لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Which would be the BEST recommendation to protect against phishing attacks?
A. Install an antispam system
B. Publish security guidance for customers
C. Provide security awareness to the organization's staff
D. D
عرض الإجابة
اجابة صحيحة: C
السؤال #2
When a significant security breach occurs, what should be reported FIRST to senior management?
A. A summary of the security logs that illustrates the sequence of events
B. An explanation of the incident and corrective action taken
C. An analysis of the impact of similar attacks at other organizations
D. A business case for implementing stronger logical access controls
عرض الإجابة
اجابة صحيحة: C
السؤال #3
Which of the following is the GREATEST security threat when an organization allows remote access to a virtual private network (VPN)?
A. Client logins are subject to replay attack
B. Compromised VPN clients could impact the network
C. Attackers could compromise the VPN gateway
D. VPN traffic could be sniffed and captured
عرض الإجابة
اجابة صحيحة: A
السؤال #4
A test plan to validate the security controls of a new system should be developed during which phase of the project?
A. Testing
B. Initiation
C. Design
D. Development
عرض الإجابة
اجابة صحيحة: D
السؤال #5
Which of the following is the BEST indicator that an effective security control is built into an organization?
A. The monthly service level statistics indicate a minimal impact from security issues
B. The cost of implementing a security control is less than the value of the assets
C. The percentage of systems that is compliant with security standards
D. The audit reports do not reflect any significant findings on security
عرض الإجابة
اجابة صحيحة: A
السؤال #6
In the event that a password policy cannot be implemented for a legacy application, which of the following is the BEST course of action?
A. Update the application security policy
B. Implement compensating control
C. Submit a waiver for the legacy application
D. Perform an application security assessment
عرض الإجابة
اجابة صحيحة: B
السؤال #7
The recovery point objective (RPO) requires which of the following?
A. Disaster declaration
B. Before-image restoration
C. System restoration
D. After-image processing
عرض الإجابة
اجابة صحيحة: C
السؤال #8
Which of the following sites would be MOST appropriate in the case of a very short recovery time objective (RTO)?
A. Warm
B. Redundant
C. Shared
D. Mobile
عرض الإجابة
اجابة صحيحة: C
السؤال #9
The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is:
A. messages displayed at every logon
B. periodic security-related e-mail messages
C. an Intranet web site for information security
D. circulating the information security policy
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Which of the following would BEST protect an organization's confidential data stored on a laptop computer from unauthorized access?
A. Strong authentication by password
B. Encrypted hard drives
C. Multifactor authentication procedures
D. Network-based data backup
عرض الإجابة
اجابة صحيحة: B
السؤال #11
An organization has a policy in which all criminal activity is prosecuted. What is MOST important for the information security manager to ensure when an employee is suspected of using a company computer to commit fraud?
A. The forensics process is immediately initiated
B. The incident response plan is initiated
C. The employee’s log files are backed-up
D. Senior management is informed of the situation
عرض الإجابة
اجابة صحيحة: D
السؤال #12
To ensure that all information security procedures are functional and accurate, they should be designed with the involvement of:
A. end users
B. legal counsel
C. operational units
D. audit management
عرض الإجابة
اجابة صحيحة: D
السؤال #13
Risk management programs are designed to reduce risk to:
A. a level that is too small to be measurable
B. the point at which the benefit exceeds the expense
C. a level that the organization is willing to accept
D. a rate of return that equals the current cost of capital
عرض الإجابة
اجابة صحيحة: B
السؤال #14
Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:
A. are compatible with the provider's own classification
B. are communicated to the provider
C. exceed those of the outsourcer
D. are stated in the contract
عرض الإجابة
اجابة صحيحة: A
السؤال #15
Which of the following would BEST help to identify vulnerabilities introduced by changes to an organization’s technical infrastructure?
A. An intrusion detection system
B. Established security baselines
C. Penetration testing
D. Log aggregation and correlation
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Which of the following is the BEST approach to make strategic information security decisions?
