لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
An organization has decided to implement additional security controls to treat the risks of a new process. This is an example of:
A. eliminating the ris
B. transferring the ris
C. mitigating the ris
D. accepting the ris
عرض الإجابة
اجابة صحيحة: C
السؤال #2
An account with full administrative privileges over a production file is found to be accessible by a member of the software development team. This account was set up to allow the developer to download nonsensitive production data for software testing purposes. The information security manager should recommend which of the following?
A. Restrict account access to read only
B. Log all usage of this account
C. Suspend the account and activate only when needed
D. Require that a change request be submitted for each download
عرض الإجابة
اجابة صحيحة: D
السؤال #3
Which of the following tools is MOST appropriate for determining how long a security project will take to implement?
A. Gantt chart
B. Waterfall chart
C. Critical path
D. Rapid Application Development (RAD)
عرض الإجابة
اجابة صحيحة: A
السؤال #4
The PRIMARY objective of an Internet usage policy is to prevent:
A. access to inappropriate site
B. downloading malicious cod
C. violation of copyright law
D. disruption of Internet acces
عرض الإجابة
اجابة صحيحة: C
السؤال #5
A new regulation for safeguarding information processed by a specific type of transaction has come to the attention of an information security officer. The officer should FIRST:
A. meet with stakeholders to decide how to compl
B. analyze key risks in the compliance proces
C. assess whether existing controls meet the regulatio
D. update the existing security/privacy polic
عرض الإجابة
اجابة صحيحة: D
السؤال #6
In order to protect a network against unauthorized external connections to corporate systems, the information security manager should BEST implement:
A. a strong authenticatio
B. IP antispoofing filterin
C. network encryption protoco
D. access lists of trusted device
عرض الإجابة
اجابة صحيحة: A
السؤال #7
Which of the following is the MOST effective at preventing an unauthorized individual from following an authorized person through a secured entrance (tailgating or piggybacking)?
A. Card-key door locks
B. Photo identification
C. Biometric scanners
D. Awareness training
عرض الإجابة
اجابة صحيحة: C
السؤال #8
Of the following, retention of business records should be PRIMARILY based on:
A. periodic vulnerability assessmen
B. regulatory and legal requirement
C. device storage capacity and longevit
D. past litigatio
عرض الإجابة
اجابة صحيحة: D
السؤال #9
Which of the following is MOST effective in preventing the introduction of a code modification that may reduce the security of a critical business application?
A. Patch management
B. Change management
C. Security metrics
D. Version control
عرض الإجابة
اجابة صحيحة: C
السؤال #10
The FIRST step in developing an information security management program is to:
A. identify business risks that affect the organizatio
B. clarify organizational purpose for creating the progra
C. assign responsibility for the progra
D. assess adequacy of controls to mitigate business risk
عرض الإجابة
اجابة صحيحة: B
السؤال #11
Which of the following are likely to be updated MOST frequently?
A. Procedures for hardening database servers
B. Standards for password length and complexity
C. Policies addressing information security governance
D. Standards for document retention and destruction
عرض الإجابة
اجابة صحيحة: A
السؤال #12
Information security governance is PRIMARILY driven by:
A. technology constraint
B. regulatory requirement
C. litigation potentia
D. business strateg
عرض الإجابة
اجابة صحيحة: B
السؤال #13
When a newly installed system for synchronizing passwords across multiple systems and platforms abnormally terminates without warning, which of the following should automatically occur FIRST?
A. The firewall should block all inbound traffic during the outage
B. All systems should block new logins until the problem is corrected
C. Access control should fall back to no synchronized mode
D. System logs should record all user activity for later analysis
عرض الإجابة
اجابة صحيحة: C
السؤال #14
The PRIMARY reason for initiating a policy exception process is when:
A. operations are too busy to compl
B. the risk is justified by the benefi
C. policy compliance would be difficult to enforc
D. users may initially be inconvenience
عرض الإجابة
اجابة صحيحة: C
السؤال #15
Successful implementation of information security governance will FIRST require:
A. security awareness trainin
B. updated security policie
C. a computer incident management tea
D. a security architectur
عرض الإجابة
اجابة صحيحة: B
السؤال #16
Information security managers should use risk assessment techniques to:
A. justify selection of risk mitigation strategie
B. maximize the return on investment (RO
C. provide documentation for auditors and regulator
D. quantify risks that would otherwise be subjectiv
عرض الإجابة
اجابة صحيحة: B
السؤال #17
The BEST way to ensure that information security policies are followed is to:
A. distribute printed copies to all employee
B. perform periodic reviews for complianc
C. include escalating penalties for noncomplianc
D. establish an anonymous hotline to report policy abuse
عرض الإجابة
اجابة صحيحة: D
السؤال #18
The PRIMARY concern of an information security manager documenting a formal data retention policy would be:
A. generally accepted industry best practice
B. business requirement
C. legislative and regulatory requirement
D. storage availabilit
عرض الإجابة
اجابة صحيحة: D
السؤال #19
Which would be the BEST recommendation to protect against phishing attacks?
A. Install an antispam system
B. Publish security guidance for customers
C. Provide security awareness to the organization's staff
D. Install an application-level firewall
عرض الإجابة
اجابة صحيحة: D
السؤال #20
The MOST important characteristic of good security policies is that they:
A. state expectations of IT managemen
B. state only one general security mandat
C. are aligned with organizational goal
D. govern the creation of procedures and guideline
عرض الإجابة
اجابة صحيحة: D
السؤال #21
Which of the following is the MOST serious exposure of automatically updating virus signature files on every desktop each Friday at 11:00 p.m. (23.00 hrs.)?
A. Most new viruses* signatures are identified over weekends
B. Technical personnel are not available to support the operation
C. Systems are vulnerable to new viruses during the intervening week
D. The update's success or failure is not known until Monday
عرض الإجابة
اجابة صحيحة: B
السؤال #22
An intrusion detection system should be placed:
A. outside the firewal
B. on the firewall serve
C. on a screened subne
D. on the external route
عرض الإجابة
اجابة صحيحة: C
السؤال #23
Data owners will determine what access and authorizations users will have by:
A. delegating authority to data custodia
B. cloning existing user account
C. determining hierarchical preference
D. mapping to business need
عرض الإجابة
اجابة صحيحة: D
السؤال #24
Which of the following is the BEST way to ensure that a corporate network is adequately secured against external attack?
A. Utilize an intrusion detection syste
B. Establish minimum security baseline
C. Implement vendor recommended setting
D. Perform periodic penetration testin
عرض الإجابة
اجابة صحيحة: C
السؤال #25
When personal information is transmitted across networks, there MUST be adequate controls over:
A. change managemen
B. privacy protectio
C. consent to data transfe
D. encryption device
عرض الإجابة
اجابة صحيحة: B
السؤال #26
Nonrepudiation can BEST be assured by using:
A. delivery path tracin
B. reverse lookup translatio
C. out-of-hand channel
D. digital signature
عرض الإجابة
اجابة صحيحة: B
السؤال #27
Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:
A. are compatible with the provider's own classificatio
B. are communicated to the provide
C. exceed those of the outsource
D. are stated in the contrac
عرض الإجابة
اجابة صحيحة: D
السؤال #28
The PRIMARY reason for involving information security at each stage in the systems development life cycle (SDLC) is to identify the security implications and potential solutions required for:
A. identifying vulnerabilities in the syste
B. sustaining the organization's security postur
C. the existing systems that will be affecte
D. complying with segregation of dutie
عرض الإجابة
اجابة صحيحة: B
السؤال #29
A new port needs to be opened in a perimeter firewall. Which of the following should be the FIRST step before initiating any changes?
A. Prepare an impact assessment repor
B. Conduct a penetration tes
C. Obtain approval from senior managemen
D. Back up the firewall configuration and policy file
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: