• Home
  • Articles
  • [Dec 17, 2021] Free BCS CISMP-V9 Exam Questions & Answer [Q13-Q35]

[Dec 17, 2021] Free BCS CISMP-V9 Exam Questions & Answer [Q13-Q35]

Share

[Dec 17, 2021] Free BCS CISMP-V9  Exam Questions & Answer

Verified CISMP-V9 dumps Q&As Latest CISMP-V9  Download

NEW QUESTION 13
What Is the first yet MOST simple and important action to take when setting up a new web server?

  • A. Apply hardening to all applications.
  • B. Patch the OS to the latest version
  • C. Change default system passwords.
  • D. Fully encrypt the hard disk.

Answer: A

 

NEW QUESTION 14
As well as being permitted to access, create, modify and delete information, what right does an Information Owner NORMALLY have in regard to their information?

  • A. To assign access privileges to others.
  • B. To access information held in the same format and file structure.
  • C. To delete all indexed data in the dataset.
  • D. To modify associated information that may lead to inappropriate disclosure.

Answer: D

 

NEW QUESTION 15
What does a penetration test do that a Vulnerability Scan does NOT?

  • A. A penetration test never uses common tools such as Nrnap, Nessus and Metasploit.
  • B. A penetration test looks for known vulnerabilities and reports them without further action.
  • C. A penetration test is always an automated process - a vulnerability scan never is.
  • D. A penetration test seeks to actively exploit any known or discovered vulnerabilities.

Answer: B

 

NEW QUESTION 16
Which of the following international standards deals with the retention of records?

  • A. ISO/IEC 27002.
  • B. IS015489.
  • C. PCI DSS.
  • D. RFC1918.

Answer: B

 

NEW QUESTION 17
Why might the reporting of security incidents that involve personal data differ from other types of security incident?

  • A. Personal data is not highly transient so its 1 investigation rarely involves the preservation of volatile memory and full forensic digital investigation.
  • B. Personal data is normally handled on both IT and non-IT systems so such incidents need to be managed in two streams.
  • C. Data Protection legislation is process-oriented and focuses on quality assurance of procedures and governance rather than data-focused event investigation
  • D. Data Protection legislation normally requires the reporting of incidents involving personal data to a Supervisory Authority.

Answer: C

 

NEW QUESTION 18
Which algorithm is a current specification for the encryption of electronic data established by NIST?

  • A. DES.
  • B. RSA.
  • C. AES.
  • D. PGP.
    https://www.nist.gov/publications/advanced-encryption-standard-aes

Answer: C

 

NEW QUESTION 19
When seeking third party digital forensics services, what two attributes should one seek when making a choice of service provider?

  • A. Appropriate company accreditation and staff certification.
  • B. Affiliation with local law enforcement bodies and local government regulations.
  • C. Formal certification to ISO/IEC 27001 and alignment with ISO 17025.
  • D. Clean credit references as well as international experience.

Answer: C

 

NEW QUESTION 20
What Is the PRIMARY security concern associated with the practice known as Bring Your Own Device (BYOD) that might affect a large organisation?

  • A. Privately owned end user devices are not provided with the same volume nor frequency of security patch updates as a corporation.
  • B. The organisation has significantly less control over the device than over a corporately provided and managed device.
  • C. Under GDPR it is illegal for an individual to use a personal device when handling personal information under corporate control.
  • D. Most BYOD involves the use of non-Windows hardware which is intrinsically insecure and open to abuse.

Answer: D

 

NEW QUESTION 21
Once data has been created In a standard information lifecycle, what step TYPICALLY happens next?

  • A. Data Archiving.
  • B. Data Publication
  • C. Data Deletion.
  • D. Data Storage.

Answer: C

 

NEW QUESTION 22
Which of the following is NOT a valid statement to include in an organisation's security policy?

  • A. The policy has the support of Board and the Chief Executive.
  • B. The compliance with legal and regulatory obligations.
  • C. How the organisation will manage information assurance.
  • D. The policy has been agreed and amended to suit all third party contractors.

Answer: C

 

NEW QUESTION 23
Which of the following statutory requirements are likely to be of relevance to all organisations no matter which sector nor geographical location they operate in?

  • A. FSA.
  • B. GDPR.
  • C. Sarbanes-Oxley.
  • D. HIPAA.

Answer: A

 

NEW QUESTION 24
In software engineering, what does 'Security by Design" mean?

  • A. All code meets the technical requirements of GDPR.
    https://en.wikipedia.org/wiki/Secure_by_design#:~:text=Secure%20by%20design%20(SBD)%2C,the%20foundation%20to%20be%20secure.&text=Malicious%20practices%20are%20taken%20for,or%20on%20invalid%20user%20input.
  • B. The software has been designed from its inception to be secure.
  • C. All security software artefacts are subject to a code-checking regime.
  • D. Low Level and High Level Security Designs are restricted in distribution.

Answer: B

 

NEW QUESTION 25
What aspect of an employee's contract of employment Is designed to prevent the unauthorised release of confidential data to third parties even after an employee has left their employment?

  • A. Non-disclosure.
  • B. Segregation of Duties.
  • C. Security clearance.
  • D. Acceptable use policy.

Answer: A

 

NEW QUESTION 26
When handling and investigating digital evidence to be used in a criminal cybercrime investigation, which of the following principles is considered BEST practice?

  • A. Digital evidence must not be altered unless absolutely necessary.
  • B. Digital evidence can only be handled by a member of law enforcement.
  • C. Acquiring digital evidence cart only be carried on digital devices which have been turned off.
  • D. Digital devices must be forensically "clean" before investigation.

Answer: D

 

NEW QUESTION 27
Which of the following is an asymmetric encryption algorithm?

  • A. RSA.
    https://www.omnisecu.com/security/public-key-infrastructure/asymmetric-encryption-algorithms.php
  • B. AES.
  • C. DES.
  • D. ATM.

Answer: A

 

NEW QUESTION 28
Which of the following is often the final stage in the information management lifecycle?

  • A. Use.
  • B. Creation.
  • C. Disposal.
  • D. Publication.
    https://timg.co.nz/blog-the-information-management-life-cycle/

Answer: C

 

NEW QUESTION 29
Which of the following is LEASTLIKELY to be the result of a global pandemic impacting on information security?

  • A. A large increase in remote workers operating in insecure premises.
  • B. Increased demand on service desks as users need additional tools such as VPNs.
  • C. Additional physical security requirements at data centres and corporate headquarters.
  • D. An upsurge in activity by attackers seeking vulnerabilities caused by operational changes.

Answer: B

 

NEW QUESTION 30
In terms of security culture, what needs to be carried out as an integral part of security by all members of an organisation and is an essential component to any security regime?

  • A. Verification of visitor's ID
  • B. Appropriate behaviours.
  • C. The 'need to known principle.
  • D. Access denial measures

Answer: D

 

NEW QUESTION 31
When an organisation decides to operate on the public cloud, what does it lose?

  • A. Control over Intellectual Property Rights relating to its applications.
  • B. The right to audit and monitor access to its information.
  • C. Physical access to the servers hosting its information.
  • D. The ability to determine in which geographies the information is stored.

Answer: B

 

NEW QUESTION 32
Geoff wants to ensure the application of consistent security settings to devices used throughout his organisation whether as part of a mobile computing or a BYOD approach.
What technology would be MOST beneficial to his organisation?

  • A. VPN.
  • B. MDM.
  • C. IDS.
  • D. SIEM.

Answer: B

 

NEW QUESTION 33
What Is the KEY purpose of appending security classification labels to information?

  • A. To comply with whatever mandatory security policy framework is in place within the geographical location in question.
  • B. To make sure the correct colour-coding system is used when the information is ready for archive.
  • C. To provide guidance and instruction on implementing appropriate security controls to protect the information.
  • D. To ensure that should the information be lost in transit, it can be returned to the originator using the correct protocols.

Answer: C

 

NEW QUESTION 34
What Is the PRIMARY reason for organisations obtaining outsourced managed security services?

  • A. Managed security services permit organisations to absolve themselves of responsibility for security.
  • B. Managed security services are a de facto requirement for certification to core security standards such as ISG/IEC 27001
  • C. Managed security services provide access to specialist security tools and expertise on a shared, cost-effective basis.
  • D. Managed security services are a powerful defence against litigation in the event of a security breach or incident

Answer: A

 

NEW QUESTION 35
......

Use Real Dumps - 100% Free CISMP-V9 Exam Dumps: https://www.actual4exams.com/CISMP-V9-valid-dump.html

Updated 100% Cover Real CISMP-V9 Exam Questions - 100% Pass Guarantee: https://drive.google.com/open?id=1i20ixEDqcQ204vPhXtLBY2_QLu3lVx_i 

Related Articles

more
BCS CISMP-V9 Certification Practice Exam

Take our exam training material as your study reference, and pass your exam with the help of our actual exam dumps. When you choose our latest exam torrent, you will get your IT certification with more confident and more ease.

Latest Actual Exam Dump

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2024 Actual4Exams NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy