لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
The MOST effective approach to address issues that arise between IT management, business units and security management when implementing a new security strategy is for the information security manager to:
A. escalate issues to an external third party for resolutio
B. ensure that senior management provides authority for security to address the issue
C. insist that managers or units not in agreement with the security solution accept the ris
D. refer the issues to senior management along with any security recommendation
عرض الإجابة
اجابة صحيحة: D
السؤال #2
Which of the following is MOST likely to be discretionary?
A. Policies
B. Procedures
C. Guidelines
D. Standards
عرض الإجابة
اجابة صحيحة: D
السؤال #3
Which of the following is the MOST immediate consequence of failing to tune a newly installed intrusion detection system (IDS) with the threshold set to a low value?
A. The number of false positives increases
B. The number of false negatives increases
C. Active probing is missed
D. Attack profiles are ignored
عرض الإجابة
اجابة صحيحة: B
السؤال #4
When residual risk is minimized:
A. acceptable risk is probabl
B. transferred risk is acceptabl
C. control risk is reduce
D. risk is transferabl
عرض الإجابة
اجابة صحيحة: C
السؤال #5
The MOST important success factor to design an effective IT security awareness program is to:
A. customize the content to the target audienc
B. ensure senior management is represente
C. ensure that all the staff is traine
D. avoid technical content but give concrete example
عرض الإجابة
اجابة صحيحة: D
السؤال #6
Which of the following is the MOST appropriate frequency for updating antivirus signature files for antivirus software on production servers?
A. Daily
B. Weekly
C. Concurrently with O/S patch updates
D. During scheduled change control updates
عرض الإجابة
اجابة صحيحة: B
السؤال #7
The chief information security officer (CISO) should ideally have a direct reporting relationship to the:
A. head of internal audi
B. chief operations officer (COO)
C. chief technology officer (CTO)
D. legal counse
عرض الإجابة
اجابة صحيحة: B
السؤال #8
Access control to a sensitive intranet application by mobile users can BEST be implemented through:
A. data encryptio
B. digital signature
C. strong password
D. two-factor authenticatio
عرض الإجابة
اجابة صحيحة: B
السؤال #9
The PRIMARY benefit of performing an information asset classification is to:
A. link security requirements to business objective
B. identify controls commensurate to ris
C. define access right
D. establish ownershi
عرض الإجابة
اجابة صحيحة: B
السؤال #10
Which of the following is the MOST effective solution for preventing individuals external to the organization from modifying sensitive information on a corporate database?
A. Screened subnets
B. Information classification policies and procedures
C. Role-based access controls
D. Intrusion detection system (IDS)
عرض الإجابة
اجابة صحيحة: C
السؤال #11
From an information security manager perspective, what is the immediate benefit of clearly-defined roles and responsibilities?
A. Enhanced policy compliance
B. Improved procedure flows
C. Segregation of duties
D. Better accountability
عرض الإجابة
اجابة صحيحة: D
السؤال #12
Topic 5Following a highly sensitive data breach at a large company, all servers and workstations were patched. The informationsecurity managers NEXT step should be to:
A. inform senior management of changes in risk metrics
B. perform an assessment to measure the current state
C. deliver security awareness training
D. ensure baseline back-ups are performed
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Who should determine the appropriate classification of accounting ledger data located on a database server and maintained by a database administrator in the IT department?
A. Database administrator (DBA )
B. Finance department management
C. Information security manager
D. IT department management
عرض الإجابة
اجابة صحيحة: B
السؤال #14
Topic 5Which is the MOST important to enable a timely response to a security breach?
A. Knowledge sharing and collaboration
B. Security event logging
C. Roles and responsibilities
D. Forensic analysis
عرض الإجابة
اجابة صحيحة: B
السؤال #15
An extranet server should be placed:
A. outside the firewal
B. on the firewall serve
C. on a screened subne
D. on the external route
عرض الإجابة
اجابة صحيحة: D
السؤال #16
Which of the following is the BEST method to reduce the number of incidents of employees forwarding spam and chain e-mail messages?
A. Acceptable use policy
B. Setting low mailbox limits
C. User awareness training
D. Taking disciplinary action
عرض الإجابة
اجابة صحيحة: A
السؤال #17
The service level agreement (SLA) for an outsourced IT function does not reflect an adequate level of protection. In this situation an information security manager should:
A. ensure the provider is made liable for losse
B. recommend not renewing the contract upon expiratio
C. recommend the immediate termination of the contrac
D. determine the current level of securit
عرض الإجابة
اجابة صحيحة: C
السؤال #18
The recovery time objective (RTO) is reached at which of the following milestones?
A. Disaster declaration
B. Recovery of the backups
C. Restoration of the system
D. Return to business as usual processing
عرض الإجابة
اجابة صحيحة: C
السؤال #19
Which of the following is the BEST metric for evaluating the effectiveness of security awareness twining? The number of:
A. password reset
B. reported incident
C. incidents resolve
D. access rule violation
عرض الإجابة
اجابة صحيحة: B
السؤال #20
Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:
A. organizational risk
B. organization wide metrics
C. security needs
D. the responsibilities of organizational units
عرض الإجابة
اجابة صحيحة: B
السؤال #21
Acceptable levels of information security risk should be determined by:
A. legal counsel
B. security management
C. external auditors
D. die steering committee
عرض الإجابة
اجابة صحيحة: C
السؤال #22
Topic 5When designing an incident response plan to be agreed upon with a cloud computing vendor, including which of thefollowing will BEST help to ensure the effectiveness of the plan?
A. A training program for the vendor staff
B. An audit and compliance program
C. Responsibility and accountability assignments
D. Requirements for onsite recovery testing
عرض الإجابة
اجابة صحيحة: C
السؤال #23
When a departmental system continues to be out of compliance with an information security policy's password strength requirements, the BEST action to undertake is to:
A. submit the issue to the steering committe
B. conduct an impact analysis to quantify the risk
C. isolate the system from the rest of the networ
D. request a risk acceptance from senior managemen
عرض الإجابة
اجابة صحيحة: C
السؤال #24
It is MOST important that information security architecture be aligned with which of the following? Real 11 Isaca CISM Exam
A. Industry best practices
B. Information technology plans
C. Information security best practices
D. Business objectives and goals
عرض الإجابة
اجابة صحيحة: B
السؤال #25
Successful implementation of information security governance will FIRST require:
A. security awareness training
B. updated security policies
C. a computer incident management team
D. a security architecture
عرض الإجابة
اجابة صحيحة: B
السؤال #26
The MOST important reason that statistical anomaly-based intrusion detection systems (slat IDSs) are less commonly used than signature-based IDSs, is that stat IDSs:
A. create more overhead than signature-based IDS
B. cause false positives from minor changes to system variable
C. generate false alarms from varying user or system action
D. cannot detect new types of attack
عرض الإجابة
اجابة صحيحة: D
السؤال #27
An information security organization should PRIMARILY:
A. support the business objectives of the company by providing security-related support service
B. be responsible for setting up and documenting the information security responsibilities of the information security team member
C. ensure that the information security policies of the company are in line with global best practices and standard
D. ensure that the information security expectations are conveyed to employee
عرض الإجابة
اجابة صحيحة: D
السؤال #28
Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:
A. organizational ris
B. organization wide metric
C. security need
D. the responsibilities of organizational unit
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Topic 5A desktop computer that was involved in a computer security incident should be secured as evidence by:
A. disconnecting the computer from all power sources
B. disabling all local user accounts except for one administrator
C. encrypting local files and uploading exact copies to a secure server
D. copying all files using the operating system (OS) to write-once media
عرض الإجابة
اجابة صحيحة: A
السؤال #30
The BEST metric for evaluating the effectiveness of a firewall is the:
A. number of attacks blocke
B. number of packets droppe
C. average throughput rat
D. number of firewall rule
عرض الإجابة
اجابة صحيحة: C
السؤال #31
Topic 5Which of the following actions should be taken when an online trading company discovers a network attack in progress?
A. Shut off all network access points
B. Dump all event logs to removable media
C. Isolate the affected network segment
D. Enable trace logging on all event
عرض الإجابة
اجابة صحيحة: C
السؤال #32
To BEST improve the alignment of the information security objectives in an organization, the chief information security officer (CISO) should:
A. revise the information security progra
B. evaluate a balanced business scorecar
C. conduct regular user awareness session
D. perform penetration test
عرض الإجابة
اجابة صحيحة: A
السؤال #33
Information security policies should:
A. address corporate network vulnerabilitie
B. address the process for communicating a violatio
C. be straightforward and easy to understan
D. be customized to specific groups and role
عرض الإجابة
اجابة صحيحة: B
السؤال #34
Which of the following represents the MAJOR focus of privacy regulations?
A. Unrestricted data mining
B. Identity theft
C. Human rights protection
D. D
عرض الإجابة
اجابة صحيحة: D
السؤال #35
Topic 5A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site.Which of the following would be the GREATEST weakness in recovery capability?
A. Exclusive use of the hot site is limited to six weeks
B. The hot site may have to be shared with other customers
C. The time of declaration determines site access priority
D. The provider services all major companies in the area
عرض الإجابة
اجابة صحيحة: D
السؤال #36
Topic 5Which of the following is the MOST important part of an incident response plan?
A. Recovery time objective (RTO)
B. Business impact analysis (BIA)
C. Recovery point objective (RPO)
D. Mean time to report (MTTR)
عرض الإجابة
اجابة صحيحة: A
السؤال #37
In business-critical applications, user access should be approved by the:
A. information security manage
B. data owne
C. data custodia
D. business managemen
عرض الإجابة
اجابة صحيحة: C
السؤال #38
Topic 5Which of the following is the MOST important incident management consideration for an organization subscribing to a cloudservice?
A. Expertise of personnel providing incident response
B. Implementation of a SIEM in the organization
C. Decision on the classification of cloud-hosted data
D. An agreement on the definition of a security incident
عرض الإجابة
اجابة صحيحة: D
السؤال #39
When a security standard conflicts with a business objective, the situation should be resolved by:
A. changing the security standard
B. changing the business objective
C. performing a risk analysis
D. authorizing a risk acceptance
عرض الإجابة
اجابة صحيحة: C
السؤال #40
The MAIN reason for having the Information Security Steering Committee review a new security controls implementation plan is to ensure that:
A. the plan aligns with the organization's business pla
B. departmental budgets are allocated appropriately to pay for the pla
C. regulatory oversight requirements are me
D. the impact of the plan on the business units is reduce
عرض الإجابة
اجابة صحيحة: A
السؤال #41
Good information security procedures should:
A. define the allowable limits of behavio
B. underline the importance of security governanc
C. describe security baselines for each platfor
D. be updated frequently as new software is release
عرض الإجابة
اجابة صحيحة: B
السؤال #42
An information security program should focus on:
A. best practices also in place at peer companie
B. solutions codified in international standard
C. key controls identified in risk assessment
D. continued process improvemen
عرض الإجابة
اجابة صحيحة: A
السؤال #43
There is a time lag between the time when a security vulnerability is first published, and the time when a patch is delivered. Which of the following should be carried out FIRST to mitigate the risk during this time period?
A. Identify the vulnerable systems and apply compensating controls
B. Minimize the use of vulnerable systems
C. Communicate the vulnerability to system users
D. Update the signatures database of the intrusion detection system (IDS)
عرض الإجابة
اجابة صحيحة: D
السؤال #44
Topic 5Which of the following is MOST likely to affect an organizations ability to respond to security incidents in a timely manner?
A. Lack of senior management buy-in
B. Inadequate detective control performance
C. Complexity of network segmentation
D. Misconfiguration of security information and event management (SIEM) tool
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: