لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which of the following is the MOST effective solution for preventing internal users from modifying sensitive and classified information?
A. Baseline security standards
B. System access violation logs
C. Role-based access controls
D. Exit routines
عرض الإجابة
اجابة صحيحة: C
السؤال #2
A security awareness program should:
A. present top management's perspective
B. address details on specific exploits
C. address specific groups and roles
D. promote security department procedures
عرض الإجابة
اجابة صحيحة: C
السؤال #3
Access control to a sensitive intranet application by mobile users can BEST be implemented through:
A. data encryption
B. digital signatures
C. strong passwords
D. two-factor authentication
عرض الإجابة
اجابة صحيحة: A
السؤال #4
How would an organization know if its new information security program is accomplishing its goals?
A. Key metrics indicate a reduction in incident impacts
B. Senior management has approved the program and is supportive of it
C. Employees are receptive to changes that were implemented
D. There is an immediate reduction in reported incidents
عرض الإجابة
اجابة صحيحة: A
السؤال #5
What is the BEST method to confirm that all firewall rules and router configuration settings are adequate?
A. Periodic review of network configuration
B. Review intrusion detection system (IDS) logs for evidence of attacks
C. Periodically perform penetration tests D
عرض الإجابة
اجابة صحيحة: A
السؤال #6
The BEST metric for evaluating the effectiveness of a firewall is the:
A. number of attacks blocked
B. number of packets dropped
C. average throughput rate
D. number of firewall rules
عرض الإجابة
اجابة صحيحة: A
السؤال #7
An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. The vulnerability identified is:
A. broken authentication
B. unvalidated input
C. cross-site scripting
D. structured query language (SQL) injection
عرض الإجابة
اجابة صحيحة: D
السؤال #8
The MAIN reason for deploying a public key infrastructure (PKI) when implementing an information security program is to: Real 174 Isaca CISM Exam
A. ensure the confidentiality of sensitive material
B. provide a high assurance of identity
C. allow deployment of the active directory
D. implement secure sockets layer (SSL) encryption
عرض الإجابة
اجابة صحيحة: D
السؤال #9
The BEST time to perform a penetration test is after: A. an attempted penetration has occurred.
B. an audit has reported weaknesses in security controls
C. various infrastructure changes are made
D. a high turnover in systems staff
عرض الإجابة
اجابة صحيحة: B
السؤال #10
Which of the following events generally has the highest information security impact?
A. Opening a new office
B. Merging with another organization
C. Relocating the data center
D. Rewiring the network
عرض الإجابة
اجابة صحيحة: A
السؤال #11
Nonrepudiation can BEST be assured by using:
A. delivery path tracing
B. reverse lookup translation
C. out-of-hand channels
D. digital signatures
عرض الإجابة
اجابة صحيحة: B
السؤال #12
Which of the following environments represents the GREATEST risk to organizational security? A. Locally managed file server
B. Enterprise data warehouse
C. Load-balanced, web server cluster
D. Centrally managed data switch
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Several business units reported problems with their systems after multiple security patches were deployed. The FIRST step in handling this problem would be to:
A. assess the problems and institute rollback procedures, if needed
B. disconnect the systems from the network until the problems are corrected
C. immediately uninstall the patches from these systems
D. immediately contact the vendor regarding the problems that occurred
عرض الإجابة
اجابة صحيحة: D
السؤال #14
Which of the following ensures that newly identified security weaknesses in an operating system are mitigated in a timely fashion?
A. Patch management
B. Change management
C. Security baselines Real 145 Isaca CISM Exam
D. Acquisition management
عرض الإجابة
اجابة صحيحة: B
السؤال #15
Change management procedures to ensure that disaster recovery/business continuity plans are kept up-to- date can be BEST achieved through which of the following?
A. Reconciliation of the annual systems inventory to the disaster recovery, business continuity plans
B. Periodic audits of the disaster recovery/business continuity plans C
D. Inclusion as a required step in the system life cycle process
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Which of the following practices is BEST to remove system access for contractors and other temporary users when it is no longer required?
A. Log all account usage and send it to their manager Real 153 Isaca CISM Exam
B. Establish predetermined automatic expiration dates
C. Require managers to e-mail security when the user leaves
D. Ensure each individual has signed a security acknowledgement
عرض الإجابة
اجابة صحيحة: A
السؤال #17
What is the BEST policy for securing data on mobile universal serial bus (USB) drives?
A. Authentication
B. Encryption
C. Prohibit employees from copying data to l)SB devices D
عرض الإجابة
اجابة صحيحة: C
السؤال #18
Which of the following should be in place before a black box penetration test begins?
A. IT management approval
B. Proper communication and awareness training
C. A clearly stated definition of scope
D. An incident response plan
عرض الإجابة
اجابة صحيحة: C
السؤال #19
In the process of deploying a new e-mail system, an information security manager would like to ensure the confidentiality of messages while in transit. Which of the following is the MOST appropriate method to ensure data confidentiality in a new e-mail system implementation?
A. Encryption
B. Digital certificate
C. Digital signature
D. I lashing algorithm
عرض الإجابة
اجابة صحيحة: C
السؤال #20
Data owners are normally responsible for which of the following?
A. Applying emergency changes to application data
B. Administering security over database records C
D. Determining the level of application security required
عرض الإجابة
اجابة صحيحة: D
السؤال #21
In organizations where availability is a primary concern, the MOST critical success factor of the patch management procedure would be the: Real 219 Isaca CISM Exam
A. testing time window prior to deployment
B. technical skills of the team responsible
C. certification of validity for deployment
D. automated deployment to all the servers
عرض الإجابة
اجابة صحيحة: A
السؤال #22
Which of the following is the MOST important management signoff for migrating an order processing system from a test environment to a production environment?
A. User
B. Security
C. Operations
D. Database
عرض الإجابة
اجابة صحيحة: B
السؤال #23
The MOST important reason for formally documenting security procedures is to ensure: A. processes are repeatable and sustainable. Real 232 Isaca CISM Exam
B. alignment with business objectives
C. auditability by regulatory agencies
D. objective criteria for the application of metrics
عرض الإجابة
اجابة صحيحة: D
السؤال #24
The PRIMARY driver to obtain external resources to execute the information security program is that external resources can:
A. contribute cost-effective expertise not available internally
B. be made responsible for meeting the security program requirements
C. replace the dependence on internal resources
D. deliver more effectively on account of their knowledge
عرض الإجابة
اجابة صحيحة: A
السؤال #25
Which of the following would be the BEST metric for the IT risk management process?
A. Number of risk management action plans
B. Percentage of critical assets with budgeted remedial
C. Percentage of unresolved risk exposures
D. Number of security incidents identified
عرض الإجابة
اجابة صحيحة: B
السؤال #26
In a well-controlled environment, which of the following activities is MOST likely to lead to the introduction of weaknesses in security software?
A. Applying patches
B. Changing access rules
C. Upgrading hardware
D. Backing up files Real 188 Isaca CISM Exam
عرض الإجابة
اجابة صحيحة: B
السؤال #27
An organization without any formal information security program that has decided to implement information security best practices should FIRST:
A. invite an external consultant to create the security strategy
B. allocate budget based on best practices
C. benchmark similar organizations
D. define high-level business security requirements
عرض الإجابة
اجابة صحيحة: B
السؤال #28
Which of the following BEST provides message integrity, sender identity authentication and Real 164 Isaca CISM Exam nonrepudiation?
A. Symmetric cryptography
B. Public key infrastructure (PKI)
C. Message hashing
D. Message authentication code
عرض الإجابة
اجابة صحيحة: A
السؤال #29
An information security manager reviewing firewall rules will be MOST concerned if the firewall allows:
A. source routing
B. broadcast propagation
C. unregistered ports
D. nonstandard protocols
عرض الإجابة
اجابة صحيحة: C
السؤال #30
A web-based business application is being migrated from test to production. Which of the following is the MOST important management signoff for this migration?
A. User B
C. Operations
D. Database
عرض الإجابة
اجابة صحيحة: B
السؤال #31
Which of the following is the MOST important process that an information security manager needs to negotiate with an outsource service provider?
A. The right to conduct independent security reviews
B. A legally binding data protection agreement Real 217 Isaca CISM Exam
C. Encryption between the organization and the provider
D. A joint risk assessment of the system
عرض الإجابة
اجابة صحيحة: A
السؤال #32
Which of the following will BEST prevent an employee from using a USB drive to copy files from desktop computers?
A. Restrict the available drive allocation on all PCs
B. Disable universal serial bus (USB) ports on all desktop devices
C. Conduct frequent awareness training with noncompliance penalties
D. Establish strict access controls to sensitive information
عرض الإجابة
اجابة صحيحة: B
السؤال #33
In which of the following system development life cycle (SDLC) phases are access control and encryption algorithms chosen?
A. Procedural design Real 252 Isaca CISM Exam
B. Architectural design
C. System design specifications
D. Software development
عرض الإجابة
اجابة صحيحة: C
السؤال #34
Which of the following is the MOST appropriate individual to implement and maintain the level of information security needed for a specific business application?
A. System analyst
B. Quality control manager Real 197 Isaca CISM Exam
C. Process owner
D. Information security manager
عرض الإجابة
اجابة صحيحة: B
السؤال #35
Which of the following is the BEST method to securely transfer a message?
A. Password-protected removable media
B. Facsimile transmission in a secured room
C. Using public key infrastructure (PKI) encryption
D. Steganography Real 180 Isaca CISM Exam
عرض الإجابة
اجابة صحيحة: D
السؤال #36
Which of the following areas is MOST susceptible to the introduction of security weaknesses? A. Database management
B. Tape backup management
C. Configuration management
D. Incident response management
عرض الإجابة
اجابة صحيحة: D
السؤال #37
Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs? A. Penetration attempts investigated
B. Violation log reports produced
C. Violation log entries
D. Frequency of corrective actions taken
عرض الإجابة
اجابة صحيحة: B
السؤال #38
An organization that outsourced its payroll processing performed an independent assessment of the security controls of the third party, per policy requirements. Which of the following is the MOST useful requirement to include in the contract?
A. Right to audit
B. Nondisclosure agreement
C. Proper firewall implementation
D. Dedicated security manager for monitoring compliance
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.