• Home
  • Articles
  • BCS New 2022 CISMP-V9 Sample Questions Reliable CISMP-V9 Test Engine [Q20-Q36]

BCS New 2022 CISMP-V9 Sample Questions Reliable CISMP-V9 Test Engine [Q20-Q36]

Share

BCS New 2022 CISMP-V9 Sample Questions Reliable CISMP-V9 Test Engine

Feel BCS CISMP-V9 Dumps PDF Will likely be The best Option

NEW QUESTION 20
Why might the reporting of security incidents that involve personal data differ from other types of security incident?

  • A. Personal data is normally handled on both IT and non-IT systems so such incidents need to be managed in two streams.
  • B. Personal data is not highly transient so its 1 investigation rarely involves the preservation of volatile memory and full forensic digital investigation.
  • C. Data Protection legislation normally requires the reporting of incidents involving personal data to a Supervisory Authority.
  • D. Data Protection legislation is process-oriented and focuses on quality assurance of procedures and governance rather than data-focused event investigation

Answer: D

 

NEW QUESTION 21
Which term describes a vulnerability that is unknown and therefore has no mitigating control which is immediately and generally available?

  • A. Stealthware.
  • B. Zero-day.
    https://en.wikipedia.org/wiki/Zero-day_(computing)
  • C. Advanced Persistent Threat.
  • D. Trojan.

Answer: B

 

NEW QUESTION 22
When undertaking disaster recovery planning, which of the following would NEVER be considered a "natural" disaster?

  • A. Lightning Strike
  • B. Electromagnetic pulse
  • C. Tsunami.
  • D. Arson.

Answer: B

 

NEW QUESTION 23
Which of the following is MOST LIKELY to be described as a consequential loss?

  • A. Service disruption.
  • B. Reputation damage.
  • C. Processing errors.
  • D. Monetary theft.

Answer: B

 

NEW QUESTION 24
What term is used to describe the testing of a continuity plan through a written scenario being used as the basis for discussion and simulation?

  • A. Desk-top exercise.
  • B. Non-dynamic modeling
  • C. Fault stressing
  • D. End-to-end testing.

Answer: A

 

NEW QUESTION 25
In terms of security culture, what needs to be carried out as an integral part of security by all members of an organisation and is an essential component to any security regime?

  • A. Access denial measures
  • B. Appropriate behaviours.
  • C. The 'need to known principle.
  • D. Verification of visitor's ID

Answer: A

 

NEW QUESTION 26
In order to maintain the currency of risk countermeasures, how often SHOULD an organisation review these risks?

  • A. Risks remain under constant review.
  • B. A maximum of once every other month.
  • C. When the next risk audit is due.
  • D. Once defined, they do not need reviewing.

Answer: A

 

NEW QUESTION 27
What types of web application vulnerabilities continue to be the MOST prolific according to the OWASP Top 10?

  • A. Poor Password Management.
  • B. Insecure Deserialsiation.
  • C. Injection Flaws.
  • D. Security Misconfiguration

Answer: C

 

NEW QUESTION 28
Which of the following is the MOST important reason for undertaking Continual Professional Development (CPD) within the Information Security sphere?

  • A. IT certifications require CPD and Security needs to remain credible.
  • B. Information Security changes constantly and at speed.
  • C. Professional qualification bodies demand CPD.
  • D. CPD is a prerequisite of any Chartered Institution qualification.

Answer: B

 

NEW QUESTION 29
When considering the disposal of confidential data, equipment and storage devices, what social engineering technique SHOULD always be taken into consideration?

  • A. Dumpster Diving.
  • B. Tailgating.
  • C. Shoulder Surfing.
  • D. Spear Phishing.

Answer: D

 

NEW QUESTION 30
Why should a loading bay NEVER be used as a staff entrance?

  • A. Staff should always enter a facility via a dedicated entrance to ensure smooth access and egress.
  • B. Most countries have specific legislation covering loading bays and breaching this could impact on insurance status.
  • C. Loading bays are often dirty places, and staff could find their clothing damaged or made less appropriate for the office.
  • D. Loading bays are intrinsically vulnerable, so minimising the people traffic makes securing the areas easier and more effective.

Answer: A

 

NEW QUESTION 31
Which of the following describes a qualitative risk assessment approach?

  • A. A subjective assessment of risk occurrence likelihood against the potential impact that determines the overall severity of a risk.
  • B. The use of Risk Tolerance and Risk Appetite values to determine the overall severity of a risk
  • C. The use of Monte-Carlo Analysis and Layers of Protection Analysis (LOPA) to determine the overall severity of a risk.
  • D. The use of verifiable data to predict the risk occurrence likelihood and the potential impact so as to determine the overall severity of a risk.

Answer: C

 

NEW QUESTION 32
A system administrator has created the following "array" as an access control for an organisation.
Developers: create files, update files.
Reviewers: upload files, update files.
Administrators: upload files, delete fifes, update files.
What type of access-control has just been created?

  • A. Task based access control.
  • B. Mandatory access control.
  • C. Rule based access control.
  • D. Role based access control.

Answer: C

 

NEW QUESTION 33
In business continuity, what is a battle box?

  • A. An armoured box that holds all an organisation's backup databases.
  • B. A list of names and addresses of staff to be utilised should industrial action prevent access to a building.
    http://www.battlebox.biz/why.asp
  • C. A portable container that holds Items and information useful in the event of an organisational disaster.
  • D. A collection of tools and protective equipment to be used in the event of civil disturbance.

Answer: C

 

NEW QUESTION 34
Which of the following is an asymmetric encryption algorithm?

  • A. AES.
  • B. DES.
  • C. RSA.
    https://www.omnisecu.com/security/public-key-infrastructure/asymmetric-encryption-algorithms.php
  • D. ATM.

Answer: C

 

NEW QUESTION 35
What Is the root cause as to why SMS messages are open to attackers and abuse?

  • A. SMS technology was never intended to be used to transmit high risk content such as One-time payment codes.
  • B. The store and forward nature of SMS means it is considered a 'fire and forget service'.
  • C. There are only two mobile phone platforms - Android and iOS - reducing the number of target environments.
  • D. The vast majority of mobile phones globally support the SMS protocol inexpensively.

Answer: A

 

NEW QUESTION 36
......

Use Valid New CISMP-V9 Test Notes & CISMP-V9 Valid Exam Guide: https://www.passleadervce.com/Information-security-and-CCP-scheme-certifications/reliable-CISMP-V9-exam-learning-guide.html

CISMP-V9 exam torrent BCS study guide: https://drive.google.com/open?id=1Oi6uPzwui6KOk_BgM-XbGmkAa2VZTUU5 

Related Articles

more
BCS CISMP-V9 Certification Practice Exam