لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which of the following terms may be defined as "a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization's operation and revenues?
A. isk
B. ulnerability
C. hreat
D. ncident Response
عرض الإجابة
اجابة صحيحة: A
السؤال #2
A distributed Denial of Service (DDoS) attack is a more common type of DoS Attack, where a single system is targeted by a large number of infected machines over the Internet. In a DDoS attack, attackers first infect multiple systems which are known as:
A. rojans
B. ombies
C. pyware
D. orms
عرض الإجابة
اجابة صحيحة: B
السؤال #3
The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost. Which of the following does NOT constitute a goal of incident response?
A. ealing with human resources department and various employee conflict behaviors
B. sing information gathered during incident handling to prepare for handling future incidents in a better way and to provide stronger protection for systems and data
C. elping personal to recover quickly and efficiently from security incidents, minimizing loss or theft and disruption of services
D. ealing properly with legal issues that may arise during incidents
عرض الإجابة
اجابة صحيحة: A
السؤال #4
An organization faced an information security incident where a disgruntled employee passed sensitive access control information to a competitor. The organization's incident response manager, upon investigation, found that the incident must be handled within a few hours on the same day to maintain business continuity and market competitiveness. How would you categorize such information security incident?
A. igh level incident
B. iddle level incident
C. ltra-High level incident
D. ow level incident
عرض الإجابة
اجابة صحيحة: A
السؤال #5
The sign of incident that may happen in the future is called:
A. A Precursor
B. An Indication
C. A Proactive
D. A Reactive
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Incidents such as DDoS that should be handled immediately may be considered as:
A. Level One incident
B. Level Two incident
C. Level Three incident
D. Level Four incident
عرض الإجابة
اجابة صحيحة: C
السؤال #7
Total cost of disruption of an incident is the sum of
A. Tangible and Intangible costs
B. Tangible cost only
C. Intangible cost only
D. Level Two and Level Three incidents cost
عرض الإجابة
اجابة صحيحة: A
السؤال #8
Incident prioritization must be based on:
A. Potential impact
B. Current damage
C. Criticality of affected systems
D. All the above
عرض الإجابة
اجابة صحيحة: D
السؤال #9
An information security incident is
A. Any real or suspected adverse event in relation to the security of computer systems or networks
B. Any event that disrupts normal today"?s business functions
C. Any event that breaches the availability of information assets
D. All of the above
عرض الإجابة
اجابة صحيحة: D
السؤال #10
Which of the following can be considered synonymous:
A. Hazard and Threat
B. Threat and Threat Agent
C. Precaution and countermeasure
D. Vulnerability and Danger
عرض الإجابة
اجابة صحيحة: A
السؤال #11
If the loss anticipated is greater than the agreed upon threshold; the organization will:
A. Accept the risk
B. Mitigate the risk
C. Accept the risk but after management approval
D. Do nothing
عرض الإجابة
اجابة صحيحة: B
السؤال #12
A payroll system has a vulnerability that cannot be exploited by current technology. Which of the following is correct about this scenario:
A. The risk must be urgently mitigated
B. The risk must be transferred immediately
C. The risk is not present at this time
D. The risk is accepted
عرض الإجابة
اجابة صحيحة: C
السؤال #13
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :
A. Threat-source motivation and capability
B. Nature of the vulnerability
C. Existence and effectiveness of the current controls
D. All the above
عرض الإجابة
اجابة صحيحة: D
السؤال #14
Absorbing minor risks while preparing to respond to major ones is called:
A. Risk Mitigation
B. Risk Transfer
C. Risk Assumption
D. Risk Avoidance
عرض الإجابة
اجابة صحيحة: C
السؤال #15
The left over risk after implementing a control is called:
A. Residual risk
B. Unaccepted risk
C. Low risk
D. Critical risk
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Adam calculated the total cost of a control to protect 10,000 $ worth of data as 20,000 $. What do you advise Adam to do?
A. Apply the control
B. Not to apply the control
C. Use qualitative risk assessment
D. Use semi-qualitative risk assessment instead
عرض الإجابة
اجابة صحيحة: B
السؤال #17
What is correct about Quantitative Risk Analysis:
A. It is Subjective but faster than Qualitative Risk Analysis
B. Easily automated
C. Better than Qualitative Risk Analysis
D. Uses levels and descriptive expressions
عرض الإجابة
اجابة صحيحة: B
السؤال #18
Which of the following is a risk assessment tool:
A. Nessus
B. Wireshark
C. CRAMM
D. Nmap
عرض الإجابة
اجابة صحيحة: C
السؤال #19
In NIST risk assessment/ methodology; the process of identifying the boundaries of an IT system along with the resources and information that constitute the system is known as:
A. Asset Identification
B. System characterization
C. Asset valuation
D. System classification
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.