• Home
  • Articles
  • [2021] Use Real BCS Dumps - 100% Free CISMP-V9 Exam Dumps [Q37-Q59]

[2021] Use Real BCS Dumps - 100% Free CISMP-V9 Exam Dumps [Q37-Q59]

Share

[2021] Use Real BCS Dumps - 100% Free CISMP-V9 Exam Dumps

Realistic CISMP-V9 Dumps Latest BCS Practice Tests Dumps

NEW QUESTION 37
Which of the following is NOT considered to be a form of computer misuse?

  • A. Illegal access to computer systems.
  • B. Illegal interception of information.
  • C. Illegal retention of personal data.
  • D. Downloading of pirated software.

Answer: C

 

NEW QUESTION 38
What aspect of an employee's contract of employment Is designed to prevent the unauthorised release of confidential data to third parties even after an employee has left their employment?

  • A. Segregation of Duties.
  • B. Acceptable use policy.
  • C. Security clearance.
  • D. Non-disclosure.

Answer: D

 

NEW QUESTION 39
Which of the following describes a qualitative risk assessment approach?

  • A. A subjective assessment of risk occurrence likelihood against the potential impact that determines the overall severity of a risk.
  • B. The use of Risk Tolerance and Risk Appetite values to determine the overall severity of a risk
  • C. The use of Monte-Carlo Analysis and Layers of Protection Analysis (LOPA) to determine the overall severity of a risk.
  • D. The use of verifiable data to predict the risk occurrence likelihood and the potential impact so as to determine the overall severity of a risk.

Answer: C

 

NEW QUESTION 40
Which of the following controls would be the MOST relevant and effective in detecting zero day attacks?

  • A. Vulnerability assessment
  • B. Strong OS patch management
  • C. Signature-based intrusion detection.
  • D. Anomaly based intrusion detection.
    https://www.sciencedirect.com/topics/computer-science/zero-day-attack

Answer: A

 

NEW QUESTION 41
What physical security control would be used to broadcast false emanations to mask the presence of true electromagentic emanations from genuine computing equipment?

  • A. White noise generation.
  • B. Unshielded cabling.
  • C. Faraday cage.
  • D. Copper infused windows.

Answer: B

 

NEW QUESTION 42
For which security-related reason SHOULD staff monitoring critical CCTV systems be rotated regularly during each work session?

  • A. The human attention span during intense monitoring sessions is about 20 minutes.
  • B. To give experience to monitoring staff across a range of activities for training purposes.
  • C. Health and Safety regulations demand that staff are rotated to prevent posture and vision related harm.
  • D. To reduce the chance of collusion between security staff and those being monitored.

Answer: A

 

NEW QUESTION 43
Which of the following uses are NOT usual ways that attackers have of leveraging botnets?

  • A. Conducting DDOS attacks.
  • B. Generating and distributing spam messages.
  • C. Undertaking vishing attacks
  • D. Scanning for system & application vulnerabilities.

Answer: C

 

NEW QUESTION 44
Which term is used to describe the set of processes that analyses code to ensure defined coding practices are being followed?

  • A. Source code analysis.
  • B. Quality Assurance and Control
  • C. Dynamic verification.
  • D. Static verification.

Answer: A

 

NEW QUESTION 45
In software engineering, what does 'Security by Design" mean?

  • A. All security software artefacts are subject to a code-checking regime.
  • B. All code meets the technical requirements of GDPR.
    https://en.wikipedia.org/wiki/Secure_by_design#:~:text=Secure%20by%20design%20(SBD)%2C,the%20foundation%20to%20be%20secure.&text=Malicious%20practices%20are%20taken%20for,or%20on%20invalid%20user%20input.
  • C. The software has been designed from its inception to be secure.
  • D. Low Level and High Level Security Designs are restricted in distribution.

Answer: C

 

NEW QUESTION 46
When securing a wireless network, which of the following is NOT best practice?

  • A. Turning on SSID broadcasts to advertise security levels.
  • B. Using WPA encryption on the wireless network.
  • C. Dedicating an access point on a dedicated VLAN connected to a firewall.
  • D. Use MAC tittering on a SOHO network with a smart group of clients.

Answer: C

 

NEW QUESTION 47
In a security governance framework, which of the following publications would be at the HIGHEST level?

  • A. Policy.
  • B. Guidelines
  • C. Standards
  • D. Procedures.

Answer: D

 

NEW QUESTION 48
What Is the PRIMARY security concern associated with the practice known as Bring Your Own Device (BYOD) that might affect a large organisation?

  • A. The organisation has significantly less control over the device than over a corporately provided and managed device.
  • B. Under GDPR it is illegal for an individual to use a personal device when handling personal information under corporate control.
  • C. Most BYOD involves the use of non-Windows hardware which is intrinsically insecure and open to abuse.
  • D. Privately owned end user devices are not provided with the same volume nor frequency of security patch updates as a corporation.

Answer: C

 

NEW QUESTION 49
Which of the following is LEASTLIKELY to be the result of a global pandemic impacting on information security?

  • A. An upsurge in activity by attackers seeking vulnerabilities caused by operational changes.
  • B. A large increase in remote workers operating in insecure premises.
  • C. Additional physical security requirements at data centres and corporate headquarters.
  • D. Increased demand on service desks as users need additional tools such as VPNs.

Answer: D

 

NEW QUESTION 50
Which of the following types of organisation could be considered the MOST at risk from the theft of electronic based credit card data?

  • A. Agricultural producer.
  • B. Mail delivery business.
  • C. Online retailer.
  • D. Traditional market trader.

Answer: C

 

NEW QUESTION 51
When considering outsourcing the processing of data, which two legal "duty of care" considerations SHOULD the original data owner make?
1 Third party is competent to process the data securely.
2. Observes the same high standards as data owner.
3. Processes the data wherever the data can be transferred.
4. Archive the data for long term third party's own usage.

  • A. 1 and 4.
  • B. 2 and 3.
  • C. 1 and 2.
  • D. 3 and 4.

Answer: A

 

NEW QUESTION 52
By what means SHOULD a cloud service provider prevent one client accessing data belonging to another in a shared server environment?

  • A. By increasing deterrent controls through warning messages.
  • B. By using a hypervisor in all shared severs.
  • C. By ensuring appropriate data isolation and logical storage segregation.
  • D. By employing intrusion detection systems in a VMs.

Answer: D

 

NEW QUESTION 53
In business continuity, what is a battle box?

  • A. An armoured box that holds all an organisation's backup databases.
  • B. A list of names and addresses of staff to be utilised should industrial action prevent access to a building.
    http://www.battlebox.biz/why.asp
  • C. A portable container that holds Items and information useful in the event of an organisational disaster.
  • D. A collection of tools and protective equipment to be used in the event of civil disturbance.

Answer: C

 

NEW QUESTION 54
In order to better improve the security culture within an organisation with a top down approach, which of the following actions at board level is the MOST effective?

  • A. Appointment of a Chief Information Security Officer (CISO).
  • B. Adopting an organisation wide "clear desk" policy.
  • C. Developing a security awareness e-learning course.
  • D. Purchasing all senior executives personal firewalls.

Answer: A

 

NEW QUESTION 55
What does a penetration test do that a Vulnerability Scan does NOT?

  • A. A penetration test looks for known vulnerabilities and reports them without further action.
  • B. A penetration test is always an automated process - a vulnerability scan never is.
  • C. A penetration test never uses common tools such as Nrnap, Nessus and Metasploit.
  • D. A penetration test seeks to actively exploit any known or discovered vulnerabilities.

Answer: A

 

NEW QUESTION 56
In order to maintain the currency of risk countermeasures, how often SHOULD an organisation review these risks?

  • A. Risks remain under constant review.
  • B. A maximum of once every other month.
  • C. When the next risk audit is due.
  • D. Once defined, they do not need reviewing.

Answer: A

 

NEW QUESTION 57
Which of the following is NOT a valid statement to include in an organisation's security policy?

  • A. The policy has been agreed and amended to suit all third party contractors.
  • B. How the organisation will manage information assurance.
  • C. The policy has the support of Board and the Chief Executive.
  • D. The compliance with legal and regulatory obligations.

Answer: B

 

NEW QUESTION 58
What are the different methods that can be used as access controls?
1. Detective.
2. Physical.
3. Reactive.
4. Virtual.
5. Preventive.

  • A. 1, 2 and 4.
  • B. 1, 2 and 5.
  • C. 3, 4 and 5.
  • D. 1, 2 and 3.

Answer: B

 

NEW QUESTION 59
......

CISMP-V9 Dumps PDF - CISMP-V9 Real Exam Questions Answers: https://www.updatedumps.com/BCS/CISMP-V9-updated-exam-dumps.html

CISMP-V9 Exam [2021] Dumps BCS PDF Questions: https://drive.google.com/open?id=1haK4o_RyKCBZ72gukLjSu3S2DRRCKal4 

Related Articles

more
BCS CISMP-V9 Certification Practice Exam