• Home
  • Articles
  • New 2022 CISMP-V9 Dumps for Information security and CCP scheme certifications Certified Exam Questions & Answer [Q33-Q52]

New 2022 CISMP-V9 Dumps for Information security and CCP scheme certifications Certified Exam Questions & Answer [Q33-Q52]

Share

New 2022 CISMP-V9 Dumps for Information security and CCP scheme certifications Certified Exam Questions and Answer

Realistic Verified CISMP-V9 exam dumps Q&As - CISMP-V9 Free Update


Prerequisites of BCS CISMP-V9 Certification Exam

BCS CISMP-V9 certification exam is a dual certification where one certification required for job roles includes the information/information security area, and another requirement required for higher-level positions in information security includes the entire cybersecurity spectrum.

BCS CISMP-V9 certification exam is a professional-level security certification and an industry-recognized certification. This is a global program for information security professionals.

It is required by the whole spectrum of information security professionals in the field of information security, from Computer Network Administration (CNA) to Chief Information Security Officer (CISO). Therefore, many people are going to invest in the BCS CISMP-V9 certification exam.

 

NEW QUESTION 33
Which cryptographic protocol preceded Transport Layer Security (TLS)?

  • A. Secure Sockets Layer (SSL).
  • B. Public Key Infrastructure (PKI).
  • C. Simple Network Management Protocol (SNMP).
  • D. Hypertext Transfer Protocol Secure (HTTPS)

Answer: A

 

NEW QUESTION 34
Why might the reporting of security incidents that involve personal data differ from other types of security incident?

  • A. Data Protection legislation normally requires the reporting of incidents involving personal data to a Supervisory Authority.
  • B. Data Protection legislation is process-oriented and focuses on quality assurance of procedures and governance rather than data-focused event investigation
  • C. Personal data is not highly transient so its 1 investigation rarely involves the preservation of volatile memory and full forensic digital investigation.
  • D. Personal data is normally handled on both IT and non-IT systems so such incidents need to be managed in two streams.

Answer: B

 

NEW QUESTION 35
Which term describes a vulnerability that is unknown and therefore has no mitigating control which is immediately and generally available?

  • A. Trojan.
  • B. Stealthware.
  • C. Zero-day.
    https://en.wikipedia.org/wiki/Zero-day_(computing)
  • D. Advanced Persistent Threat.

Answer: C

 

NEW QUESTION 36
Which of the following is MOST LIKELY to be described as a consequential loss?

  • A. Service disruption.
  • B. Reputation damage.
  • C. Processing errors.
  • D. Monetary theft.

Answer: B

 

NEW QUESTION 37
When securing a wireless network, which of the following is NOT best practice?

  • A. Using WPA encryption on the wireless network.
  • B. Dedicating an access point on a dedicated VLAN connected to a firewall.
  • C. Use MAC tittering on a SOHO network with a smart group of clients.
  • D. Turning on SSID broadcasts to advertise security levels.

Answer: B

 

NEW QUESTION 38
Which type of facility is enabled by a contract with an alternative data processing facility which will provide HVAC, power and communications infrastructure as well computing hardware and a duplication of organisations existing "live" data?

  • A. Hot site.
  • B. Spare site
  • C. Warm site.
  • D. Cold site.

Answer: D

 

NEW QUESTION 39
A security analyst has been asked to provide a triple A service (AAA) for both wireless and remote access network services in an organization and must avoid using proprietary solutions.
What technology SHOULD they adapt?

  • A. MS Access Database.
  • B. RADIUS.
  • C. TACACS+
  • D. Oauth.

Answer: D

 

NEW QUESTION 40
How does the use of a "single sign-on" access control policy improve the security for an organisation implementing the policy?

  • A. Decreases the complexity of passwords users have to remember.
  • B. Helps prevent the likelihood of users writing down passwords.
  • C. Access control logs are centrally located.
  • D. Password is better encrypted for system authentication.

Answer: C

 

NEW QUESTION 41
Which of the following types of organisation could be considered the MOST at risk from the theft of electronic based credit card data?

  • A. Traditional market trader.
  • B. Online retailer.
  • C. Agricultural producer.
  • D. Mail delivery business.

Answer: B

 

NEW QUESTION 42
What Is the PRIMARY security concern associated with the practice known as Bring Your Own Device (BYOD) that might affect a large organisation?