A. Establish an information security steering committee
B. Establish periodic senior management meetings
C. Establish regular information security status reporting
D. Establish business unit security working groups
عرض الإجابة
اجابة صحيحة: D
السؤال #17
Which of the following change management activities would be a clear indicator that normal operational procedures require examination? A high percentage of:
A. similar change requests
B. change request postponements
C. canceled change requests
D. emergency change requests
عرض الإجابة
اجابة صحيحة: B
السؤال #18
What is the MOST important reason for conducting security awareness programs throughout an organization?
A. Reducing the human risk
B. Maintaining evidence of training records to ensure compliance
C. Informing business units about the security strategy
D. Training personnel in security incident response
عرض الإجابة
اجابة صحيحة: D
السؤال #19
An information security manager is developing a business case for an investment in an information security control. The FIRST step should be to:
A. research vendor pricing to show cost efficiency
B. assess potential impact to the organization
C. demonstrate increased productivity of security staff
D. gain audit buy-in for the security control
عرض الإجابة
اجابة صحيحة: D
السؤال #20
What is the BEST policy for securing data on mobile universal serial bus (USB) drives?
A. Authentication
B. Encryption
C. Prohibit employees from copying data to USB devices
D. Limit the use of USB devices
عرض الإجابة
اجابة صحيحة: B
السؤال #21
A multinational organization’s information security manager has been advised that the city in which a contracted regional data center is located is experiencing civil unrest. The information security manager should FIRST:
A. delete the organization’s sensitive data at the provider’s location
B. engage another service provider at a safer location
C. verify the provider’s ability to protect the organization’s data
D. evaluate options to recover if the data center becomes unreachable
عرض الإجابة
اجابة صحيحة: A
السؤال #22
Which of the following would be the BEST defense against sniffing? Password protect the files Implement a dynamic IP address scheme
C. Encrypt the data being transmitted
D. Set static mandatory access control (MAC) addresses
عرض الإجابة
اجابة صحيحة: A
السؤال #23
A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site. Which of the following would be the GREATEST weakness in recovery capability?
A. Exclusive use of the hot site is limited to six weeks
B. The hot site may have to be shared with other customers
C. The time of declaration determines site access priority
D. The provider services all major companies in the area
عرض الإجابة
اجابة صحيحة: B
السؤال #24
The MOST appropriate individual to determine the level of information security needed for a specific business application is the:
A. system developer
B. information security manager
C. steering committee
D. system data owner
عرض الإجابة
اجابة صحيحة: A
السؤال #25
The BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly installed is to:
A. simulate an attack and review IDS performance
B. use a honeypot to check for unusual activity
C. audit the configuration of the IDS
D. benchmark the IDS against a peer site
عرض الإجابة
اجابة صحيحة: C
السؤال #26
The MAIN goal of an information security strategic plan is to:
A. develop a risk assessment plan
B. develop a data protection plan
C. protect information assets and resources
D. establish security governance
عرض الإجابة
اجابة صحيحة: D
السؤال #27
An intrusion detection system (IDS) should:
A. run continuously
B. ignore anomalies
C. require a stable, rarely changed environment
D. be located on the network
عرض الإجابة
اجابة صحيحة: C
السؤال #28
What mechanisms are used to identify deficiencies that would provide attackers with an opportunity to compromise a computer system?
A. Business impact analyses
B. Security gap analyses
C. System performance metrics
D. Incident response processes
عرض الإجابة
اجابة صحيحة: B
السؤال #29
After detecting an advanced persistent threat (APT), which of the following should be the information security manager’s FIRST step?
A. Notify management
B. Contain the threat
C. Remove the threat
D. Perform root-cause analysis
عرض الإجابة
اجابة صحيحة: A
السؤال #30
Which of the following outsourced services has the GREATEST need for security monitoring?
A. Enterprise infrastructure
B. Application development
C. Virtual private network (VPN) services
D. Web site hosting
عرض الإجابة
اجابة صحيحة: D
السؤال #31
An organization to integrate information security into its human resource management processes. Which of the following should be the FIRST step?
