[Feb 09, 2023] Download Free BCS CISMP-V9 Real Exam Questions [Q19-Q34]

[Feb 09, 2023] Download Free BCS CISMP-V9 Real Exam Questions

Pass Your Exam With 100% Verified CISMP-V9 Exam Questions

NEW QUESTION 19
Which of the following is a framework and methodology for Enterprise Security Architecture and Service Management?

• A. OWASP.
• B. TOGAF
• C. SABSA
• D. PCI DSS.

Answer: C

 

NEW QUESTION 20
As well as being permitted to access, create, modify and delete information, what right does an Information Owner NORMALLY have in regard to their information?

• A. To access information held in the same format and file structure.
• B. To assign access privileges to others.
• C. To delete all indexed data in the dataset.
• D. To modify associated information that may lead to inappropriate disclosure.

Answer: D

 

NEW QUESTION 21
When considering the disposal of confidential data, equipment and storage devices, what social engineering technique SHOULD always be taken into consideration?

• A. Spear Phishing.
• B. Tailgating.
• C. Shoulder Surfing.
• D. Dumpster Diving.

Answer: A

 

NEW QUESTION 22
What term is used to describe the act of checking out a privileged account password in a manner that bypasses normal access controls procedures during a critical emergency situation?

• A. Enterprise Security Management
• B. Break Glass
• C. Multi Factor Authentication.
• D. Privileged User Gateway

Answer: C

 

NEW QUESTION 23
Which of the following acronyms covers the real-time analysis of security alerts generated by applications and network hardware?

• A. CISM.
• B. CERT
• C. SIEM.
• D. DDoS.
  https://en.wikipedia.org/wiki/Security_information_and_event_management

Answer: C

 

NEW QUESTION 24
In software engineering, what does 'Security by Design" mean?

• A. The software has been designed from its inception to be secure.
• B. All security software artefacts are subject to a code-checking regime.
• C. All code meets the technical requirements of GDPR.
  https://en.wikipedia.org/wiki/Secure_by_design#:~:text=Secure%20by%20design%20(SBD)%2C,the%20foundation%20to%20be%20secure.&text=Malicious%20practices%20are%20taken%20for,or%20on%20invalid%20user%20input.
• D. Low Level and High Level Security Designs are restricted in distribution.

Answer: A

 

NEW QUESTION 25
Which term is used to describe the set of processes that analyses code to ensure defined coding practices are being followed?

• A. Source code analysis.
• B. Dynamic verification.
• C. Quality Assurance and Control
• D. Static verification.

Answer: A

 

NEW QUESTION 26
What advantage does the delivery of online security training material have over the distribution of printed media?

• A. Updating online material requires a single edit. Printed material needs to be distributed physically.
• B. Online material is protected by international digital copyright legislation across most territories.
• C. Printed material is a 'discoverable record' and could expose the organisation to litigation in the event of an incident.
• D. Online training material is intrinsically more accurate than printed material.

Answer: D

 

NEW QUESTION 27
Which standards framework offers a set of IT Service Management best practices to assist organisations in aligning IT service delivery with business goals - including security goals?

• A. ITIL.
• B. ISAGA.
  https://www.cherwell.com/it-service-management/library/essential-guides/essential-guide-to-itil-framework-and-processes/
• C. COBIT
• D. SABSA.

Answer: A

 

NEW QUESTION 28
Which algorithm is a current specification for the encryption of electronic data established by NIST?

• A. RSA.
• B. DES.
• C. PGP.
  https://www.nist.gov/publications/advanced-encryption-standard-aes
• D. AES.

Answer: D

 

NEW QUESTION 29
Select the document that is MOST LIKELY to contain direction covering the security and utilisation of all an organisation's information and IT equipment, as well as email, internet and telephony.

• A. Security Policy Framework.
• B. Cryptographic Statement.
• C. Acceptable Usage Policy.
• D. Business Continuity Plan.

Answer: B

 

NEW QUESTION 30
According to ISO/IEC 27000, which of the following is the definition of a vulnerability?

• A. The threat that an asset or group of assets may be damaged by an exploit.
• B. The damage that has been caused by a weakness iin a system.
  Vulnerability
  A vulnerability is a weakness of an asset or control that could potentially be exploited by one or more threats.
  An asset is any tangible or intangible thing or characteristic that has value to an organization, a control is any administrative, managerial, technical, or legal method that can be used to modify or manage risk, and a threat is any potential event that could harm an organization or system.
  https://www.praxiom.com/iso-27000-definitions.htm
• C. A weakness of an asset or group of assets that can be exploited by one or more threats.
• D. The impact of a cyber attack on an asset or group of assets.

Answer: C

 

NEW QUESTION 31
What form of training SHOULD developers be undertaking to understand the security of the code they have written and how it can improve security defence whilst being attacked?

• A. Awareness Training.
• B. Red Team Training.
• C. Black Hat Training.
• D. Blue Team Training.

Answer: C

 

NEW QUESTION 32
Which types of organisations are likely to be the target of DDoS attacks?

• A. Online retail based organisations.
• B. Any organisation with an online presence.
• C. Any financial sector organisations.
• D. Cloud service providers.

Answer: B

 

NEW QUESTION 33
Which standard deals with the implementation of business continuity?

• A. IS0223G1.
• B. ISO/IEC 27001
• C. COBIT
• D. BS5750.

Answer: B

 

NEW QUESTION 34
......

CISMP-V9 Dumps 100 Pass Guarantee With Latest Demo: https://www.testinsides.top/CISMP-V9-dumps-review.html

CISMP-V9 Dumps PDF - CISMP-V9 Real Exam Questions Answers: https://drive.google.com/open?id=1NoOS4aLkp4vjgcP2ArVTHHfdbVshFTEv