New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

CISMP-V9 BCS Foundation Certificate in Information Security Management Principles V9.0 Questions and Answers

Questions 4

For which security-related reason SHOULD staff monitoring critical CCTV systems be rotated regularly during each work session?

Options:

A.

To reduce the chance of collusion between security staff and those being monitored.

B.

To give experience to monitoring staff across a range of activities for training purposes.

C.

Health and Safety regulations demand that staff are rotated to prevent posture and vision related harm.

D.

The human attention span during intense monitoring sessions is about 20 minutes.

Buy Now
Questions 5

Which of the following statements relating to digital signatures is TRUE?

Options:

A.

Digital signatures are rarely legally enforceable even if the signers know they are signing a legal document.

B.

Digital signatures are valid and enforceable in law in most countries in the world.

C.

Digital signatures are legal unless there is a statutory requirement that predates the digital age.

D.

A digital signature that uses a signer’s private key is illegal.

Buy Now
Questions 6

Which type of facility is enabled by a contract with an alternative data processing facility which will provide HVAC, power and communications infrastructure as well computing hardware and a duplication of organisations existing "live" data?

Options:

A.

Cold site.

B.

Warm site.

C.

Hot site.

D.

Spare site

Buy Now
Questions 7

Select the document that is MOST LIKELY to contain direction covering the security and utilisation of all an organisation's information and IT equipment, as well as email, internet and telephony.

Options:

A.

Cryptographic Statement.

B.

Security Policy Framework.

C.

Acceptable Usage Policy.

D.

Business Continuity Plan.

Buy Now
Questions 8

Which of the following acronyms covers the real-time analysis of security alerts generated by applications and network hardware?

Options:

A.

CERT

B.

SIEM.

C.

CISM.

D.

DDoS.

Buy Now
Questions 9

Which of the following is the MOST important reason for undertaking Continual Professional Development (CPD) within the Information Security sphere?

Options:

A.

Professional qualification bodies demand CPD.

B.

Information Security changes constantly and at speed.

C.

IT certifications require CPD and Security needs to remain credible.

D.

CPD is a prerequisite of any Chartered Institution qualification.

Buy Now
Questions 10

What type of attack could directly affect the confidentiality of an unencrypted VoIP network?

Options:

A.

Packet Sniffing.

B.

Brute Force Attack.

C.

Ransomware.

D.

Vishing Attack

Buy Now
Questions 11

Which membership based organisation produces international standards, which cover good practice for information assurance?

Options:

A.

BSI.

B.

IETF.

C.

OWASP.

D.

ISF.

Buy Now
Questions 12

A system administrator has created the following "array" as an access control for an organisation.

Developers: create files, update files.

Reviewers: upload files, update files.

Administrators: upload files, delete fifes, update files.

What type of access-control has just been created?

Options:

A.

Task based access control.

B.

Role based access control.

C.

Rule based access control.

D.

Mandatory access control.

Buy Now
Questions 13

Which algorithm is a current specification for the encryption of electronic data established by NIST?

Options:

A.

RSA.

B.

AES.

C.

DES.

D.

PGP.

Buy Now
Questions 14

James is working with a software programme that completely obfuscates the entire source code, often in the form of a binary executable making it difficult to inspect, manipulate or reverse engineer the original source code.

What type of software programme is this?

Options:

A.

Free Source.

B.

Proprietary Source.

C.

Interpreted Source.

D.

Open Source.

Buy Now
Questions 15

In a virtualised cloud environment, what component is responsible for the secure separation between guest machines?

Options:

A.

Guest Manager

B.

Hypervisor.

C.

Security Engine.

D.

OS Kernal

Buy Now
Questions 16

Which security concept provides redundancy in the event a security control failure or the exploitation of a vulnerability?

Options:

A.

System Integrity.

B.

Sandboxing.

C.

Intrusion Prevention System.

D.

Defence in depth.

Buy Now
Questions 17

Why might the reporting of security incidents that involve personal data differ from other types of security incident?

Options:

A.

Personal data is not highly transient so its 1 investigation rarely involves the preservation of volatile memory and full forensic digital investigation.

B.

Personal data is normally handled on both IT and non-IT systems so such incidents need to be managed in two streams.

C.

Data Protection legislation normally requires the reporting of incidents involving personal data to a Supervisory Authority.

D.

Data Protection legislation is process-oriented and focuses on quality assurance of procedures and governance rather than data-focused event investigation

Buy Now
Questions 18

Which of the following cloud delivery models is NOT intrinsically "trusted" in terms of security by clients using the service?

Options:

A.

Public.

B.

Private.

C.

Hybrid.

D.

Community

Buy Now
Questions 19

A security analyst has been asked to provide a triple A service (AAA) for both wireless and remote access network services in an organization and must avoid using proprietary solutions.

What technology SHOULD they adapt?

Options:

A.

TACACS+

B.

RADIUS.

C.

Oauth.

D.

MS Access Database.

Buy Now
Questions 20

Which of the following is considered to be the GREATEST risk to information systems that results from deploying end-to-end Internet of Things (IoT) solutions?

Options:

A.

Use of 'cheap" microcontroller based sensors.

B.

Much larger attack surface than traditional IT systems.

C.

Use of proprietary networking protocols between nodes.

D.

Use of cloud based systems to collect loT data.

Buy Now
Questions 21

Which term is used to describe the set of processes that analyses code to ensure defined coding practices are being followed?

Options:

A.

Quality Assurance and Control

B.

Dynamic verification.

C.

Static verification.

D.

Source code analysis.

Buy Now
Questions 22

When handling and investigating digital evidence to be used in a criminal cybercrime investigation, which of the following principles is considered BEST practice?

Options:

A.

Digital evidence must not be altered unless absolutely necessary.

B.

Acquiring digital evidence cart only be carried on digital devices which have been turned off.

C.

Digital evidence can only be handled by a member of law enforcement.

D.

Digital devices must be forensically "clean" before investigation.

Buy Now
Questions 23

In order to better improve the security culture within an organisation with a top down approach, which of the following actions at board level is the MOST effective?

Options:

A.

Appointment of a Chief Information Security Officer (CISO).

B.

Purchasing all senior executives personal firewalls.

C.

Adopting an organisation wide "clear desk" policy.

D.

Developing a security awareness e-learning course.

Buy Now
Questions 24

Which of the following is NOT an accepted classification of security controls?

Options:

A.

Nominative.

B.

Preventive.

C.

Detective.

D.

Corrective.

Buy Now
Questions 25

What does a penetration test do that a Vulnerability Scan does NOT?

Options:

A.

A penetration test seeks to actively exploit any known or discovered vulnerabilities.

B.

A penetration test looks for known vulnerabilities and reports them without further action.

C.

A penetration test is always an automated process - a vulnerability scan never is.

D.

A penetration test never uses common tools such as Nrnap, Nessus and Metasploit.

Buy Now
Questions 26

Which of the following is LEASTLIKELY to be the result of a global pandemic impacting on information security?

Options:

A.

A large increase in remote workers operating in insecure premises.

B.

Additional physical security requirements at data centres and corporate headquarters.

C.

Increased demand on service desks as users need additional tools such as VPNs.

D.

An upsurge in activity by attackers seeking vulnerabilities caused by operational changes.

Buy Now
Questions 27

Geoff wants to ensure the application of consistent security settings to devices used throughout his organisation whether as part of a mobile computing or a BYOD approach.

What technology would be MOST beneficial to his organisation?

Options:

A.

VPN.

B.

IDS.

C.

MDM.

D.

SIEM.

Buy Now
Questions 28

What Is the KEY purpose of appending security classification labels to information?

Options:

A.

To provide guidance and instruction on implementing appropriate security controls to protect the information.

B.

To comply with whatever mandatory security policy framework is in place within the geographical location in question.

C.

To ensure that should the information be lost in transit, it can be returned to the originator using the correct protocols.

D.

To make sure the correct colour-coding system is used when the information is ready for archive.

Buy Now
Questions 29

Which of the following compliance legal requirements are covered by the ISO/IEC 27000 series?

1. Intellectual Property Rights.

2. Protection of Organisational Records

3. Forensic recovery of data.

4. Data Deduplication.

5. Data Protection & Privacy.

Options:

A.

1, 2 and 3

B.

3, 4 and 5

C.

2, 3 and 4

D.

1, 2 and 5

Buy Now
Questions 30

When considering the disposal of confidential data, equipment and storage devices, what social engineering technique SHOULD always be taken into consideration?

Options:

A.

Spear Phishing.

B.

Shoulder Surfing.

C.

Dumpster Diving.

D.

Tailgating.

Buy Now
Exam Code: CISMP-V9
Exam Name: BCS Foundation Certificate in Information Security Management Principles V9.0
Last Update: Dec 25, 2024
Questions: 100
CISMP-V9 pdf

CISMP-V9 PDF

$25.5  $84.99
CISMP-V9 Engine

CISMP-V9 Testing Engine

$30  $99.99
CISMP-V9 PDF + Engine

CISMP-V9 PDF + Testing Engine

$40.5  $134.99