لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
In organizations where availability is a primary concern, the MOST critical success factor of the patch management procedure would be the:
A. testing time window prior to deployment
B. technical skills of the team responsible
C. certification of validity for deployment
D. automated deployment to all the servers
عرض الإجابة
اجابة صحيحة: A
السؤال #2
Which of the following is MOST important for measuring the effectiveness of a security awareness program?
A. Reduced number of security violation reports
B. A quantitative evaluation to ensure user comprehension
C. Increased interest in focus groups on security issues
D. Increased number of security violation reports
عرض الإجابة
اجابة صحيحة: B
السؤال #3
Segregation of duties is a security control PRIMARILY used to:
A. establish dual check
B. establish hierarchy
C. limit malicious behavior
D. decentralize operations
عرض الإجابة
اجابة صحيحة: C
السؤال #4
An organization implemented a mandatory information security awareness training program a year ago. What is the BEST way to determine its effectiveness?
A. Analyze findings from previous audit reports
B. Analyze results from training completion reports
C. Analyze results of a social engineering test
D. Analyze responses from an employee survey of training satisfaction
عرض الإجابة
اجابة صحيحة: C
السؤال #5
What is the BEST method to confirm that all firewall rules and router configuration settings are adequate?
A. Periodic review of network configuration
B. Review intrusion detection system (IDS) logs for evidence of attacks
C. Periodically perform penetration tests
D. Daily review of server logs for evidence of hacker activity
عرض الإجابة
اجابة صحيحة: C
السؤال #6
An information security manager is concerned that executive management does not support information security initiatives. Which of the following is the BEST way to address this situation?
A. Report the risk and status of the information security program to the board
B. Revise the information security strategy to meet executive management’s expectations
C. Escalate noncompliance concerns to the internal audit manager
D. Demonstrate alignment of the information security function with business needs
عرض الإجابة
اجابة صحيحة: D
السؤال #7
Which of the following could be detected by a network intrusion detection system (IDS)?
A. Undocumented open ports
B. Unauthorized file change
C. Internally generated attacks
D. Emailed virus attachments
عرض الإجابة
اجابة صحيحة: A
السؤال #8
An information security manager suspects that the organization has suffered a ransomware attack. What should be done FIRST?
A. Notify senior management
B. Alert employees to the attack
C. Confirm the infection
D. Isolate the affected systems
عرض الإجابة
اجابة صحيحة: C
السؤال #9
Which of the following activities would BEST incorporate security into the software development life cycle (SDLC)?
A. Minimize the use of open source software
B. Include security training for the development team
C. Scan operating systems for vulnerabilities
D. Test applications before go-live
عرض الإجابة
اجابة صحيحة: D
السؤال #10
The PRIMARY benefit of integrating information security activities into change management processes is to:
A. ensure required controls are included in changes
B. protect the organization from unauthorized changes
C. provide greater accountability for security-related changes in the business
D. protect the business from collusion and compliance threats
عرض الإجابة
اجابة صحيحة: A
السؤال #11
Which of the following analyses will BEST identify the external influences to an organization’s information security?
A. Gap analysis
B. Business impact analysis
C. Threat analysis
D. Vulnerability analysis
عرض الإجابة
اجابة صحيحة: C
السؤال #12
An organization recently rolled out a new procurement program that does not include any security requirements. Which of the following should the information security manager do FIRST?
A. Conduct security assessments of vendors based on value of annual spend with each vendor
B. Meet with the head of procurement to discuss aligning security with the organization's operational objectives
C. Ask internal audit to conduct an assessment of the current state of third-party security controls
D. Escalate the procurement program gaps to the compliance department in case of noncompliance issues
عرض الإجابة
اجابة صحيحة: B
السؤال #13
An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?
A. Requiring the backup of the organization’s data by the user
B. Establishing the authority to remote wipe
C. Monitoring how often the smartphone is used
D. Developing security awareness training
عرض الإجابة
اجابة صحيحة: D
السؤال #14
Which of the following would BEST assist an IS manager in gaining strategic support from executive management?
A. Annual report of security incidents within the organization
B. Research on trends in global information security breaches
C. Rating of the organization’s security, based on international standards
D. Risk analysis specific to the organization
عرض الإجابة
اجابة صحيحة: D
السؤال #15
An organization has established information security policies, but the information security manager has noted a large number of exception requests. Which of the following is the MOST likely reason for this situation?
A. The organization is operating in a highly regulated industry
B. The information security program is not adequately funded
C. The information security policies lack alignment with corporate goals
D. The information security policies are not communicated across the organization
عرض الإجابة
اجابة صحيحة: C
السؤال #16
Senior management has expressed concern that the organization’s intrusion prevention system may repeatedly disrupt business operations. Which of the following BEST indicates that the information security manager has tuned the system to address this concern?
A. Decreasing false positives
B. Decreasing false negatives
C. Increasing false positives
D. Increasing false negatives
عرض الإجابة
اجابة صحيحة: A
السؤال #17
Of the following, who should have PRIMARY responsibility for assessing the security risk associated with an outsourced cloud provider contract?
A. Information security manager
B. Compliance manager
C. Chief information officer
D. Service delivery manager
عرض الإجابة
اجابة صحيحة: D
السؤال #18
Which of the following is the MOST effective method to prevent a SQL injection in an employee portal?
A. Reconfigure the database schema
B. Enforce referential integrity on the database
C. Conduct code reviews
D. Conduct network penetration testing
عرض الإجابة
اجابة صحيحة: B
السؤال #19
The main mail server of a financial institution has been compromised at the superuser level; the only way to ensure the system is secure would be to:
A. change the root password of the system
B. implement multifactor authentication
C. rebuild the system from the original installation medium
D. disconnect the mail server from the network
عرض الإجابة
اجابة صحيحة: C
السؤال #20
The PRIMARY benefit of integrating information security risk into enterprise risk management is to:
A. ensure timely risk mitigation
B. justify the information security budget
C. obtain senior management’s commitment
D. provide a holistic view of risk
عرض الإجابة
اجابة صحيحة: D
السؤال #21
Senior management has endorsed a comprehensive information security policy. Which of the following should the organization do NEXT?
A. Promote awareness of the policy among employees
B. Seek policy buy-in from business stakeholders
C. Implement an authentication and authorization system
D. Identify relevant information security frameworks for adoption
عرض الإجابة
اجابة صحيحة: B
السؤال #22
The PRIMARY reason for defining the information security roles and responsibilities of staff throughout an organization is to:
A. reinforce the need for training
B. increase corporate accountability
C. comply with security policy
D. enforce individual accountability
عرض الإجابة
اجابة صحيحة: C
السؤال #23
Which of the following would be MOST effective when justifying the cost of adding security controls to an existing web application?
A. Internal audit reports
B. Application security policy
C. Vulnerability assessment results
D. A business case
عرض الإجابة
اجابة صحيحة: D
السؤال #24
Which of the following is a potential indicator of inappropriate Internet use by staff?
A. Increased help desk calls for password resets
B. Reduced number of pings on firewalls
C. Increased reports of slow system performance
D. Increased number of weakness from vulnerability scans
عرض الإجابة
اجابة صحيحة: C
السؤال #25
Which of the following is the PRIMARY objective of reporting security metrics to stakeholders?
A. To identify key controls within the organization
B. To provide support for security audit activities
C. To communicate the effectiveness of the security program
D. To demonstrate alignment to the business strategy
عرض الإجابة
اجابة صحيحة: D
السؤال #26
The PRIMARY reason for using metrics to evaluate information security is to:
A. identify security weaknesses
B. justify budgetary expenditures
C. enable steady improvement
D. raise awareness on security issues
عرض الإجابة
اجابة صحيحة: C
السؤال #27
In which of the following ways can an information security manager BEST ensure that security controls are adequate for supporting business goals and objectives?
A. Reviewing results of the annual company external audit
B. Adopting internationally accepted controls
C. Enforcing strict disciplinary procedures in case of noncompliance
D. Using the risk management process
عرض الإجابة
اجابة صحيحة: D
السؤال #28
Which of the following devices, when placed in a demilitarized zone (DMZ), would be considered the MOST significant exposure?
A. Proxy server
B. Mail relay server
C. Application server
D. Database server
عرض الإجابة
اجابة صحيحة: D
السؤال #29
A critical device is delivered with a single user and password that is required to be shared for multiple users to access the device. An information security manager has been tasked with ensuring all access to the device is authorized. Which of the following would be the MOST efficient means to accomplish this?
A. Enable access through a separate device that requires adequate authentication
B. Implement manual procedures that require password change after each use
C. Request the vendor to add multiple user IDs
D. Analyze the logs to detect unauthorized access
عرض الإجابة
اجابة صحيحة: A
السؤال #30
Which of the following presents the GREATEST threat to the security of an enterprise resource planning (ERP) system?
A. User ad hoc reporting is not logged
B. Network traffic is through a single switch
C. Operating system (OS) security patches have not been applied
D. Database security defaults to ERP settings
عرض الإجابة
اجابة صحيحة: C
السؤال #31
An organization is MOST at risk from a new worm being introduced through the intranet when:
A. desktop virus definition files are not up to date
B. system software does not undergo integrity checks
C. hosts have static IP addresses
D. executable code is run from inside the firewall
عرض الإجابة
اجابة صحيحة: A
السؤال #32
Ensuring that activities performed by outsourcing providers comply with information security policies can BEST be accomplished through the use of:
A. service level agreements
B. independent audits
C. explicit contract language
D. local regulations
عرض الإجابة
اجابة صحيحة: B
السؤال #33
Which of the following is the BEST way to increase the visibility of information security within an organization’s culture?
A. Requiring cross-functional information security training
B. Implementing user awareness campaigns for the entire company
C. Publishing an acceptable use policy
D. Establishing security policies based on industry standards
عرض الإجابة
اجابة صحيحة: A
السؤال #34
Which of the following would be MOST helpful in gaining support for a business case for an information security initiative?
A. Demonstrating organizational alignment
B. Emphasizing threats to the organization
C. Referencing control deficiencies
D. Presenting a solution comparison matrix
عرض الإجابة
اجابة صحيحة: A
السؤال #35
Which of the following would be an information security manager’s PRIMARY challenge when deploying a Bring Your Own Device (BYOD) mobile program in an enterprise?
A. End user acceptance
B. Configuration management
C. Mobile application control
D. Disparate device security
عرض الإجابة
اجابة صحيحة: C
السؤال #36
Which of the following is the MOST effective data loss control when connecting a personally owned mobile device to the corporate email system?
A. Email must be stored in an encrypted format on the mobile device
B. Email synchronization must be prevented when connected to a public Wi-Fi hotspot
C. A senior manager must approve each connection
D. Users must agree to allow the mobile device to be wiped if it is lost
عرض الإجابة
اجابة صحيحة: D
السؤال #37
After logging in to a web application, further password credentials are required at various application points. Which of the following is the PRIMARY reason for such an approach?
A. To ensure access is granted to the authorized person
B. To enforce strong two-factor authentication
C. To ensure session management variables are secure
D. To implement single sign-on
عرض الإجابة
اجابة صحيحة: A
السؤال #38
Which of the following is the MOST important factor when determining the frequency of information security reassessment?
A. Risk priority
B. Risk metrics
C. Audit findings
D. Mitigating controls
عرض الإجابة
اجابة صحيحة: B
السؤال #39
When defining responsibilities with a cloud computing vendor, which of the following should be regarded as a shared responsibility between user and provider?
A. Data ownership
B. Access log review
C. Application logging
D. Incident response
عرض الإجابة
اجابة صحيحة: A
السؤال #40
Calculation of the recovery time objective (RTO) is necessary to determine the:
A. time required to restore files
B. priority of restoration
C. point of synchronization
D. annual loss expectancy (ALE)
عرض الإجابة
اجابة صحيحة: B
السؤال #41
To help ensure that contract personnel do not obtain unauthorized access to sensitive information, an information security manager should PRIMARILY:
A. set their accounts to expire in six months or less
B. avoid granting system administration roles
C. ensure they successfully pass background checks
D. ensure their access is approved by the data owner
عرض الإجابة
اجابة صحيحة: B
السؤال #42
An organization’s HR department would like to outsource its employee system to a cloud-hosted solution due to features and cost savings offered. Management has identified this solution as a business need and wants to move forward. What should be the PRIMARY role of information security in this effort?
A. Explain security issues associated with the solution to management
B. Determine how to securely implement the solution
C. Ensure the service provider has the appropriate certifications
D. Ensure a security audit is performed of the service provider
عرض الإجابة
اجابة صحيحة: B
السؤال #43
Which of the following would BEST help to ensure compliance with an organization’s information security requirements by an IT service provider?
A. Requiring an external security audit of the IT service provider
B. Defining information security requirements with internal IT
C. Requiring regular reporting from the IT service provider
D. Defining the business recovery plan with the IT service provider
عرض الإجابة
اجابة صحيحة: A
السؤال #44
An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?
A. Review the procedures for granting access
B. Establish procedures for granting emergency access
C. Meet with data owners to understand business needs
D. Redefine and implement proper access rights
عرض الإجابة
اجابة صحيحة: C
السؤال #45
An information security team is investigating an alleged breach of an organization’s network. Which of the following would be the BEST single source of evidence to review?
A. Intrusion detection system
B. SIEM tool
C. Antivirus software
D. File integrity monitoring software
عرض الإجابة
اجابة صحيحة: B
السؤال #46
An organization will be outsourcing mission-critical processes. Which of the following is MOST important to verify before signing the service level agreement (SLA)?
A. The provider has implemented the latest technologies
B. The provider’s technical staff are evaluated annually
C. The provider is widely known within the organization’s industry
D. The provider has been audited by a recognized audit firm
عرض الإجابة
اجابة صحيحة: D
السؤال #47
A payroll application system accepts individual user sign-on IDs and then connects to its database using a single application ID. The GREATEST weakness under this system architecture is that:
A. users can gain direct access to the application ID and circumvent data controls
B. when multiple sessions with the same application ID collide, the database locks up
C. the database becomes unavailable if the password of the application ID expires
D. an incident involving unauthorized access to data cannot be tied to a specific user
عرض الإجابة
اجابة صحيحة: D
السؤال #48
Which of the following tools BEST demonstrates the effectiveness of the information security program?
A. Key risk indicators (KRIs)
B. Management satisfaction surveys
C. Risk heat map
D. A security balanced scorecard
عرض الإجابة
اجابة صحيحة: D
السؤال #49
Which of the following is an example of a vulnerability?
A. Natural disasters
B. Defective software
C. Ransomware
D. Unauthorized users
عرض الإجابة
اجابة صحيحة: B
السؤال #50
Which of the following would present the GREATEST need to revise information security policies?
A. A merger with a competing company
B. An increase in reported incidents
C. Implementation of a new firewall
D. Changes in standards and procedures
عرض الإجابة
اجابة صحيحة: A
السؤال #51
The BEST way to report to the board on the effectiveness of the information security program is to present:
A. a dashboard illustrating key performance metrics
B. peer-group industry benchmarks
C. a summary of the most recent audit findings
D. a report of cost savings from process improvements
عرض الإجابة
اجابة صحيحة: A
السؤال #52
An advantage of antivirus software schemes based on change detection is that they have:
A. a chance of detecting current and future viral strains
B. a more flexible directory of viral signatures
C. to be updated less frequently than activity monitors
D. the highest probability of avoiding false alarms
عرض الإجابة
اجابة صحيحة: A
السؤال #53
Knowing which of the following is MOST important when the information security manager is seeking senior management commitment?
A. Security costs
B. Technical vulnerabilities
C. Security technology requirements
D. Implementation tasks
عرض الإجابة
اجابة صحيحة: C
السؤال #54
A validated patch to address a new vulnerability that may affect a mission-critical server has been released. What should be done immediately?
A. Add mitigating controls
B. Check the server’s security and install the patch
C. Conduct an impact analysis
D. Take the server off-line and install the patch
عرض الإجابة
اجابة صحيحة: C
السؤال #55
Which is MOST important when contracting an external party to perform a penetration test?
A. Provide network documentation
B. Obtain approval from IT management
C. Define the project scope
D. Increase the frequency of log reviews
عرض الإجابة
اجابة صحيحة: B
السؤال #56
Which of the following activities should take place FIRST when a security patch for Internet software is received from a vendor?
A. The patch should be validated using a hash algorithm
B. The patch should be applied to critical systems
C. The patch should be deployed quickly to systems that are vulnerable
D. The patch should be evaluated in a testing environment
عرض الإجابة
اجابة صحيحة: A
السؤال #57
During a review to approve a penetration test plan, which of the following should be an information security manager’s PRIMARY concern?
A. Penetration test team’s deviation from scope
B. Unauthorized access to administrative utilities
C. False positive alarms to operations staff
D. Impact on production systems
عرض الإجابة
اجابة صحيحة: D
السؤال #58
Spoofing should be prevented because it may be used to:
A. assemble information, track traffic, and identify network vulnerabilities
B. predict which way a program will branch when an option is presented
C. gain illegal entry to a secure system by faking the sender’s address
D. capture information such as password traveling through the network
عرض الإجابة
اجابة صحيحة: C
السؤال #59
Which of the following is the BEST way to demonstrate to senior management that organizational security practices comply with industry standards?
A. Results of an independent assessment
B. Up-to-date policy and procedures documentation
C. A report on the maturity of controls
D. Existence of an industry-accepted framework
عرض الإجابة
اجابة صحيحة: A
السؤال #60
Most security vulnerabilities in software exit because:
A. security features are not tested adequately
B. software has undocumented features
C. security is not properly designed
D. software is developed without adherence to standards
عرض الإجابة
اجابة صحيحة: D
السؤال #61
To prevent computers on the corporate network from being used as part of a distributed denial of service attack, the information security manager should use:
A. incoming traffic filtering
B. outgoing traffic filtering
C. IT security policy dissemination
D. rate limiting
عرض الإجابة
اجابة صحيحة: B
السؤال #62
Which of the following is the BEST approach when using sensitive customer data during the testing phase of a systems development project?
A. Establish the test environment on a separate network
B. Sanitize customer data
C. Monitor the test environment for data loss
D. Implement equivalent controls to those on the source system
عرض الإجابة
اجابة صحيحة: B
السؤال #63
Once a suite of security controls has been successfully implemented for an organization’s business units, it is MOST important for the information security manager to:
A. ensure the controls are regularly tested for ongoing effectiveness
B. hand over the controls to the relevant business owners
C. prepare to adapt the controls for future system upgrades
D. perform testing to compare control performance against industry levels
عرض الإجابة
اجابة صحيحة: A
السؤال #64
Which of the following is the FIRST task when determining an organization’s information security profile?
A. Build an asset inventory
B. List administrative privileges
C. Establish security standards
D. Complete a threat assessment
عرض الإجابة
اجابة صحيحة: C
السؤال #65
A risk analysis for a new system is being performed. For which of the following is business knowledge MORE important than IT knowledge?
A. Vulnerability analysis
B. Balanced scorecard
C. Cost-benefit analysis
D. Impact analysis
عرض الإجابة
اجابة صحيحة: B
السؤال #66
Due to budget constraints, an internal IT application does not include the necessary controls to meet a client service level agreement (SLA). Which of the following is the information security manager’s BEST course of action?
A. Inform the legal department of the deficiency
B. Analyze and report the issue to senior management
C. Require the application owner to implement the controls
D. Assess and present the risks to the application owner
عرض الإجابة
اجابة صحيحة: D
السؤال #67
In a resource-restricted security program, which of the following approaches will provide the BEST use of the limited resources?
A. Cross-training
B. Risk avoidance
C. Risk prioritization
D. Threat management
عرض الإجابة
اجابة صحيحة: C
السؤال #68
The MAIN reason for internal certification of web-based business applications is to ensure:
A. compliance with industry standards
B. changes to the organizational policy framework are identified
C. up-to-date web technology is being used
D. compliance with organizational policies
عرض الإجابة
اجابة صحيحة: D
السؤال #69
When recommending a preventive control against cross-site scripting in web applications, an information security manager is MOST likely to suggest:
A. using https in place of http
B. coding standards and code review
C. consolidating multiple sites into a single portal
D. hardening of the web server’s operating system
عرض الإجابة
اجابة صحيحة: B
السؤال #70
Which of the following would be MOST important to include in a bring your own device (BYOD) policy with regard to lost or stolen devices? The need for employees to:
A. initiate the company’s incident reporting process
B. seek advice from the mobile service provider
C. notify local law enforcement
D. request a remote wipe of the device
عرض الإجابة
اجابة صحيحة: D
السؤال #71
An organization is considering a self-service solution for the deployment of virtualized development servers. Which of the following should be the information security manager’s PRIMARY concern?
A. Ability to maintain server security baseline
B. Ability to remain current with patches
C. Generation of excessive security event logs
D. Segregation of servers from the production environment
عرض الإجابة
اجابة صحيحة: D
السؤال #72
Which of the following should be the MOST important consideration when implementing an information security framework?
A. Compliance requirements
B. Audit findings
C. Risk appetite
D. Technical capabilities
عرض الإجابة
اجابة صحيحة: A
السؤال #73
Which of the following BEST reduces the likelihood of leakage of private information via email?
A. Email encryption
B. User awareness training
C. Strong user authentication protocols
D. Prohibition on the personal use of email
عرض الإجابة
اجابة صحيحة: D
السؤال #74
During an annual security review of an organization’s servers, it was found that the customer service team’s file server, which contains sensitive customer data, is accessible to all user IDs in the organization. Which of the following should the information security manager do FIRST?
A. Report the situation to the data owner
B. Remove access privileges to the folder containing the data
C. Isolate the server from the network
D. Train the customer service team on properly controlling file permissions
عرض الإجابة
اجابة صحيحة: A
السؤال #75
An internal control audit has revealed a control deficiency related to a legacy system where the compensating controls no longer appear to be effective. Which of the following would BEST help the information security manager determine the security requirements to resolve the control deficiency?
A. Risk assessment
B. Gap analysis
C. Cost-benefit analysis
D. Business case
عرض الإجابة
اجابة صحيحة: B
السؤال #76
Which of the following is the MOST important factor in an organization’s selection of a key risk indicator (KRI)?
A. Return on investment
B. Organizational culture
C. Compliance requirements
D. Criticality of information
عرض الإجابة
اجابة صحيحة: D
السؤال #77
Which of the following is the PRIMARY objective of a business impact analysis (BIA)?
A. Analyze vulnerabilities
B. Determine recovery priorities
C. Confirm control effectiveness
D. Define the recovery point objective (RPO)
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.