Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

CISMP-V9 BCS Foundation Certificate in Information Security Management Principles V9.0 Questions and Answers

Questions 4

A security analyst has been asked to provide a triple A service (AAA) for both wireless and remote access network services in an organization and must avoid using proprietary solutions.

What technology SHOULD they adapt?

Options:

A.

TACACS+

B.

RADIUS.

C.

Oauth.

D.

MS Access Database.

Buy Now
Questions 5

You are undertaking a qualitative risk assessment of a likely security threat to an information system.

What is the MAIN issue with this type of risk assessment?

Options:

A.

These risk assessments are largely subjective and require agreement on rankings beforehand.

B.

Dealing with statistical and other numeric data can often be hard to interpret.

C.

There needs to be a large amount of previous data to "train" a qualitative risk methodology.

D.

It requires the use of complex software tools to undertake this risk assessment.

Buy Now
Questions 6

In business continuity (BC) terms, what is the name of the individual responsible for recording all pertinent information associated with a BC exercise or real plan invocation?

Options:

A.

Recorder.

B.

Desk secretary.

C.

Scribe.

D.

Scrum Master.

Buy Now
Questions 7

Why might the reporting of security incidents that involve personal data differ from other types of security incident?

Options:

A.

Personal data is not highly transient so its 1 investigation rarely involves the preservation of volatile memory and full forensic digital investigation.

B.

Personal data is normally handled on both IT and non-IT systems so such incidents need to be managed in two streams.

C.

Data Protection legislation normally requires the reporting of incidents involving personal data to a Supervisory Authority.

D.

Data Protection legislation is process-oriented and focuses on quality assurance of procedures and governance rather than data-focused event investigation

Buy Now
Questions 8

Which algorithm is a current specification for the encryption of electronic data established by NIST?

Options:

A.

RSA.

B.

AES.

C.

DES.

D.

PGP.

Buy Now
Questions 9

Which standards framework offers a set of IT Service Management best practices to assist organisations in aligning IT service delivery with business goals - including security goals?

Options:

A.

ITIL.

B.

SABSA.

C.

COBIT

D.

ISAGA.

Buy Now
Questions 10

Which of the following is considered to be the GREATEST risk to information systems that results from deploying end-to-end Internet of Things (IoT) solutions?

Options:

A.

Use of 'cheap" microcontroller based sensors.

B.

Much larger attack surface than traditional IT systems.

C.

Use of proprietary networking protocols between nodes.

D.

Use of cloud based systems to collect loT data.

Buy Now
Questions 11

Which of the following is often the final stage in the information management lifecycle?

Options:

A.

Disposal.

B.

Creation.

C.

Use.

D.

Publication.

Buy Now
Questions 12

In software engineering, what does 'Security by Design” mean?

Options:

A.

Low Level and High Level Security Designs are restricted in distribution.

B.

All security software artefacts are subject to a code-checking regime.

C.

The software has been designed from its inception to be secure.

D.

All code meets the technical requirements of GDPR.

Buy Now
Questions 13

What is the name of the method used to illicitly target a senior person in an organisation so as to try to coerce them Into taking an unwanted action such as a misdirected high-value payment?

Options:

A.

Whaling.

B.

Spear-phishing.

C.

C-suite spamming.

D.

Trawling.

Buy Now
Questions 14

Which security framework impacts on organisations that accept credit cards, process credit card transactions, store relevant data or transmit credit card data?

Options:

A.

PCI DSS.

B.

TOGAF.

C.

ENISA NIS.

D.

Sarbanes-Oxiey

Buy Now
Questions 15

Which security concept provides redundancy in the event a security control failure or the exploitation of a vulnerability?

Options:

A.

System Integrity.

B.

Sandboxing.

C.

Intrusion Prevention System.

D.

Defence in depth.

Buy Now
Questions 16

What physical security control would be used to broadcast false emanations to mask the presence of true electromagentic emanations from genuine computing equipment?

Options:

A.

Faraday cage.

B.

Unshielded cabling.

C.

Copper infused windows.

D.

White noise generation.

Buy Now
Questions 17

Which of the following is MOST LIKELY to be described as a consequential loss?

Options:

A.

Reputation damage.

B.

Monetary theft.

C.

Service disruption.

D.

Processing errors.

Buy Now
Questions 18

What types of web application vulnerabilities continue to be the MOST prolific according to the OWASP Top 10?

Options:

A.

Poor Password Management.

B.

Insecure Deserialsiation.

C.

Injection Flaws.

D.

Security Misconfiguration

Buy Now
Questions 19

Which of the following is the MOST important reason for undertaking Continual Professional Development (CPD) within the Information Security sphere?

Options:

A.

Professional qualification bodies demand CPD.

B.

Information Security changes constantly and at speed.

C.

IT certifications require CPD and Security needs to remain credible.

D.

CPD is a prerequisite of any Chartered Institution qualification.

Buy Now
Questions 20

Which of the following compliance legal requirements are covered by the ISO/IEC 27000 series?

1. Intellectual Property Rights.

2. Protection of Organisational Records

3. Forensic recovery of data.

4. Data Deduplication.

5. Data Protection & Privacy.

Options:

A.

1, 2 and 3

B.

3, 4 and 5

C.

2, 3 and 4

D.

1, 2 and 5

Buy Now
Questions 21

Which types of organisations are likely to be the target of DDoS attacks?

Options:

A.

Cloud service providers.

B.

Any financial sector organisations.

C.

Online retail based organisations.

D.

Any organisation with an online presence.

Buy Now
Questions 22

What aspect of an employee's contract of employment Is designed to prevent the unauthorised release of confidential data to third parties even after an employee has left their employment?

Options:

A.

Segregation of Duties.

B.

Non-disclosure.

C.

Acceptable use policy.

D.

Security clearance.

Buy Now
Questions 23

In a virtualised cloud environment, what component is responsible for the secure separation between guest machines?

Options:

A.

Guest Manager

B.

Hypervisor.

C.

Security Engine.

D.

OS Kernal

Buy Now
Questions 24

How might the effectiveness of a security awareness program be effectively measured?

1) Employees are required to take an online multiple choice exam on security principles.

2) Employees are tested with social engineering techniques by an approved penetration tester.

3) Employees practice ethical hacking techniques on organisation systems.

4) No security vulnerabilities are reported during an audit.

5) Open source intelligence gathering is undertaken on staff social media profiles.

Options:

A.

3, 4 and 5.

B.

2, 4 and 5.

C.

1, 2 and 3.

D.

1, 2 and 5.

Buy Now
Questions 25

What form of training SHOULD developers be undertaking to understand the security of the code they have written and how it can improve security defence whilst being attacked?

Options:

A.

Red Team Training.

B.

Blue Team Training.

C.

Black Hat Training.

D.

Awareness Training.

Buy Now
Questions 26

Which of the following is NOT an accepted classification of security controls?

Options:

A.

Nominative.

B.

Preventive.

C.

Detective.

D.

Corrective.

Buy Now
Questions 27

Which standard deals with the implementation of business continuity?

Options:

A.

ISO/IEC 27001

B.

COBIT

C.

IS0223G1.

D.

BS5750.

Buy Now
Questions 28

A penetration tester undertaking a port scan of a client's network, discovers a host which responds to requests on TCP ports 22, 80, 443, 3306 and 8080.

What type of device has MOST LIKELY been discovered?

Options:

A.

File server.

B.

Printer.

C.

Firewall.

D.

Web server

Buy Now
Questions 29

By what means SHOULD a cloud service provider prevent one client accessing data belonging to another in a shared server environment?

Options:

A.

By ensuring appropriate data isolation and logical storage segregation.

B.

By using a hypervisor in all shared severs.

C.

By increasing deterrent controls through warning messages.

D.

By employing intrusion detection systems in a VMs.

Buy Now
Questions 30

Which of the following international standards deals with the retention of records?

Options:

A.

PCI DSS.

B.

RFC1918.

C.

IS015489.

D.

ISO/IEC 27002.

Buy Now
Exam Code: CISMP-V9
Exam Name: BCS Foundation Certificate in Information Security Management Principles V9.0
Last Update: Dec 1, 2024
Questions: 100

PDF + Testing Engine

$66  $164.99

Testing Engine

$50  $124.99
buy now CISMP-V9 testing engine

PDF (Q&A)

$42  $104.99
buy now CISMP-V9 pdf