لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
An organization manages payroll and accounting systems for multiple client companies. Which of the following contract terms would indicate a potential weakness for a disaster recovery hot site?
A. Work-area size is limited but can be augmented with nearby office space
B. Exclusive use of hot site is limited to six weeks (following declaration)
C. Timestamp of declaration will determine priority of access to facility
D. Servers will be provided at time of disaster (not on floor)
عرض الإجابة
اجابة صحيحة: D

View The Updated CISM Exam Questions

SPOTO Provides 100% Real CISM Exam Questions for You to Pass Your CISM Exam!

Get CISM Practice Test
السؤال #2
Which of the following security controls should be integrated FIRST into procurement processes to improve the security of the services provided by suppliers?
A. Conducting penetration testing to identify security vulnerabilities
B. Creating service contract templates to include security provisions
C. Performing risk assessments to identify security concerns
D. Performing regular security audits to determine control deficiencies
عرض الإجابة
اجابة صحيحة: B
السؤال #3
A global organization has developed a strategy to share a customer information database between offices in two countries. In this situation, it is MOST important to ensure:
A. data sharing complies with local laws and regulations at both locations
B. data is encrypted in transit and at rest
C. a nondisclosure agreement is signed
D. risk coverage is split between the two locations sharing data
عرض الإجابة
اجابة صحيحة: A
السؤال #4
System logs and audit logs for sensitive systems should be stored
A. on a shared internal server
B. on a dedicated encrypted storage server
C. on a cold site server
D. in an encrypted folder on each server
عرض الإجابة
اجابة صحيحة: B
السؤال #5
What should be an information security managers BEST course of action if funding for a security-related initiative is denied by a steering committee?
A. Look for other ways to fund the initiative
B. Document the accepted risk
C. Discuss the initiative with senior management
D. Provide information from industry benchmarks
عرض الإجابة
اجابة صحيحة: B
السؤال #6
A risk assessment has been conducted following a data owner's decision to outsource an application to a cloud provider. Which of the following should be the information security manager's NEXT course of action?
A. Conduct an application vulnerability scan
B. Inform senior management
C. Review the contract with the cloud provider
D. Conduct a security assessment on the cloud provider
عرض الإجابة
اجابة صحيحة: D
السؤال #7
Which of the following is the BEST method to protect against data exposure when a mobile device is stolen?
A. Remote wipe capability
B. Encryption
C. Password protection
D. Insurance
عرض الإجابة
اجابة صحيحة: B
السؤال #8
Which of the following factors are the MAIN reasons why large networks are vulnerable?
A. Inadequate training and user errors
B. Network operating systems and protocols
C. Hacking and malicious software
D. Connectivity and complexity
عرض الإجابة
اجابة صحيحة: D
السؤال #9
Which of the following is the MOST relevant risk factor to an organization when employees use social media?
A. Social media can be used to gather intelligence for attacks
B. Social media increases the velocity of risk and the threat capacity
C. Social media offers a platform that can host cyber-attacks
D. Social media can be accessed from multiple locations
عرض الإجابة
اجابة صحيحة: A
السؤال #10
A data leakage prevention (DLP)solution has identified that several employees are sending confidential company data to their personal email addresses in violation of company policy.What should the information security manager do FIRST?
A. Notify senior management that employees are breaching policy
B. Contact the employees involved to retake security awareness training
C. Initiate an investigation to determine the full extent of noncompliance
D. Limit access to the Internet for employees involved
عرض الإجابة
اجابة صحيحة: C
السؤال #11
Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control?
A. To justify information security program activities
B. To present a realistic information security budget
C. To ensure that benefits are aligned with business strategies
D. To ensure that the mitigation effort does not exceed the asset value
عرض الإجابة
اجابة صحيحة: D
السؤال #12
An organization is considering moving to a cloud service provider for the storage of sensitive data. Which of the following should be considered FIRST?
A. Results of the cloud provider's control report
B. Right to terminate clauses in the contract
C. A destruction-of-data clause in the contract
D. Requirements for data encryption
عرض الإجابة
اجابة صحيحة: C
السؤال #13
Which of the following activities would BEST incorporate security into the software development life cycle(SDLC)?
A. Test applications before go-live
B. Minimize the use of open source software
C. Include security training for the development team
D. Scan operating systems for vulnerabilities
عرض الإجابة
اجابة صحيحة: C
السؤال #14
When considering whether to adopt bring your own device (BYOD), it is MOST important for the information security manager to ensure that
A. business leaders have an understanding of security risks
B. users have read and signed acceptable use agreements
C. security controls are applied to each device when joining the network
D. the applications are tested prior to implementation
عرض الإجابة
اجابة صحيحة: A
السؤال #15
Which of the following should be the FIRST step when creating an organization's bring your own device (BYOD) program?
A. Develop an acceptable use policy
B. Identify data to be stored on the device
C. Develop employee training
D. Pre-test approved devices
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Senior management has allocated funding to each of the organization's divisions to address information security vulnerabilities. The funding is based on each division's technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?
A. Redundant controls may be implemented across divisions
B. Information security governance could be decentralized by division
C. Areas of highest risk may not be adequately prioritized for treatment
D. Return on investment (ROI) may be inconsistently reported to senior management
عرض الإجابة
اجابة صحيحة: C
السؤال #17
What should an information security manager do FIRST upon learning that the third-party provider responsible for a mission-critical process is subcontracting critical functions to other providers?
A. Adjust the insurance policy coverage
B. Engage an external audit of the third party
C. Request a formal explanation from the third party
D. Review the provider's contract
عرض الإجابة
اجابة صحيحة: D
السؤال #18
When establishing an information security strategy, which of the following activities is MOST helpful in identifying critical areas to be protected?
A. Establishing a baseline of network operations
B. Performing vulnerability scans
C. Conducting a risk assessment
D. Adopting an information security framework
عرض الإجابة
اجابة صحيحة: C
السؤال #19
An organization plans to implement a document collaboration solution to allow employees to share company information. Which of the following is the MOST important control to mitigate the risk associated with the new solution?
A. Have data owners perform regular user access reviews
B. Permit only non-sensitive information on the solution
C. Assign write access to data owners
D. Allow a minimum number of users access to the solution
عرض الإجابة
اجابة صحيحة: A
السؤال #20
Which of the following BEST supports the alignment of information security with business functions?
A. Business management participation in security penetration tests
B. IT management support of security assessments
C. A focus on technology security risk within business processes
D. Creation of a security steering committee
عرض الإجابة
اجابة صحيحة: A
السؤال #21
To meet operational business needs, IT staff bypassed the change process and applied an unauthorized update to a critical business system. Which of the following is the information security manager's BEST course of action?
A. Instruct IT staff to revert the unauthorized update
B. Consult with supervisors of IT staff regarding disciplinary action
C. Assess the security risks introduced by the change
D. Update the system configuration item to reflect the change
عرض الإجابة
اجابة صحيحة: C
السؤال #22
Which of the following is the MOST important reason to consider the role of the IT service desk when developing incident handling procedures?
A. The service desk provides a source for the identification of security incidents
B. Service desk personnel have information on how to resolve common systems issues
C. Untrained service desk personnel may be a cause of security incidents
D. The service desk provides information to prioritize systems recovery based on user demand
عرض الإجابة
اجابة صحيحة: A
السؤال #23
The MOST important reason to use a centralized mechanism to identify information security incidents is to
A. prevent unauthorized changes to networks
B. detect potential fraud
C. comply with corporate policies
D. detect threats across environments
عرض الإجابة
اجابة صحيحة: D
السؤال #24
What information is MOST helpful in demonstrating to senior management how information security governance aligns with business objectives?
A. A list of monitored threats, risks, and exposures
B. Drafts of proposed policy changes
C. Metrics of key information security deliverables
D. Updates on information security projects in development
عرض الإجابة
اجابة صحيحة: C
السؤال #25
An information security manager has identified and implemented mitigating controls according to industry best practices. Which of the following is the GREATEST risk associated with this approach?
A. Important security controls may be missed without senior management input
B. The mitigation measures may not be updated in a timely manner
C. The security program may not be aligned with organizational objectives
D. The cost of control implementation may be too high
عرض الإجابة
اجابة صحيحة: C
السؤال #26
The PRIMARY objective of periodically testing an incident response plan should be to
A. improve internal processes and procedures
B. harden the technical infrastructure
C. improve employee awareness of the incident response process
D. highlight the importance of incident response and recovery
عرض الإجابة
اجابة صحيحة: D
السؤال #27
Which of the following is the information security manager's PRIMARY role in the information assets classification process?
A. Assigning the asset classification level
B. Assigning asset ownership
C. Developing an asset classification model
D. Securing assets in accordance with their classification
عرض الإجابة
اجابة صحيحة: D
السؤال #28
An organization has purchased a security information and event management (SIEM) tool. Which of the following is MOST important to consider before implementation?
A. Available technical support
B. The contract with the SIEM vendor
C. Controls to be monitored
D. Reporting capabilities
عرض الإجابة
اجابة صحيحة: C
السؤال #29
Segregation of duties is a security control PRIMARILY used to
A. establish hierarchy
B. limit malicious behavior
C. establish dual check
D. decentralize operations
عرض الإجابة
اجابة صحيحة: B
السؤال #30
Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?
A. Capability to take a snapshot of virtual machines
B. Capability of online virtual machine analysis
C. Availability of web application firewall logs
D. Availability of current infrastructure documentation
عرض الإجابة
اجابة صحيحة: B
السؤال #31
Who should be responsible for determining the classification of data within a database used in conjunction with an enterprise application?
A. Database administrator
B. Data owner
C. Database architect
D. Information security manager
عرض الإجابة
اجابة صحيحة: B
السؤال #32
Which of the following should be an information security managers MOST important consideration when conducting a physical security review of a potential outsourced data center?
A. Availability of network circuit connections
B. Distance of the data center from the corporate office
C. Environmental factors of the surrounding location
D. Proximity to law enforcement
عرض الإجابة
اجابة صحيحة: C
السؤال #33
What is the MOST important role of an organization's data custodian in support of the information security function?
A. Assessing data security risks to the organization
B. Approving access rights to departmental data
C. Evaluating data security technology vendors
D. Applying approved security policies
عرض الإجابة
اجابة صحيحة: D
السؤال #34
Threat and vulnerability assessments are important PRIMARILY because they are
A. elements of the organization's security posture
B. needed to estimate risk
C. used to establish security investments
D. the basis for setting control objectives
عرض الإجابة
اجابة صحيحة: D

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

Get ISACA Practice Test

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.