لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
The impact of losing frame relay network connectivity for 18-24 hours should be calculated using the:
A. hourly billing rate charged by the carrier
B. value of the data transmitted over the network
C. aggregate compensation of all affected business users
D. financial losses incurred by affected business units
عرض الإجابة
اجابة صحيحة: D
السؤال #2
When building a corporate-wide business continuity plan, it is discovered there are two separate lines of business systems that could be impacted by the same threat. Which of the following is the BEST method to determine the priority of system recovery in the event of a disaster?
A. Evaluating the cost associated with each system’s outage
B. Reviewing the business plans of each department
C. Comparing the recovery point objectives (RPOs)
D. Reviewing each system’s key performance indicators (KPIs)
عرض الإجابة
اجابة صحيحة: A
السؤال #3
The likelihood of a successful attack is a function of:
A. incentive and capability of the intruder
B. opportunity and asset value
C. threat and vulnerability levels
D. value and desirability to the intruder
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Which of the following would be MOST useful in developing a series of recovery time objectives (RTOs)?
A. Gap analysis
B. Regression analysis
C. Risk analysis
D. Business impact analysis
عرض الإجابة
اجابة صحيحة: D
السؤال #5
Which of the following is the MOST important factor to ensure information security is meeting the organization’s objectives?
A. Internal audit’s involvement in the security process
B. Implementation of a control self-assessment process
C. Establishment of acceptable risk thresholds
D. Implementation of a security awareness program
عرض الإجابة
اجابة صحيحة: C
السؤال #6
The MOST likely reason to use qualitative security risk assessments instead of quantitative methods is when:
A. an organization provides services instead of hard goods
B. a security program requires independent expression of risks
C. available data is too subjective
D. a mature security program is in place
عرض الإجابة
اجابة صحيحة: A
السؤال #7
Which of the following is the BEST strategy to implement an effective operational security posture?
A. Threat management
B. Defense in depth
C. Increased security awareness
D. Vulnerability management
عرض الإجابة
اجابة صحيحة: B
السؤال #8
Information security policies should be designed PRIMARILY on the basis of:
A. business demands
B. inherent risks
C. international standards
D. business risks
عرض الإجابة
اجابة صحيحة: D
السؤال #9
Which of the following is MOST critical to the successful implementation of information security within an organizational?
A. The information security manager is responsible for setting information security policy
B. Strong risk management skills exist within the information security group
C. Budget is allocated for information security tools
D. Security is effectively marketed to all managers and employees
عرض الإجابة
اجابة صحيحة: D
السؤال #10
Which of the following is the BEST course of action for an information security manager to align security and business goals?
A. Defining key performance indicators (KPIs)
B. Actively engaging with stakeholders
C. Reviewing the business strategy
D. Conducting a business impact analysis (BIA)
عرض الإجابة
اجابة صحيحة: D
السؤال #11
A risk analysis should:
A. include a benchmark of similar companies in its scope
B. assume an equal degree of protection for all assets
C. address the potential size and likelihood of loss
D. give more weight to the likelihood vs
عرض الإجابة
اجابة صحيحة: C
السؤال #12
Which of the following is the BEST control to minimize the risk associated with loss of information as a result of ransomware exploiting a zero-day vulnerability?
A. A security operation center
B. A patch management process
C. A public key infrastructure
D. A data recovery process
عرض الإجابة
اجابة صحيحة: D
السؤال #13
Which of the following MUST be established before implementing a data loss prevention (DLP) system?
A. Privacy impact assessment
B. A data backup policy
C. Data classification
D. A data recovery policy
عرض الإجابة
اجابة صحيحة: C
السؤال #14
Shortly after installation, an intrusion detection system (IDS) reports a violation. Which of the following is the MOST likely explanation?
A. The violation is a false positive
B. A routine IDS log file upload has occurred
C. A routine IDS signature file download has occurred
D. An intrusion has occurred
عرض الإجابة
اجابة صحيحة: A
السؤال #15
The MAIN reason for deploying a public key infrastructure (PKI) when implementing an information security program is to:
A. ensure the confidentiality of sensitive material
B. provide a high assurance of identity
C. allow deployment of the active directory
D. implement secure sockets layer (SSL) encryption
عرض الإجابة
اجابة صحيحة: B
السؤال #16
A software vendor has announced a zero-day vulnerability that exposes an organization’s critical business systems, following should be the information security manager’s PRIMARY concern?
A. Business tolerance of downtime
B. Adequacy of the incident response plan
C. Availability of resources to implement controls
D. Ability to test patches prior to deployment
عرض الإجابة
اجابة صحيحة: C
السؤال #17
Who can BEST approve plans to implement an information security governance framework?
A. Internal auditor
B. Information security management
C. Steering committee
D. Infrastructure management
عرض الإجابة
اجابة صحيحة: C
السؤال #18
To ensure adequate disaster-preparedness among IT infrastructure personnel, it is MOST important to:
A. have the most experienced personnel participate in recovery tests
B. include end-user personnel in each recovery test
C. assign personnel-specific duties in the recovery plan
D. periodically rotate recovery-test participants
عرض الإجابة
اجابة صحيحة: D
السؤال #19
A risk was identified during a risk assessment. The business process owner has chosen to accept the risk because the cost of remediation is greater than the projected cost of a worst-case scenario. What should be the information security manager's NEXT course of action?
A. Determine a lower-cost approach to remediation
B. Document and schedule a date to revisit the issue
C. Shut down the business application
D. Document and escalate to senior management
عرض الإجابة
اجابة صحيحة: D
السؤال #20
What is the PRIMARY benefit to executive management when audit, risk, and security functions are aligned?
A. Reduced number of assurance reports
B. More effective decision making
C. More timely risk reporting
D. More efficient incident handling
عرض الإجابة
اجابة صحيحة: B
السؤال #21
Which of the following is the BEST way to address any gaps identified during an outsourced provider selection and contract negotiation process?
A. Make the provider accountable for security and compliance
B. Perform continuous gap assessments
C. Include audit rights in the service level agreement (SLA)
D. Implement compensating controls
عرض الإجابة
اجابة صحيحة: D
السؤال #22
Which of the following processes can be used to remediate identified technical vulnerabilities?
A. Running baseline configurations
B. Conducting a risk assessment
C. Performing a business impact analysis (BIA)
D. Running automated scanners
عرض الإجابة
اجابة صحيحة: B
السؤال #23
Which of the following is an important criterion for developing effective key risk indicators (KRIs) to monitor information security risk?
A. The indicator should possess a high correlation with a specific risk and be measured on a regular basis
B. The indicator should focus on IT and accurately represent risk variances
C. The indicator should align with key performance indicators and measure root causes of process performance issues
D. The indicator should provide a retrospective view of risk impacts and be measured annually
عرض الإجابة
اجابة صحيحة: A
السؤال #24
Which of the following is the PRIMARY goal of business continuity management?
A. Establish incident response procedures
B. Assess the impact to business processes
C. Increase survivability of the organization
D. Implement controls to prevent disaster
عرض الإجابة
اجابة صحيحة: C
السؤال #25
An awareness program is implemented to mitigate the risk of infections introduced through the use of social media. Which of the following will BEST determine the effectiveness of the awareness program?
A. A post-awareness program survey
B. A quiz based on the awareness program materials
C. A simulated social engineering attack
D. Employee attendance rate at the awareness program
عرض الإجابة
اجابة صحيحة: C
السؤال #26
Which of the following would the BEST demonstrate the added value of an information security program?
A. Security baselines
B. A SWOT analysis
C. A gap analysis
D. A balanced scorecard
عرض الإجابة
اجابة صحيحة: B
السؤال #27
The PRIMARY objective of a risk response strategy should be:
A. threat reduction
B. regulatory compliance
C. senior management buy-in
D. appropriate control selection
عرض الإجابة
اجابة صحيحة: A
السؤال #28
An organization has an approved bring your own device (BYOD) program. Which of the following is the MOST effective method to enforce application control on personal devices?