  • A. Under GDPR it is illegal for an individual to use a personal device when handling personal information under corporate control.
  • B. The organisation has significantly less control over the device than over a corporately provided and managed device.
  • C. Privately owned end user devices are not provided with the same volume nor frequency of security patch updates as a corporation.
  • D. Most BYOD involves the use of non-Windows hardware which is intrinsically insecure and open to abuse.

Answer: D

 

NEW QUESTION 43
In software engineering, what does 'Security by Design" mean?

  • A. Low Level and High Level Security Designs are restricted in distribution.
  • B. All security software artefacts are subject to a code-checking regime.
  • C. All code meets the technical requirements of GDPR.
    https://en.wikipedia.org/wiki/Secure_by_design#:~:text=Secure%20by%20design%20(SBD)%2C,the%20foundation%20to%20be%20secure.&text=Malicious%20practices%20are%20taken%20for,or%20on%20invalid%20user%20input.
  • D. The software has been designed from its inception to be secure.

Answer: D

 

NEW QUESTION 44
What Is the first yet MOST simple and important action to take when setting up a new web server?

  • A. Patch the OS to the latest version
  • B. Change default system passwords.
  • C. Apply hardening to all applications.
  • D. Fully encrypt the hard disk.

Answer: C

 

NEW QUESTION 45
In business continuity, what is a battle box?

  • A. A collection of tools and protective equipment to be used in the event of civil disturbance.
  • B. A list of names and addresses of staff to be utilised should industrial action prevent access to a building.
    http://www.battlebox.biz/why.asp
  • C. An armoured box that holds all an organisation's backup databases.
  • D. A portable container that holds Items and information useful in the event of an organisational disaster.

Answer: D

 

NEW QUESTION 46
Which of the following is considered to be the GREATEST risk to information systems that results from deploying end-to-end Internet of Things (IoT) solutions?

  • A. Use of cloud based systems to collect loT data.
  • B. Much larger attack surface than traditional IT systems.
  • C. Use of proprietary networking protocols between nodes.
  • D. Use of 'cheap" microcontroller based sensors.

Answer: A

 

NEW QUESTION 47
Which of the following is NOT an information security specific vulnerability?

  • A. Use of HTTP based Apache web server.
  • B. Use of an unlocked filing cabinet.
  • C. Confidential data stored in a fire safe.
  • D. Unpatched Windows operating system.

Answer: A

 

NEW QUESTION 48
What term is used to describe the testing of a continuity plan through a written scenario being used as the basis for discussion and simulation?

  • A. Non-dynamic modeling
  • B. Fault stressing
  • C. End-to-end testing.
  • D. Desk-top exercise.

Answer: D

 

NEW QUESTION 49
When an organisation decides to operate on the public cloud, what does it lose?

  • A. Physical access to the servers hosting its information.
  • B. Control over Intellectual Property Rights relating to its applications.
  • C. The right to audit and monitor access to its information.
  • D. The ability to determine in which geographies the information is stored.

Answer: C

 

NEW QUESTION 50
A system administrator has created the following "array" as an access control for an organisation.
Developers: create files, update files.
Reviewers: upload files, update files.
Administrators: upload files, delete fifes, update files.
What type of access-control has just been created?

  • A. Rule based access control.
  • B. Task based access control.
  • C. Role based access control.
  • D. Mandatory access control.

Answer: A

 

NEW QUESTION 51
Select the document that is MOST LIKELY to contain direction covering the security and utilisation of all an organisation's information and IT equipment, as well as email, internet and telephony.

  • A. Business Continuity Plan.
  • B. Security Policy Framework.
  • C. Acceptable Usage Policy.
  • D. Cryptographic Statement.

Answer: D

 

NEW QUESTION 52
......

Use Real CISMP-V9 Dumps - 100% Free CISMP-V9 Exam Dumps: https://www.passleadervce.com/Information-security-and-CCP-scheme-certifications/reliable-CISMP-V9-exam-learning-guide.html

CISMP-V9 Exam Dumps, Test Engine Practice Test Questions: https://drive.google.com/open?id=13A2sFf9P1MEcgIUMXci_aqLmOvLJgAEe

Related Articles

more
BCS CISMP-V9 Certification Practice Exam