[Oct-2022] The BCS CISMP-V9 Exam Test For Brief Preparation [Q47-Q67]

Rate this post

[Oct-2022] The BCS CISMP-V9 Exam Test For Brief Preparation

Revolutionary Guide To Exam BCS Dumps

Q47. When establishing objectives for physical security environments, which of the following functional controls SHOULD occur first?

Delay.

Drop.

Deter.

Deny.

Q48. Which types of organisations are likely to be the target of DDoS attacks?

Cloud service providers.

Any financial sector organisations.

Online retail based organisations.

Any organisation with an online presence.

Q49. Which term is used to describe the set of processes that analyses code to ensure defined coding practices are being followed?

Quality Assurance and Control

Dynamic verification.

Static verification.

Source code analysis.

Q50. What form of risk assessment is MOST LIKELY to provide objective support for a security Return on Investment case?

ISO/IEC 27001.

Qualitative.

CPNI.

Quantitative

Q51. What form of attack against an employee has the MOST impact on their compliance with the organisation’s “code of conduct”?

Brute Force Attack.

Social Engineering.

Ransomware.

Denial of Service.

Q52. Which of the following is the MOST important reason for undertaking Continual Professional Development (CPD) within the Information Security sphere?

Professional qualification bodies demand CPD.

Information Security changes constantly and at speed.

IT certifications require CPD and Security needs to remain credible.

CPD is a prerequisite of any Chartered Institution qualification.

Q53. What are the different methods that can be used as access controls?
1. Detective.
2. Physical.
3. Reactive.
4. Virtual.
5. Preventive.

1, 2 and 4.

1, 2 and 3.

1, 2 and 5.

3, 4 and 5.

Q54. Which of the following is a framework and methodology for Enterprise Security Architecture and Service Management?

TOGAF

SABSA

PCI DSS.

OWASP.

Q55. As well as being permitted to access, create, modify and delete information, what right does an Information Owner NORMALLY have in regard to their information?

To assign access privileges to others.

To modify associated information that may lead to inappropriate disclosure.

To access information held in the same format and file structure.

To delete all indexed data in the dataset.

Q56. When handling and investigating digital evidence to be used in a criminal cybercrime investigation, which of the following principles is considered BEST practice?

Digital evidence must not be altered unless absolutely necessary.

Acquiring digital evidence cart only be carried on digital devices which have been turned off.

Digital evidence can only be handled by a member of law enforcement.

Digital devices must be forensically “clean” before investigation.

Q57. Which of the following statements relating to digital signatures is TRUE?

Digital signatures are rarely legally enforceable even if the signers know they are signing a legal document.

Digital signatures are valid and enforceable in law in most countries in the world.

Digital signatures are legal unless there is a statutory requirement that predates the digital age.

A digital signature that uses a signer’s private key is illegal.

Q58. Which of the following uses are NOT usual ways that attackers have of leveraging botnets?

Generating and distributing spam messages.

Conducting DDOS attacks.

Scanning for system & application vulnerabilities.

Undertaking vishing attacks

Q59. In a security governance framework, which of the following publications would be at the HIGHEST level?

Procedures.

Standards

Policy.

Guidelines

Q60. Which of the following statutory requirements are likely to be of relevance to all organisations no matter which sector nor geographical location they operate in?

Sarbanes-Oxley.

GDPR.

HIPAA.

FSA.

Q61. In software engineering, what does ‘Security by Design” mean?

Low Level and High Level Security Designs are restricted in distribution.

All security software artefacts are subject to a code-checking regime.

The software has been designed from its inception to be secure.

All code meets the technical requirements of GDPR.
https://en.wikipedia.org/wiki/Secure_by_design#:~:text=Secure%20by%20design%20(SBD)%2C,the%20foundation%20to%20be%20secure.&text=Malicious%20practices%20are%20taken%20for,or%20on%20invalid%20user%20input.

Q62. When calculating the risk associated with a vulnerability being exploited, how is this risk calculated?

Risk = Likelihood * Impact.

Risk = Likelihood / Impact.

Risk = Vulnerability / Threat.

Risk = Threat * Likelihood.

Q63. Which of the following controls would be the MOST relevant and effective in detecting zero day attacks?

Strong OS patch management

Vulnerability assessment

Signature-based intrusion detection.

Anomaly based intrusion detection.
https://www.sciencedirect.com/topics/computer-science/zero-day-attack

Q64. Ensuring the correctness of data inputted to a system is an example of which facet of information security?

Confidentiality.

Integrity.

Availability.

Authenticity.

Q65. What Is the PRIMARY security concern associated with the practice known as Bring Your Own Device (BYOD) that might affect a large organisation?

Most BYOD involves the use of non-Windows hardware which is intrinsically insecure and open to abuse.

The organisation has significantly less control over the device than over a corporately provided and managed device.

Privately owned end user devices are not provided with the same volume nor frequency of security patch updates as a corporation.

Under GDPR it is illegal for an individual to use a personal device when handling personal information under corporate control.

Q66. What Is the root cause as to why SMS messages are open to attackers and abuse?

The store and forward nature of SMS means it is considered a ‘fire and forget service’.

SMS technology was never intended to be used to transmit high risk content such as One-time payment codes.

The vast majority of mobile phones globally support the SMS protocol inexpensively.

There are only two mobile phone platforms – Android and iOS – reducing the number of target environments.

Q67. Which of the following is an accepted strategic option for dealing with risk?

Correction.

Detection.

Forbearance.

Acceptance

Loading …

CISMP-V9 Free Study Guide! with New Questions: https://www.real4exams.com/CISMP-V9_braindumps.html

[Oct-2022] The BCS CISMP-V9 Exam Test For Brief Preparation [Q47-Q67]

Leave a Reply Cancel reply