A. Establish a mobile device acceptable use policy
B. Implement a mobile device management solution
C. Educate users regarding the use of approved applications
D. Implement a web application firewall
عرض الإجابة
اجابة صحيحة: B
السؤال #29
When scoping a risk assessment, assets need to be classified by:
A. likelihood and impact
B. sensitivity and criticality
C. threats and opportunities
D. redundancy and recoverability
عرض الإجابة
اجابة صحيحة: B
السؤال #30
Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?
A. Information security incidents
B. Information security strategy
C. Current resourcing levels
D. Availability of potential resources
عرض الإجابة
اجابة صحيحة: B
السؤال #31
A. Which of the following should be the PRIMARY goal of an information security manager when designing information security policies? Reducing organizational security risk
B. Improving the protection of information
C. Minimizing the cost of security controls
D. Achieving organizational objectives
عرض الإجابة
اجابة صحيحة: D
السؤال #32
To implement a security framework, an information security manager must FIRST develop:
A. security standards
B. security procedures
C. a security policy
D. security guidelines
عرض الإجابة
اجابة صحيحة: D
السؤال #33
Which of the following would provide the BEST justification for a new information security investment?
A. Results of a comprehensive threat analysis
B. Projected reduction in risk
C. Senior management involvement in project prioritization
D. Defined key performance indicators (KPIs)
عرض الإجابة
اجابة صحيحة: A
السؤال #34
Which of the following would be MOST useful in a report to senior management for evaluating changes in the organization’s information security risk position?
A. Risk register
B. Trend analysis
C. Industry benchmarks
D. Management action plan
عرض الإجابة
اجابة صحيحة: A
السؤال #35
Which of the following risks would BEST be assessed using quantitative risk assessment techniques?
A. Customer data stolen
B. An electrical power outage
C. A web site defaced by hackers
D. Loss of the software development team
عرض الإجابة
اجابة صحيحة: B
السؤال #36
An organization’s senior management is encouraging employees to use social media for promotional purposes. Which of the following should be the information security manager’s FIRST step to support this strategy?
A. Incorporate social media into the security awareness program
B. Develop a guideline on the acceptable use of social media
C. Develop a business case for a data loss prevention (DLP) solution
D. Employ the use of a web content filtering solution
عرض الإجابة
اجابة صحيحة: B
السؤال #37
An organization has announced new initiatives to establish a big data platform and develop mobile apps. What is the FIRST step when defining new human resource requirements?
A. Request additional funding for recruiting and training
B. Analyze the skills necessary to support the new initiatives
C. Benchmark to an industry peer
D. Determine the security technology requirements for the initiatives
عرض الإجابة
اجابة صحيحة: B
السؤال #38
Which of the following is the MOST effective method of determining security priorities?
A. Impact analysis
B. Threat assessment
C. Vulnerability assessment
D. Gap analysis
عرض الإجابة
اجابة صحيحة: A
السؤال #39
Which metric is the BEST indicator that an update to an organization’s information security awareness strategy is effective?
A. A decrease in the number of incidents reported by staff
B. A decrease in the number of email viruses detected
C. An increase in the number of email viruses detected
D. An increase in the number of incidents reported by staff
عرض الإجابة
اجابة صحيحة: A
السؤال #40
Which of the following would be MOST effective in preventing malware from being launched through an email attachment?
A. Up-to-date security policies
B. Placing the e-mail server on a screened subnet
C. Security awareness training
D. A network intrusion detection system (NIDS)
عرض الإجابة
اجابة صحيحة: C
السؤال #41
Of the following, whose input is of GREATEST importance in the development of an information security strategy?
A. End users
B. Corporate auditors
C. Process owners
D. Security architects
عرض الإجابة
اجابة صحيحة: D
السؤال #42
In an organization implementing a data classification program, ultimate responsibility for the data on the database server lies with the:
A. information security manager
B. business unit manager
C. database administrator (DBA)
D. information technology manager:
عرض الإجابة
اجابة صحيحة: A
السؤال #43
Which of the following is MOST important to consider when defining control objectives?
A. The current level of residual risk
B. The organization’s strategic objectives
C. Control recommendations from a recent audit
D. The organization’s risk appetite
عرض الإجابة
اجابة صحيحة: B
السؤال #44
When preparing a business case for the implementation of a security information and event management (SIEM) system, which of the following should be a PRIMARY driver in the feasibility study?
A. Cost of software
B. Cost-benefit analysis
C. Implementation timeframe
D. Industry benchmarks
عرض الإجابة
اجابة صحيحة: B
السؤال #45
Which of the following is the BEST method to determine whether an information security program meets an organization’s business objectives? Implement performance measures.
B. Review against international security standards
C. Perform a business impact analysis (BIA)
D. Conduct an annual enterprise-wide security evaluation
عرض الإجابة
اجابة صحيحة: A
السؤال #46
After assessing risk, the decision to treat the risk should be based PRIMARILY on:
A. availability of financial resources
B. whether the level of risk exceeds risk appetite
C. whether the level of risk exceeds inherent risk
D. the criticality of the risk
عرض الإجابة
اجابة صحيحة: B
السؤال #47
Which of the following should be the PRIMARY basis for determining risk appetite?
A. Organizational objectives
B. Senior management input
C. Industry benchmarks
D. Independent audit results
عرض الإجابة
اجابة صحيحة: A
السؤال #48
Which of the following should be the MOST important consideration when reporting sensitive risk-related information to stakeholders?
A. Ensuring nonrepudiation of communication
B. Consulting with the public relations director
C. Transmitting the internal communication securely
D. Customizing the communication to the audience
عرض الإجابة
اجابة صحيحة: C
السؤال #49
Mitigating technology risks to acceptable levels should be based PRIMARILY upon:
A. business process reengineering
B. business process requirement
C. legal and regulatory requirements
D. information security budget
عرض الإجابة
اجابة صحيحة: B
السؤال #50
Which of the following is the BEST approach for encouraging business units to assume their roles and responsibilities in an information security program?
A. Perform a risk assessment
B. Conduct an awareness program
C. Conduct a security audit
D. Develop controls and countermeasures
عرض الإجابة
اجابة صحيحة: B
السؤال #51
The MOST effective way to communicate the level of impact of information security risks on organizational objectives is to present:
A. business impact analysis (BIA) results
B. detailed threat analysis results
C. risk treatment options
D. a risk heat map
عرض الإجابة
اجابة صحيحة: D
السؤال #52
An organization plans to implement a document collaboration solution to allow employees to share company information. Which of the following is the MOST important control to mitigate the risk associated with the new solution?
A. Assign write access to data owners
B. Allow a minimum number of user access to the solution
C. Have data owners perform regular user access reviews
D. Permit only non-sensitive information on the solution
عرض الإجابة
اجابة صحيحة: C
السؤال #53
What should the information security manager recommend to support the development of a new web application that will allow retail customers to view inventory and order products?
A. Building an access control matrix
B. Request customers adhere to baseline security standards
C. Access through a virtual private network (VPN)
D. Implementation of secure transmission protocols
عرض الإجابة
اجابة صحيحة: D
السؤال #54
Which of the following will BEST help to ensure security is addressed when developing a custom application?
A. Conducting security training for the development staff
B. Integrating security requirements into the development process
C. Requiring a security assessment before implementation
D. Integrating a security audit throughout the development process
عرض الإجابة
اجابة صحيحة: B
السؤال #55
An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:
A. document and report the root cause of the incidents for senior management
B. identify security program gaps or systemic weaknesses that need correction
C. prepare properly vetted notifications regarding the incidents to external parties
D. identify who should be held accountable for the security incidents
عرض الإجابة
اجابة صحيحة: A
السؤال #56
Which of the following should be of MOST influence to an information security manager when developing IT security policies?
A. Past and current threats
B. IT security framework
C. Compliance with regulations
D. Business strategy
عرض الإجابة
اجابة صحيحة: D
السؤال #57
When using a newly implemented security information and event management (SIEM) infrastructure, which of the following should be considered FIRST?
A. Retention
B. Tuning
C. Encryption
D. Report distribution
عرض الإجابة
اجابة صحيحة: D
السؤال #58
What should be the PRIMARY objective of conducting interviews with business unit managers when developing an information security strategy?
A. Determine information types
B. Obtain information on departmental goals
C. Identify data and system ownership
D. Classify information assets
عرض الإجابة
اجابة صحيحة: B
السؤال #59
A third-party service provider is developing a mobile app for an organization’s customers. Which of the following issues should be of GREATEST concern to the information security manager?
A. Software escrow is not addressed in the contract
B. The contract has no requirement for secure development practices
C. The mobile app’s programmers are all offshore contractors
D. SLAs after deployment are not clearly defined
عرض الإجابة
اجابة صحيحة: B
السؤال #60
Which of the following should be of GREATEST concern to an information security manager when establishing a set of key risk indicators (KRIs)?
A. The impact of security risk on organizational objectives is not well understood
B. Risk tolerance levels have not yet been established
C. Several business functions have been outsourced to third-party vendors
D. The organization has no historical data on previous security events
عرض الإجابة
اجابة صحيحة: B
السؤال #61
In addition to cost, what is the BEST criteria for selecting countermeasures following a risk assessment?
A. Effort of implementation
B. Skill requirements for implementation
C. Effectiveness of each option
D. Maintenance requirements
عرض الإجابة
اجابة صحيحة: C
السؤال #62
A. Which of the following needs to be established between an IT service provider and its clients to the BEST enable adequate continuity of service in preparation for an outage?
A. Data retention policies
B. Server maintenance plans
C. Recovery time objectives
D. Reciprocal site agreement
عرض الإجابة
اجابة صحيحة: C
السؤال #63
A CIO has asked the organization’s information security manager to provide both one-year and five-year plans for the information security program. What is the PRIMARY purpose for the long-term plan?
A. To create formal requirements to meet projected security needs for the future
B. To create and document a consistent progression of security capabilities
C. To prioritize risks on a longer scale than the one-year plan
D. To facilitate the continuous improvement of the IT organization
عرض الإجابة
اجابة صحيحة: D
السؤال #64
Which of the following is MOST helpful for prioritizing the recovery of IT assets during a disaster?
A. Business impact analysis (BIA)
B. Risk assessment
C. Vulnerability assessment
D. Cost-benefit analysis
عرض الإجابة
اجابة صحيحة: A
السؤال #65
Senior management has decided to accept a significant risk within a security remediation plan. Which of the following is the information security manager's BEST course of action?
A. Remediate the risk and document the rationale
B. Update the risk register with the risk acceptance
C. Communicate the remediation plan to the board of directors
D. Report the risk acceptance to regulatory agencies
عرض الإجابة
اجابة صحيحة: C
السؤال #66
An information security program should be established PRIMARILY on the basis of:
A. the approved information security strategy
B. the approved risk management approach
C. data security regulatory requirements
D. senior management input
عرض الإجابة
اجابة صحيحة: A
السؤال #67
Which of the following has the MOST direct impact on the usability of an organization's asset classification program?
A. The granularity of classifications in the hierarchy
B. The frequency of updates to the organization’s risk register
C. The business objectives of the organization
D. The support of senior management for the classification scheme
عرض الإجابة
اجابة صحيحة: A
السؤال #68
An organization has concerns regarding a potential advanced persistent threat (APT). To ensure that the risk associated with this threat is appropriately managed, what should be the organization's FIRST action?
A. Report to senior management
B. Initiate incident response processes
C. Implement additional controls
D. Conduct an impact analysis
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.