceptable leve
C. ensure that policy development properly considers organizational risk
D. ensure that all unmitigated risks are accepted by managemen
عرض الإجابة
اجابة صحيحة: D
السؤال #6
The root cause of a successful cross site request forgery (XSRF) attack against an application is that the vulnerable application:
A. uses multiple redirects for completing a data commit transactio
B. has implemented cookies as the sole authentication mechanis
C. has been installed with a non-1egitimate license ke
D. is hosted on a server along with other application
عرض الإجابة
اجابة صحيحة: D
السؤال #7
A security manager meeting the requirements for the international flow of personal data will need to ensure:
A. a data processing agreemen
B. a data protection registratio
C. the agreement of the data subject
D. subject access procedure
عرض الإجابة
اجابة صحيحة: C
السؤال #8
A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in-house staff and by external consultants outside the organization's local area network (LAN). What should the security manager do FIRST?
A. Understand the business requirements of the developer portal
B. Perform a vulnerability assessment of the developer portal
C. Install an intrusion detection system (IDS)
D. Obtain a signed nondisclosure agreement (NDA) from the external consultants before allowing external access to the server
عرض الإجابة
اجابة صحيحة: C
السؤال #9
The BEST protocol to ensure confidentiality of transmissions in a business-to-customer (B2C) financial web application is:
A. Secure Sockets Layer (SSL)
B. Secure Shell (SSH)
C. IP Security (IPSec)
D. Secure/Multipurpose Internet Mail Extensions (S/MIME )
عرض الإجابة
اجابة صحيحة: C
السؤال #10
Which of the following situations would MOST inhibit the effective implementation of security governance:
A. The complexity of technology
B. Budgetary constraints
C. Conflicting business priorities
D. High-level sponsorship
عرض الإجابة
اجابة صحيحة: D
السؤال #11
For risk management purposes, the value of an asset should be based on:
A. original cos
B. net cash flo
C. net present valu
D. replacement cos
عرض الإجابة
اجابة صحيحة: C
السؤال #12
A critical component of a continuous improvement program for information security is:
A. measuring processes and providing feedbac
B. developing a service level agreement (SLA) for securit
C. tying corporate security standards to a recognized international standar
D. ensuring regulatory complianc
عرض الإجابة
اجابة صحيحة: D
السؤال #13
Primary direction on the impact of compliance with new regulatory requirements that may lead to major application system changes should be obtained from the:
A. corporate internal audito
B. System developers/analyst
C. key business process owner
D. corporate legal counse
عرض الإجابة
اجابة صحيحة: D
السؤال #14
It is MOST important that information security architecture be aligned with which of the following?
A. Industry best practices
B. Information technology plans
C. Information security best practices
D. Business objectives and goals
عرض الإجابة
اجابة صحيحة: D
السؤال #15
An information security manager believes that a network file server was compromised by a hacker. Which of the following should be the FIRST action taken?
A. Unsure that critical data on the server are backed u
B. Shut down the compromised serve
C. Initiate the incident response proces
D. Shut down the networ
عرض الإجابة
اجابة صحيحة: D
السؤال #16
The MOST basic requirement for an information security governance program is to:
A. be aligned with the corporate business strateg
B. be based on a sound risk management approac
C. provide adequate regulatory complianc
D. provide best practices for security- initiative
عرض الإجابة
اجابة صحيحة: B
السؤال #17
Who is ultimately responsible for ensuring that information is categorized and that protective measures are taken?
A. Information security officer
B. Security steering committee
C. Data owner
D. Data custodian
عرض الإجابة
اجابة صحيحة: D
السؤال #18
What is the FIRST action an information security manager should take when a company laptop is reported stolen?
A. Evaluate the impact of the information loss
B. Update the corporate laptop inventory
C. Ensure compliance with reporting procedures
D. Disable the user account immediately
عرض الإجابة
اجابة صحيحة: C
السؤال #19
The information classification scheme should:
A. consider possible impact of a security breac
B. classify personal information in electronic for
C. be performed by the information security manage
D. classify systems according to the data processe
عرض الإجابة
اجابة صحيحة: A
السؤال #20
The MOST appropriate owner of customer data stored in a central database, used only by an organization's sales department, would be the:
A. sales departmen
B. database administrato
C. chief information officer (CIO)
D. head of the sales departmen
عرض الإجابة
اجابة صحيحة: D
السؤال #21
It is important to develop an information security baseline because it helps to define:
A. critical information resources needing protectio
B. a security policy for the entire organizatio
C. the minimum acceptable security to be implemente
D. required physical and logical access control
عرض الإجابة
اجابة صحيحة: A
السؤال #22
The MOST appropriate individual to determine the level of information security needed for a specific business application is the:
A. system develope
B. information security manage
C. steering committe
D. system data owne
عرض الإجابة
اجابة صحيحة: C
السؤال #23
What is the MAIN drawback of e-mailing password-protected zip files across the Internet? They:
A. all use weak encryptio
B. are decrypted by the firewal
C. may be quarantined by mail filter
D. may be corrupted by the receiving mail serve
عرض الإجابة
اجابة صحيحة: B
السؤال #24
The PRIMARY driver to obtain external resources to execute the information security program is that external resources can:
A. contribute cost-effective expertise not available internall
B. be made responsible for meeting the security program requirement
C. replace the dependence on internal resource
D. deliver more effectively on account of their knowledg
عرض الإجابة
اجابة صحيحة: C
السؤال #25
Which of the following would present the GREATEST risk to information security?
A. Virus signature files updates are applied to all servers every day
B. Security access logs are reviewed within five business days
C. Critical patches are applied within 24 hours of their release
D. Security incidents are investigated within five business days
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.