A. Evaluate the cost of information security integration
B. Assess the business objectives of the processes
C. Identify information security risk associated with the processes
D. Benchmark the processes with best practice to identify gaps
عرض الإجابة
اجابة صحيحة: A
السؤال #32
D. An account with full administrative privileges over a production file is found to be accessible by a member of the software development team
عرض الإجابة
اجابة صحيحة: D
السؤال #33
A web-based business application is being migrated from test to production. Which of the following is the MOST important management signoff for this migration?
A. User
B. Network
C. Operations
D. Database
عرض الإجابة
اجابة صحيحة: A
السؤال #34
A. The PRIORITY action to be taken when a server is infected with a virus is to: isolate the infected server(s) from the network
عرض الإجابة
اجابة صحيحة: B
السؤال #35
Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs?
A. Penetration attempts investigated
B. Violation log reports produced
C. Violation log entries
D. Frequency of corrective actions taken
عرض الإجابة
اجابة صحيحة: B
السؤال #36
What does a network vulnerability assessment intend to identify?
A. 0-day vulnerabilities
B. Malicious software and spyware
C. Security design flaws
D. Misconfiguration and missing updates
عرض الإجابة
اجابة صحيحة: B
السؤال #37
Change management procedures to ensure that disaster recovery/business continuity plans are kept up-to-date can be BEST achieved through which of the following?
A. Reconciliation of the annual systems inventory to the disaster recovery, business continuity plans
B. Periodic audits of the disaster recovery/business continuity plans
C. Comprehensive walk-through testing
D. Inclusion as a required step in the system life cycle process
عرض الإجابة
اجابة صحيحة: D
السؤال #38
Which of the following would a security manager establish to determine the target for restoration of normal processing?
A. Recover time objective (RTO)
B. Maximum tolerable outage (MTO)
C. Recovery point objectives (RPOs)
D. Services delivery objectives (SDOs)
عرض الإجابة
اجابة صحيحة: B
السؤال #39
An information security manager has been assigned to implement more restrictive preventive controls. By doing so, the net effect will be to PRIMARILY reduce the:
A. threat
B. loss
C. vulnerability
D. probability
عرض الإجابة
اجابة صحيحة: B
السؤال #40
When performing a quantitative risk analysis, which of the following is MOST important to estimate the potential loss?
A. Evaluate productivity losses
B. Assess the impact of confidential data disclosure
C. Calculate the value of the information or asset
D. Measure the probability of occurrence of each threat
عرض الإجابة
اجابة صحيحة: C
السؤال #41
Prior to having a third party perform an attack and penetration test against an organization, the MOST important action is to ensure that:
A. the third party provides a demonstration on a test system
B. goals and objectives are clearly defined
C. the technical staff has been briefed on what to expect
D. special backups of production servers are taken
عرض الإجابة
اجابة صحيحة: D
السؤال #42
When developing security standards, which of the following would be MOST appropriate to include?
A. Accountability for licenses
B. Acceptable use of IT assets
C. operating system requirements
D. Inventory management
عرض الإجابة
اجابة صحيحة: A
السؤال #43
Which of the following results from the risk assessment process would BEST assist risk management decision making?
A. Control risk
B. Inherent risk
C. Risk exposure
D. Residual risk
عرض الإجابة
اجابة صحيحة: D
السؤال #44
Which of the following provides the BKST confirmation that the business continuity/disaster recovery plan objectives have been achieved?
A. The recovery time objective (RTO) was not exceeded during testing
B. Objective testing of the business continuity/disaster recovery plan has been carried out consistently
C. The recovery point objective (RPO) was proved inadequate by disaster recovery plan testing
D. Information assets have been valued and assigned to owners per the business continuity plan, disaster recovery plan
عرض الإجابة
اجابة صحيحة: A
السؤال #45
In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?
A. Implementing on-screen masking of passwords
B. Conducting periodic security awareness programs
C. Increasing the frequency of password changes
D. Requiring that passwords be kept strictly confidential
عرض الإجابة
اجابة صحيحة: D
السؤال #46
Which of the following will BEST help to proactively prevent the exploitation of vulnerabilities in operating system software?
A. Patch management
B. Threat management
C. Intrusion detection system
D. Anti-virus software
عرض الإجابة
اجابة صحيحة: B
السؤال #47
Which of the following characteristics is MOST important to a bank in a high-value online financial transaction system?
A. Identification
B. Confidentiality
C. Authentication
D. Audit monitoring
عرض الإجابة
اجابة صحيحة: A
السؤال #48
The contribution of recovery point objective (RPO) to disaster recovery is to:
A. define backup strategy
B. eliminate single points of failure
C. reduce mean time between failures (MTBF)
D. minimize outage period
عرض الإجابة
اجابة صحيحة: C
السؤال #49
When defining responsibilities with a cloud computing vendor, which of the following should be regarded as a shared responsibility between user and provider?
A. Data ownership
B. Access log review
C. Application logging
D. Incident response
عرض الإجابة
اجابة صحيحة: C
السؤال #50
Of the following, whose input is of GREATEST importance in the development of an information security strategy?
A. End users
B. Corporate auditors
C. Process owners
D. Security architects
عرض الإجابة
اجابة صحيحة: D
السؤال #51
The "separation of duties" principle is violated if which of the following individuals has update rights to the database access control list (ACL)?
A. Data owner
B. Data custodian
C. Systems programmer
D. Security administrator
عرض الإجابة
اجابة صحيحة: A
السؤال #52
Which of the following will BEST prevent external security attacks?
A. Static IP addressing
B. Network address translation
C. Background checks for temporary employees
D. Securing and analyzing system access logs
عرض الإجابة
اجابة صحيحة: C
السؤال #53
What is the GREATEST advantage of documented guidelines and operating procedures from a security perspective?
A. Provide detailed instructions on how to carry out different types of tasks
B. Ensure consistency of activities to provide a more stable environment
C. Ensure compliance to security standards and regulatory requirements
D. Ensure reusability to meet compliance to quality requirements
عرض الإجابة
اجابة صحيحة: A
السؤال #54
The BEST way to establish a recovery time objective (RTO) that balances cost with a realistic recovery time frame is to:
A. perform a business impact analysis
B. determine daily downtime cost
C. analyze cost metrics
D. conduct a risk assessment
عرض الإجابة
اجابة صحيحة: C
السؤال #55
Which of the following is the MOST appropriate individual to implement and maintain the level of information security needed for a specific business application?
A. System analyst
B. Quality control manager
C. Process owner
D. Information security manager
عرض الإجابة
اجابة صحيحة: B
السؤال #56
A.
B. At what stage of the applications development process would encryption key management initially be addressed? Requirements development Deployment
C. Systems testing
D. Code reviews
عرض الإجابة
اجابة صحيحة: B
السؤال #57
Which of the following techniques would be the BEST test of security effectiveness?
A. Performing an external penetration test
B. Reviewing security policies and standards
C. Reviewing security logs
D. Analyzing technical security practices
عرض الإجابة
اجابة صحيحة: A
السؤال #58
Which of the following groups would be in the BEST position to perform a risk analysis for a business?
A. External auditors
B. A peer group within a similar businessC
D. A specialized management consultant
عرض الإجابة
اجابة صحيحة: A
السؤال #59
A company recently developed a breakthrough technology. Since this technology could give this company a significant competitive edge, which of the following would FIRST govern how this information is to be protected?
A. Access control policy
B. Data classification policy
C. Encryption standards
D. Acceptable use policy
عرض الإجابة
اجابة صحيحة: C
السؤال #60
The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the:
A. information security manager
B. escalation procedures
C. disaster recovery plan
D. chain of custody
عرض الإجابة
اجابة صحيحة: D
السؤال #61
To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?
A. Review samples of service level reports from the service provider
B. Assess the level of security awareness of the service provider
C. Request that the service provider comply with information security policy
D. Review the security status of the service provider
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: