لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
In a well-controlled environment, which of the following activities is MOST likely to lead to the introduction of weaknesses in security software?
A. Applying patches
B. Changing access rules
C. Upgrading hardware
D. Backing up files
عرض الإجابة
اجابة صحيحة: C
السؤال #2
A successful information security management program should use which of the following to determine the amount of resources devoted to mitigating exposures?
A. Risk analysis results
B. Audit report findings
C. Penetration test results
D. Amount of IT budget available
عرض الإجابة
اجابة صحيحة: B
السؤال #3
An organization with multiple data centers has designated one of its own facilities as the recovery site. The MOST important concern is the:
A. communication line capacity between data centers
B. current processing capacity loads at data centers
C. differences in logical security at each center
D. synchronization of system software release versions
عرض الإجابة
اجابة صحيحة: C
السؤال #4
Which of the following is the MOST likely to change an organization's culture to one that is more security conscious?
A. Adequate security policies and procedures
B. Periodic compliance reviews
C. Security steering committees
D. Security awareness campaigns
عرض الإجابة
اجابة صحيحة: B
السؤال #5
Which of the following is the FIRST phase in which security should be addressed in the development cycle of a project?
A. Design
B. Implementation
C. Application security testing
D. Feasibility
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Which of the following is the BEST approach for improving information security management processes?
A. Conduct periodic security audits
B. Perform periodic penetration testing
C. Define and monitor security metrics
D. Survey business units for feedback
عرض الإجابة
اجابة صحيحة: B
السؤال #7
Which of the following would help management determine the resources needed to mitigate a risk to the organization?
A. Risk analysis process
B. Business impact analysis (BIA)
C. Risk management balanced scorecard
D. Risk-based audit program
عرض الإجابة
اجابة صحيحة: C
السؤال #8
When speaking to an organization's human resources department about information security, an information security manager should focus on the need for:
A. an adequate budget for the security program
B. recruitment of technical IT employees
C. periodic risk assessments
D. security awareness training for employees
عرض الإجابة
اجابة صحيحة: B
السؤال #9
A company's mail server allows anonymous file transfer protocol (FTP) access which could be exploited. What process should the information security manager deploy to determine the necessity for remedial action?
A. A penetration test
B. A security baseline review
C. A risk assessment
D. A business impact analysis (BIA)
عرض الإجابة
اجابة صحيحة: C
السؤال #10
A benefit of using a full disclosure (white box) approach as compared to a blind (black box) approach to penetration testing is that:
A. it simulates the real-life situation of an external security attack
B. human intervention is not required for this type of test
C. less time is spent on reconnaissance and information gathering
D. critical infrastructure information is not revealed to the tester
عرض الإجابة
اجابة صحيحة: C
السؤال #11
It is important to classify and determine relative sensitivity of assets to ensure that:
A. cost of protection is in proportion to sensitivity
B. highly sensitive assets are protected
C. cost of controls is minimized
D. countermeasures are proportional to risk
عرض الإجابة
اجابة صحيحة: C
السؤال #12
Which of the following is a key area of the ISO 27001 framework?
A. Operational risk assessment
B. Financial crime metrics
C. Capacity management
D. Business continuity management
عرض الإجابة
اجابة صحيحة: A
السؤال #13
Which would be one of the BEST metrics an information security manager can employ to effectively evaluate the results of a security program?
A. Number of controls implemented
B. Percent of control objectives accomplished
C. Percent of compliance with the security policy
D. Reduction in the number of reported security incidents
عرض الإجابة
اجابة صحيحة: B
السؤال #14
A company recently developed a breakthrough technology. Since this technology could give this company a significant competitive edge, which of the following would FIRST govern how this information is to be protected?
A. Access control policy
B. Data classification policy
C. Encryption standards
D. Acceptable use policy
عرض الإجابة
اجابة صحيحة: D
السؤال #15
Which of the following is MOST important in developing a security strategy?
A. Creating a positive business security environment
B. Understanding key business objectives
C. Having a reporting line to senior management
D. Allocating sufficient resources to information security
عرض الإجابة
اجابة صحيحة: B
السؤال #16
An organization without any formal information security program that has decided to implement information security best practices should FIRST:
A. invite an external consultant to create the security strategy
B. allocate budget based on best practices
C. benchmark similar organizations
D. define high-level business security requirements
عرض الإجابة
اجابة صحيحة: A
السؤال #17
What is the BEST way to ensure that an intruder who successfully penetrates a network will be detected before significant damage is inflicted?
A. Perform periodic penetration testing
B. Establish minimum security baselines
C. Implement vendor default settings
D. Install a honeypot on the network
عرض الإجابة
اجابة صحيحة: C
السؤال #18
Which of the following is MOST important to the successful promotion of good security management practices?
A. Security metrics
B. Security baselines
C. Management support
D. Periodic training
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Which of the following would BEST protect an organization's confidential data stored on a laptop computer from unauthorized access?
A. Strong authentication by password
B. Encrypted hard drives
C. Multifactor authentication procedures
D. Network-based data backup
عرض الإجابة
اجابة صحيحة: C
السؤال #20
The criticality and sensitivity of information assets is determined on the basis of:
A. threat assessment
B. vulnerability assessment
C. resource dependency assessment
D. impact assessment
عرض الإجابة
اجابة صحيحة: A
السؤال #21
A critical component of a continuous improvement program for information security is:
A. measuring processes and providing feedback
B. developing a service level agreement (SLA) for security
C. tying corporate security standards to a recognized international standard
D. ensuring regulatory compliance
عرض الإجابة
اجابة صحيحة: B
السؤال #22
Which of the following is MOST important in determining whether a disaster recovery test is successful?
A. Only business data files from offsite storage are used
B. IT staff fully recovers the processing infrastructure
C. Critical business processes are duplicated
D. All systems are restored within recovery time objectives (RTOs)
عرض الإجابة
اجابة صحيحة: D
السؤال #23
Which of the following would be the BEST defense against sniffing?
A. Password protect the files
B. Implement a dynamic IP address scheme
C. Encrypt the data being transmitted
D. Set static mandatory access control (MAC) addresses
عرض الإجابة
اجابة صحيحة: A
السؤال #24
Which of the following should be included in an annual information security budget that is submitted for management approval?
A. A cost-benefit analysis of budgeted resources
B. All of the resources that are recommended by the business
C. Total cost of ownership (TCO)
D. Baseline comparisons
عرض الإجابة
اجابة صحيحة: A
السؤال #25
Which of the following is the MOST critical activity to ensure the ongoing security of outsourced IT services?
A. Provide security awareness training to the third-party provider's employees
B. Conduct regular security reviews of the third-party provider
C. Include security requirements in the service contract
D. Request that the third-party provider comply with the organization's information security policy
عرض الإجابة
اجابة صحيحة: D
السؤال #26
An incident response policy must contain:
A. updated call trees
B. escalation criteria
C. press release templates
D. critical backup files inventory
عرض الإجابة
اجابة صحيحة: C
السؤال #27
In order to highlight to management, the importance of network security, the security manager should FIRST:
A. develop a security architecture
B. install a network intrusion detection system (NIDS) and prepare a list of attacks
C. develop a network security policy
D. conduct a risk assessment
عرض الإجابة
اجابة صحيحة: A
السؤال #28
Nonrepudiation can BEST be ensured by using:
A. strong passwords
B. a digital hash
C. symmetric encryption
D. digital signatures
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Which of the following devices could potentially stop a Structured Query Language (SQL) injection attack?
A. An intrusion prevention system (IPS)
B. An intrusion detection system (IDS)
C. A host-based intrusion detection system (HIDS)
D. A host-based firewall
عرض الإجابة
اجابة صحيحة: D
السؤال #30
Which of the following will BEST protect an organization from internal security attacks?
A. Static IP addressing
B. Internal address translation
C. Prospective employee background checks
D. Employee awareness certification program
عرض الإجابة
اجابة صحيحة: C
السؤال #31
A post-incident review should be conducted by an incident management team to determine:
A. relevant electronic evidence
B. lessons learned
C. hacker's identity
D. areas affected
عرض الإجابة
اجابة صحيحة: C
السؤال #32
Which item would be the BEST to include in the information security awareness training program for new general staff employees?
A. Review of various security models
B. Discussion of how to construct strong passwords
C. Review of roles that have privileged access
D. Discussion of vulnerability assessment results
عرض الإجابة
اجابة صحيحة: C
السؤال #33
When a departmental system continues to be out of compliance with an information security policy's password strength requirements, the BEST action to undertake is to:
A. submit the issue to the steering committee
B. conduct an impact analysis to quantify the risks
C. isolate the system from the rest of the network
D. request a risk acceptance from senior management
عرض الإجابة
اجابة صحيحة: B
السؤال #34
What is the PRIMARY role of the information security manager in the process of information classification within an organization?
A. Defining and ratifying the classification structure of information assets
B. Deciding the classification levels applied to the organization's information assets
C. Securing information assets in accordance with their classification
D. Checking if information assets have been classified properly
عرض الإجابة
اجابة صحيحة: A
السؤال #35
C. What is the MOST important item to be included in an information security policy?
A. The definition of roles and responsibilities
B. The scope of the security program The key objectives of the security program
D. Reference to procedures and standards of the security program
عرض الإجابة
اجابة صحيحة: A
السؤال #36
In order to highlight to management, the importance of integrating information security in the business processes, a newly hired information security officer should FIRST:
A. prepare a security budget
B. conduct a risk assessment
C. develop an information security policy
D. obtain benchmarking information
عرض الإجابة
اجابة صحيحة: C
السؤال #37
When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?
A. Compliance with international security standards
B. Use of a two-factor authentication system
C. Existence of an alternate hot site in case of business disruption
D. Compliance with the organization's information security requirements
عرض الإجابة
اجابة صحيحة: B
السؤال #38
Which of the following is the MOST important element of an information security strategy?
A. Defined objectives
B. Time frames for delivery
C. Adoption of a control framework
D. Complete policies
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.