السؤال #1

Risk assessment is MOST effective when performed:

A. at the beginning of security program development

B. on a continuous basis

C. while developing the business case for the security program

D. during the business change process

عرض الإجابة

اجابة صحيحة: C

السؤال #2

When an organization is implementing an information security governance program, its board of directors should be responsible for:

A. drafting information security policie

B. reviewing training and awareness program

C. setting the strategic direction of the progra

D. auditing for complianc

عرض الإجابة

اجابة صحيحة: C

السؤال #3

Which of the following devices should be placed within a demilitarized zone (DMZ)?

A. Network switch

B. Web server

C. Database server

D. File/print server

عرض الإجابة

اجابة صحيحة: C

السؤال #4

Successful social engineering attacks can BEST be prevented through:

A. preemployment screening

B. close monitoring of users' access patterns

C. periodic awareness training

D. efficient termination procedures

عرض الإجابة

اجابة صحيحة: B

السؤال #5

The FIRST priority when responding to a major security incident is:

A. documentation

B. monitoring

C. restoration

D. containment

عرض الإجابة

اجابة صحيحة: A

السؤال #6

Which of the following is the MOST important action to take when engaging third-party consultants to conduct an attack and penetration test?

A. Request a list of the software to be used

B. Provide clear directions to IT staff

C. Monitor intrusion detection system (IDS) and firewall logs closely

D. Establish clear rules of engagement

عرض الإجابة

اجابة صحيحة: A

السؤال #7

Which resource is the MOST effective in preventing physical access tailgating/piggybacking?

A. Card key door locks

B. Photo identification

C. Awareness training

D. Biometric scanners

عرض الإجابة

اجابة صحيحة: A

السؤال #8

A newly hired information security manager reviewing an existing security investment plan is MOST likely to be concerned when the plan:

A. is based solely on a review of security threats and vulnerabilities in existing IT systems

B. identifies potential impacts that the implementation may have on business processes

C. focuses on compliance with common international security standards

D. has summarized IT costs for implementation rather than providing detail

عرض الإجابة

اجابة صحيحة: C

السؤال #9

To ensure that all information security procedures are functional and accurate, they should be designed with the involvement of:

A. end users

C. operational units

D. audit management

عرض الإجابة

اجابة صحيحة: A

السؤال #10

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

A. Automation of controls

B. Documentation of control procedures

C. Integration of assurance efforts

D. Standardization of compliance requirements

عرض الإجابة

اجابة صحيحة: C

السؤال #11

As part of an international expansion plan, an organization has acquired a company located in another jurisdiction. Which of the following would be the BEST way to maintain any effective information security program?

A. Ensure information security is included in any change control efforts

B. Merge the two information security programs to establish continuity

C. Determine new factors that could influence the information security strategy

D. Implement the current information security program in the acquired company

عرض الإجابة

اجابة صحيحة: D

السؤال #12

Which of the following technologies is utilized to ensure that an individual connecting to a corporate internal network over the Internet is not an intruder masquerading as an authorized user?

A. Intrusion detection system (IDS)

B. IP address packet filtering

C. Two-factor authentication

D. Embedded digital signature

عرض الإجابة

اجابة صحيحة: C

السؤال #13

Security policies should be aligned MOST closely with:

A. industry' best practices

B. organizational needs

C. generally accepted standards

D. local laws and regulations

عرض الإجابة

اجابة صحيحة: A

السؤال #14

The PRIMARY objective of security awareness is to:

A. ensure that security policies are understood

B. influence employee behavior

C. ensure legal and regulatory compliance

D. notify of actions for noncompliance

عرض الإجابة

اجابة صحيحة: C

السؤال #15

Which of the following is the PRIMARY advantage of having an established information security governance framework in place when an organization is adopting emerging technologies?

A. An emerging technologies strategy would be in place

B. An effective security risk management process is established

C. End-user acceptance of emerging technologies has been established

D. A cost-benefit analysis process would be easier to perform

عرض الإجابة

اجابة صحيحة: A

السؤال #16

Which of the following is a risk of cross-training?

A. Increases the dependence on one employee

B. Does not assist in succession planning

C. One employee may know all parts of a system

D. Does not help in achieving a continuity of operations

عرض الإجابة

اجابة صحيحة: D

السؤال #17

Which of the following is the MOST appropriate method to protect a password that opens a confidential file?

A. Delivery path tracing

B. Reverse lookup translation

C. Out-of-band channels

D. Digital signatures

عرض الإجابة

اجابة صحيحة: B

السؤال #18

Secure customer use of an e-commerce application can BEST be accomplished through:

A. data encryption

B. digital signatures

C. strong passwords

D. two-factor authentication

عرض الإجابة

اجابة صحيحة: B

السؤال #19

Which of the following is an inherent weakness of signature-based intrusion detection systems?

A. A higher number of false positives

B. New attack methods will be missed

C. Long duration probing will be missed

D. Attack profiles can be easily spoofed

عرض الإجابة

اجابة صحيحة: B

السؤال #20

07.When collecting admissible evidence, which of the following is the MOST important requirement?

A. eed to know

B. ue diligence

C. reserving audit logs

D. hain of custody

عرض الإجابة

اجابة صحيحة: d

السؤال #21

Which of the following is the PRIMARY advantage of desk checking a business continuity plan (BCP)?

A. Assesses the availability and compatibility a backup hardware

B. Allows for greater participation be management and the IT department

C. Ensures that appropriate follow-up work is performed on noted issues

D. Provides a low-cost method of assessing the BCP’s completeness

عرض الإجابة

اجابة صحيحة: D

السؤال #22

Which of the following is MOST important to the successful promotion of good security management practices?

A. Security metrics

B. Security baselines

C. Management support

D. Periodic training

عرض الإجابة

اجابة صحيحة: D

السؤال #23

A contract bid is digitally signed and electronically mailed. The PRIMARY advantage to using a digital signature is that:

A. the bid and the signature can be copied from one document to another

B. the bid cannot be forged even if the keys are compromised

C. the signature can be authenticated even if no encryption is used

D. any alteration of the bid will invalidate the signature

عرض الإجابة

اجابة صحيحة: C

السؤال #24

A data-hosting organization’s data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies would be the BEST approach for developing a physical access control policy for the organization?

A. Design single sign-on or federated access

B. Conduct a risk assessment to determine security risks and mitigating controls

C. Develop access control requirements for each system and application

D. Review customers’ security policies

عرض الإجابة

اجابة صحيحة: B

السؤال #25

A critical device is delivered with a single user and password that is required to be shared for multiple users to access the device. An information security manager has been tasked with ensuring all access to the device is authorized. Which of the following would be the MOST efficient means to accomplish this?

A. Enable access through a separate device that requires adequate authentication

B. Implement manual procedures that require password change after each use

C. Request the vendor to add multiple user IDs

D. Analyze the logs to detect unauthorized access

عرض الإجابة

اجابة صحيحة: A

السؤال #26

Documented standards/procedures for the use of cryptography across the enterprise should PRIMARILY:

A. define the circumstances where cryptography should be used

B. define cryptographic algorithms and key lengths

C. describe handling procedures of cryptographic keys

D. establish the use of cryptographic solutions

عرض الإجابة

اجابة صحيحة: B

السؤال #27

Which of the following is generally used to ensure that information transmitted over the Internet is authentic and actually transmitted by the named sender?

A. Biometric authentication

B. Embedded steganographic

C. Two-factor authenticationEmbedded digital signature

D.

عرض الإجابة

اجابة صحيحة: C

السؤال #28

01.IT-related risk management activities are MOST effective when they are:

A. reated as a distinct process

B. onducted by the IT department

C. ommunicated to all employees

D. ntegrated within business processes

عرض الإجابة

اجابة صحيحة: d

السؤال #29

Which of the following would be the MOST effective countermeasure against malicious programming that rounds down transaction amounts and transfers them to the perpetrator’s account?

A. Ensure that proper controls exist for code review and release management

B. Set up an agent to run a virus-scanning program across platforms

C. Implement controls for continuous monitoring of middleware transactions

D. Apply the latest patch programs to the production operating systems

عرض الإجابة

اجابة صحيحة: B

السؤال #30

Which of the following is MOST important for an information security manager to regularly report to senior management?

A. Results of penetration tests

B. Audit reports

C. Impact of unremediated risks

D. Threat analysis reports

عرض الإجابة

اجابة صحيحة: C

السؤال #31

An intranet server should generally be placed on the:

A. internal network

B. firewall server

C. external router

D. primary domain controller

عرض الإجابة

اجابة صحيحة: C

السؤال #32

Which of the following is the initial step in creating a firewall policy?

A. A cost-benefit analysis of methods for securing the applications

B. Identification of network applications to be externally accessed

C. Identification of vulnerabilities associated with network applications to be externally accessed

D. Creation of an applications traffic matrix showing protection methods

عرض الإجابة

اجابة صحيحة: B

السؤال #33

Which of the following is the MOST appropriate board-level activity for information security governance?

A. Establish security and continuity ownership

B. Develop “what-if” scenarios on incidents

C. Establish measures for security baselines

D. Include security in job-performance appraisals

عرض الإجابة

اجابة صحيحة: B

السؤال #34

Which of the following is the BEST way to verify that all critical production servers are utilizing up-to- date virus signature files?

A. Verify the date that signature files were last pushed out

B. Use a recently identified benign virus to test if it is quarantined

C. Research the most recent signature file and compare to the console

D. Check a sample of servers that the signature files are current

عرض الإجابة

اجابة صحيحة: A

السؤال #35

Which of the following provides the linkage to ensure that procedures are correctly aligned with information security policy requirements?

A. Standards

B. Guidelines

C. Security metricsD

عرض الإجابة

اجابة صحيحة: C

السؤال #36

Which of the following is MOST closely associated with a business continuity program?

A. Confirming that detailed technical recovery plans exist

B. Periodically testing network redundancy

C. Updating the hot site equipment configuration every quarter

D. Developing recovery time objectives (RTOs) for critical functions

عرض الإجابة

اجابة صحيحة: B

السؤال #37

Which of the following would be MOST effective in the strategic alignment of security initiatives?

A. A security steering committee is set up within the IT department

B. Key information security policies are updated on a regular basis

C. Business leaders participate in information security decision making

D. Policies are created with input from business unit managers

عرض الإجابة

اجابة صحيحة: B

السؤال #38

Which of the following represents a PRIMARY area of interest when conducting a penetration test?

A. Data mining

B. Network mapping

C. Intrusion Detection System (IDS)

D. Customer data

عرض الإجابة

اجابة صحيحة: C

السؤال #39

A semi-annual disaster recovery test has been completed. Which of the following issues discussed during the lessons learned phase should be of GREATEST concern?

A. A server used in recovery did not have the latest security patches

B. Application testing was completed by system administrators

C. Poor network performance was reported during recovery

D. Some restored systems were not listed in the DNS table of the DR subnet

عرض الإجابة

اجابة صحيحة: D

السؤال #40

When electronically stored information is requested during a fraud investigation, which of the following should be the FIRST priority?

A. Assigning responsibility for acquiring the data

B. Locating the data and preserving the integrity of the data

C. Creating a forensically sound image

D. Issuing a litigation hold to all affected parties

عرض الإجابة

اجابة صحيحة: B

السؤال #41

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization’s information security strategy?

A. Business impact analysis

B. Organizational risk appetite

C. Independent security audit

D. Security risk assessment

عرض الإجابة

اجابة صحيحة: B

السؤال #42

The implementation of a capacity plan would prevent:

A. file system overload arising from distributed denial-of-service attacks

B. system downtime for scheduled security maintenance

C. software failures arising from exploitation of buffer capacity vulnerabilities

D. application failures arising from insufficient hardware resources

عرض الإجابة

اجابة صحيحة: A

السؤال #43

04.Abnormal server communication from inside the organization to external parties may be monitored to:

A. ecord the trace of advanced persistent threats

B. valuate the process resiliency of server operations

C. erify the effectiveness of an intrusion detection system

D. upport a nonrepudiation framework in e-commerce

عرض الإجابة

اجابة صحيحة: a

السؤال #44

The business advantage of implementing authentication tokens is that they:

A. provide nonrepudiation

B. reduce overall cost

C. improve access security

D. reduce administrative workload

عرض الإجابة

اجابة صحيحة: C

السؤال #45

Which of the following would present the GREATEST risk to information security?

A. Virus signature files updates are applied to all servers every day

B. Security access logs are reviewed within five business days

C. Critical patches are applied within 24 hours of their release

D. Security incidents are investigated within five business days

عرض الإجابة

اجابة صحيحة: C

السؤال #46

08.Company A, a cloud service provider, is in the process of acquiring Company B to gain new benefits by incorporating their technologies within its cloud services. Which of the following should be the PRIMARY focus of Company A's information security manager?

A. he cost to align to Company A's security policies

B. he organizational structure of Company B

C. ompany B's security policies

D. ompany A's security architecture

عرض الإجابة

اجابة صحيحة: c

السؤال #47

Attacks using multiple methods to spread should be classified:

A. each time the exposure is experienced

B. depending on the method used to spread

C. at the highest potential level of business impact

D. using multiple classifications for each impact

عرض الإجابة

اجابة صحيحة: C

السؤال #48

When developing security standards, which of the following would be MOST appropriate to include?

A. Accountability for licenses

B. Acceptable use of IT assets

C. operating system requirements

D. Inventory management

عرض الإجابة

اجابة صحيحة: A

السؤال #49

An organization provides information to its supply chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?

A. A Secure Sockets Layer (SSL) has been implemented for user authentication and remote administration of the firewall

B. Firewall policies are updated on the basis of changing requirements

C. inbound traffic is blocked unless the traffic type and connections have been specifically permitted

D. The firewall is placed on top of the commercial operating system with all installation options

عرض الإجابة

اجابة صحيحة: D

السؤال #50

Which of the following are the MOST important individuals to include as members of an information security steering committee?

A. Direct reports to the chief information officer

B. IT management and key business process owners

C. Cross-section of end users and IT professionals

D. Internal audit and corporate legal departments

عرض الإجابة

اجابة صحيحة: C

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان

عرض الإجابات بعد التقديم

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع! احصل الان

عرض الإجابات بعد التقديم

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان