CISMP-V9 PDF Dumps Dec 22, 2021 Exam Questions – Valid CISMP-V9 Dumps [Q47-Q68]

CISMP-V9 PDF Dumps Dec 22, 2021 Exam Questions – Valid CISMP-V9 Dumps

Ultimate CISMP-V9 Guide to Prepare Free Latest BCS Practice Tests Dumps

NEW QUESTION 47
What form of attack against an employee has the MOST impact on their compliance with the organisation's "code of conduct"?

• A. Brute Force Attack.
• B. Denial of Service.
• C. Social Engineering.
• D. Ransomware.

Answer: B

 

NEW QUESTION 48
What physical security control would be used to broadcast false emanations to mask the presence of true electromagentic emanations from genuine computing equipment?

• A. White noise generation.
• B. Unshielded cabling.
• C. Faraday cage.
• D. Copper infused windows.

Answer: B

 

NEW QUESTION 49
In order to maintain the currency of risk countermeasures, how often SHOULD an organisation review these risks?

• A. Risks remain under constant review.
• B. A maximum of once every other month.
• C. When the next risk audit is due.
• D. Once defined, they do not need reviewing.

Answer: A

 

NEW QUESTION 50
What are the different methods that can be used as access controls?
1. Detective.
2. Physical.
3. Reactive.
4. Virtual.
5. Preventive.

• A. 1, 2 and 4.
• B. 1, 2 and 5.
• C. 3, 4 and 5.
• D. 1, 2 and 3.

Answer: B

 

NEW QUESTION 51
Which algorithm is a current specification for the encryption of electronic data established by NIST?

• A. RSA.
• B. DES.
• C. PGP.
  https://www.nist.gov/publications/advanced-encryption-standard-aes
• D. AES.

Answer: D

 

NEW QUESTION 52
In terms of security culture, what needs to be carried out as an integral part of security by all members of an organisation and is an essential component to any security regime?

• A. Access denial measures
• B. Appropriate behaviours.
• C. The 'need to known principle.
• D. Verification of visitor's ID

Answer: A

 

NEW QUESTION 53
What Is the first yet MOST simple and important action to take when setting up a new web server?

• A. Change default system passwords.
• B. Fully encrypt the hard disk.
• C. Patch the OS to the latest version
• D. Apply hardening to all applications.

Answer: D

 

NEW QUESTION 54
Which of the following is considered to be the GREATEST risk to information systems that results from deploying end-to-end Internet of Things (IoT) solutions?

• A. Use of cloud based systems to collect loT data.
• B. Use of proprietary networking protocols between nodes.
• C. Much larger attack surface than traditional IT systems.
• D. Use of 'cheap" microcontroller based sensors.

Answer: A

 

NEW QUESTION 55
Which of the following is an asymmetric encryption algorithm?

• A. AES.
• B. DES.
• C. RSA.
  https://www.omnisecu.com/security/public-key-infrastructure/asymmetric-encryption-algorithms.php
• D. ATM.

Answer: C

 

NEW QUESTION 56
Why should a loading bay NEVER be used as a staff entrance?

• A. Staff should always enter a facility via a dedicated entrance to ensure smooth access and egress.
• B. Most countries have specific legislation covering loading bays and breaching this could impact on insurance status.
• C. Loading bays are often dirty places, and staff could find their clothing damaged or made less appropriate for the office.
• D. Loading bays are intrinsically vulnerable, so minimising the people traffic makes securing the areas easier and more effective.

Answer: A

 

NEW QUESTION 57
Which of the following controls would be the MOST relevant and effective in detecting zero day attacks?

• A. Vulnerability assessment
• B. Strong OS patch management
• C. Signature-based intrusion detection.
• D. Anomaly based intrusion detection.
  https://www.sciencedirect.com/topics/computer-science/zero-day-attack

Answer: A

 

NEW QUESTION 58
What advantage does the delivery of online security training material have over the distribution of printed media?

• A. Online training material is intrinsically more accurate than printed material.
• B. Printed material is a 'discoverable record' and could expose the organisation to litigation in the event of an incident.
• C. Updating online material requires a single edit. Printed material needs to be distributed physically.
• D. Online material is protected by international digital copyright legislation across most territories.

Answer: A

 

NEW QUESTION 59
Ensuring the correctness of data inputted to a system is an example of which facet of information security?

• A. Authenticity.
• B. Integrity.
• C. Availability.
• D. Confidentiality.

Answer: B

 

NEW QUESTION 60
What Is the KEY purpose of appending security classification labels to information?

• A. To provide guidance and instruction on implementing appropriate security controls to protect the information.
• B. To comply with whatever mandatory security policy framework is in place within the geographical location in question.
• C. To make sure the correct colour-coding system is used when the information is ready for archive.
• D. To ensure that should the information be lost in transit, it can be returned to the originator using the correct protocols.

Answer: A

 

NEW QUESTION 61
Geoff wants to ensure the application of consistent security settings to devices used throughout his organisation whether as part of a mobile computing or a BYOD approach.
What technology would be MOST beneficial to his organisation?

• A. MDM.
• B. IDS.
• C. SIEM.
• D. VPN.

Answer: A

 

NEW QUESTION 62
What type of attack attempts to exploit the trust relationship between a user client based browser and server based websites forcing the submission of an authenticated request to a third party site?

• A. Parameter Tampering
• B. XSS.
• C. CSRF.
• D. SQL Injection.

Answer: C

 

NEW QUESTION 63
What term is used to describe the act of checking out a privileged account password in a manner that bypasses normal access controls procedures during a critical emergency situation?

• A. Break Glass
• B. Multi Factor Authentication.
• C. Enterprise Security Management
• D. Privileged User Gateway

Answer: B

 

NEW QUESTION 64
In order to better improve the security culture within an organisation with a top down approach, which of the following actions at board level is the MOST effective?

• A. Appointment of a Chief Information Security Officer (CISO).
• B. Adopting an organisation wide "clear desk" policy.
• C. Developing a security awareness e-learning course.
• D. Purchasing all senior executives personal firewalls.

Answer: A

 

NEW QUESTION 65
Which type of facility is enabled by a contract with an alternative data processing facility which will provide HVAC, power and communications infrastructure as well computing hardware and a duplication of organisations existing "live" data?

• A. Hot site.
• B. Cold site.
• C. Spare site
• D. Warm site.

Answer: B

 

NEW QUESTION 66
How might the effectiveness of a security awareness program be effectively measured?
1) Employees are required to take an online multiple choice exam on security principles.
2) Employees are tested with social engineering techniques by an approved penetration tester.
3) Employees practice ethical hacking techniques on organisation systems.
4) No security vulnerabilities are reported during an audit.
5) Open source intelligence gathering is undertaken on staff social media profiles.

• A. 1, 2 and 5.
• B. 1, 2 and 3.
• C. 3, 4 and 5.
• D. 2, 4 and 5.

Answer: B

 

NEW QUESTION 67
What type of attack could directly affect the confidentiality of an unencrypted VoIP network?

• A. Packet Sniffing.
• B. Brute Force Attack.
• C. Vishing Attack
• D. Ransomware.

Answer: B

 

NEW QUESTION 68
......

Passing Key To Getting CISMP-V9 Certified Exam Engine PDF: https://www.updatedumps.com/BCS/CISMP-V9-updated-exam-dumps.html

Get Top-Rated BCS CISMP-V9 Exam Dumps Now: https://drive.google.com/open?id=1Td5H2UlLOi_OJKuOGwA090R6QpFl7C5Y