لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
When briefing senior management on the creation of a governance process, the MOST important aspect should be:
A. nowledge required to analyze each issue
B. nformation security metrics
C. inkage to business area objectives
D. aseline against which metrics are evaluated
عرض الإجابة
اجابة صحيحة: C
السؤال #2
Which of the following should be determined while defining risk management strategies?
A. rganizational objectives and risk tolerance
B. nterprise disaster recovery plans
C. isk assessment criteria
D. T architecture complexity
عرض الإجابة
اجابة صحيحة: A
السؤال #3
Which of the following is the MOST important benefit of an effective security governance process?
A. enior management participation in the incident response process
B. etter vendor management
C. eduction of security breaches
D. eduction of liability and overall risk to the organization
عرض الإجابة
اجابة صحيحة: D
السؤال #4
A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units.Which of the following standards and guidelines can BEST address this organization's need?
A. nternational Organization for Standardizations ?€" 22301 (ISO-22301)
B. nformation Technology Infrastructure Library (ITIL)
C. ayment Card Industry Data Security Standards (PCI-DSS)
D. nternational Organization for Standardizations ?€" 27005 (ISO-27005)
عرض الإجابة
اجابة صحيحة: A
السؤال #5
A security manager regularly checks work areas after business hours for security violations; such as unsecured files or unattended computers with active sessions.This activity BEST demonstrates what part of a security program?
A. ompliance management
B. udit validation
C. hysical control testing
D. ecurity awareness training
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?
A. eed to comply with breach disclosure laws
B. iduciary responsibility to safeguard credit information
C. eed to transfer the risk associated with hosting PII data
D. eed to better understand the risk associated with using PII data
عرض الإجابة
اجابة صحيحة: D
السؤال #7
A method to transfer risk is to______________.
A. mplement redundancy
B. ove operations to another region
C. lign to business operations
D. urchase breach insurance
عرض الإجابة
اجابة صحيحة: D
السؤال #8
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised.What kind of law would require notifying the owner or licensee of this incident?
A. onsumer right disclosure
B. ata breach disclosure
C. pecial circumstance disclosure
D. ecurity incident disclosure
عرض الإجابة
اجابة صحيحة: B
السؤال #9
Why is it vitally important that senior management endorse a security policy?
A. o that employees will follow the policy directives
B. o that they can be held legally accountable
C. o that external bodies will recognize the organizations commitment to security
D. o that they will accept ownership for security within the organization
عرض الإجابة
اجابة صحيحة: D
السؤال #10
Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?
A. nderstand the business goals of the organization
B. oses a strong technical background
C. oses a strong auditing background
D. nderstand all regulations affecting the organization
عرض الإجابة
اجابة صحيحة: A
السؤال #11
Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights.Which of the following would be the MOST concerning?
A. Failure to notify police of an attempted intrusion
B. Lack of reporting of a successful denial of service attack on the network
C. Lack of periodic examination of access rights
D. Lack of notification to the public of disclosure of confidential information
عرض الإجابة
اجابة صحيحة: D
السؤال #12
Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?
A. Value of the asset multiplied by the loss expectancy
B. Replacement cost multiplied by the single loss expectancy
C. Single loss expectancy multiplied by the annual rate of occurrence
D. Total loss expectancy multiplied by the total loss frequency
عرض الإجابة
اجابة صحيحة: C
السؤال #13
The Information Security Management program MUST protect:
A. Audit schedules and findings
B. Intellectual property released into the public domain
C. all organizational assets
D. critical business processes and revenue streams
عرض الإجابة
اجابة صحيحة: D
السؤال #14
Dataflow diagrams are used by IT auditors to:
A. Graphically summarize data paths and storage processes
B. Order data hierarchically
C. Highlight high-level data definitions
D. Portray step-by-step details of data generation
عرض الإجابة
اجابة صحيحة: A
السؤال #15
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
A. ISO 27001
B. ISO 27004
C. PRINCE2
D. ITILv3
عرض الإجابة
اجابة صحيحة: B
السؤال #16
The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for:
A. Integrity and Availability
B. Assurance, Compliance and Availability
C. International Compliance
D. Confidentiality, Integrity and Availability
عرض الإجابة
اجابة صحيحة: D
السؤال #17
An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security___________.
A. Technical control
B. Management control
C. Procedural control
D. Administrative control
عرض الإجابة
اجابة صحيحة: B
السؤال #18
Information security policies should be reviewed _____________________.
A. by the internal audit semiannually
B. by the CISO when new systems are brought online
C. by the Incident Response team after an audit
D. by stakeholders at least annually
عرض الإجابة
اجابة صحيحة: D
السؤال #19
Risk is defined as:
A. Quantitative plus qualitative impact
B. Asset loss times likelihood of event
C. Advisory plus capability plus vulnerability
D. Threat times vulnerability divided by control
عرض الإجابة
اجابة صحيحة: D
السؤال #20
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?
A. The organization uses exclusively a qualitative process to measure risk
B. The organization?€?s risk tolerance is low
C. The organization uses exclusively a quantitative process to measure risk
D. The organization?€?s risk tolerance is high
عرض الإجابة
اجابة صحيحة: D
السؤال #21
The regular review of a firewall ruleset is considered a _______________________.
A. Procedural control
B. Organization control
C. Management control
D. Technical control
عرض الإجابة
اجابة صحيحة: A
السؤال #22
The exposure factor of a threat to your organization is defined by?
A. Annual loss expectancy minus current cost of controls
B. Percentage of loss experienced due to a realized threat event
C. Asset value times exposure factor
D. Annual rate of occurrence
عرض الإجابة
اجابة صحيحة: B
السؤال #23
The Information Security Governance program MUST:
A. integrate with other organizational governance processes
B. show a return on investment for the organization
C. integrate with other organizational governance processes
D. support user choice for Bring Your Own Device (BYOD)
عرض الإجابة
اجابة صحيحة: C
السؤال #24
You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?
A. Chief Executive Officer
B. Chief Information Officer
C. Chief Information Security Officer
D. Chief Information Officer
عرض الإجابة
اجابة صحيحة: A
السؤال #25
Which of the following is a benefit of a risk-based approach to audit planning?
A. Resources are allocated to the areas of the highest concern
B. Scheduling may be performed months in advance
C. Budgets are more likely to be met by the IT audit staff
D. Staff will be exposed to a variety of technologies
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.