[Nov 16, 2021] VCEPrep CISMP-V9 dumps & Information security and CCP scheme certifications sure practice dumps
BCS CISMP-V9 Actual Questions and Braindumps
NEW QUESTION 38
Which security framework impacts on organisations that accept credit cards, process credit card transactions, store relevant data or transmit credit card data?
- A. ENISA NIS.
- B. PCI DSS.
- C. TOGAF.
- D. Sarbanes-Oxiey
https://digitalguardian.com/blog/what-pci-compliance
Answer: B
NEW QUESTION 39
Which of the following is an accepted strategic option for dealing with risk?
- A. Detection.
- B. Correction.
- C. Acceptance
- D. Forbearance.
Answer: B
NEW QUESTION 40
Which type of facility is enabled by a contract with an alternative data processing facility which will provide HVAC, power and communications infrastructure as well computing hardware and a duplication of organisations existing "live" data?
- A. Warm site.
- B. Spare site
- C. Cold site.
- D. Hot site.
Answer: C
NEW QUESTION 41
What form of training SHOULD developers be undertaking to understand the security of the code they have written and how it can improve security defence whilst being attacked?
- A. Red Team Training.
- B. Black Hat Training.
- C. Blue Team Training.
- D. Awareness Training.
Answer: B
NEW QUESTION 42
Which cryptographic protocol preceded Transport Layer Security (TLS)?
- A. Simple Network Management Protocol (SNMP).
- B. Hypertext Transfer Protocol Secure (HTTPS)
- C. Secure Sockets Layer (SSL).
- D. Public Key Infrastructure (PKI).
Answer: C
NEW QUESTION 43
Which of the following is the MOST important reason for undertaking Continual Professional Development (CPD) within the Information Security sphere?
- A. CPD is a prerequisite of any Chartered Institution qualification.
- B. Information Security changes constantly and at speed.
- C. Professional qualification bodies demand CPD.
- D. IT certifications require CPD and Security needs to remain credible.
Answer: B
NEW QUESTION 44
When a digital forensics investigator is conducting art investigation and handling the original data, what KEY principle must they adhere to?
- A. Ensure they are being observed by a senior investigator in all actions.
- B. Ensure they do not handle the evidence as that must be done by law enforcement officers.
- C. Ensure the data has been adjusted to meet the investigation requirements.
- D. Ensure they are competent to be able to do so and be able to justify their actions.
Answer: D
NEW QUESTION 45
What Is the PRIMARY security concern associated with the practice known as Bring Your Own Device (BYOD) that might affect a large organisation?
- A. Privately owned end user devices are not provided with the same volume nor frequency of security patch updates as a corporation.
- B. The organisation has significantly less control over the device than over a corporately provided and managed device.
- C. Under GDPR it is illegal for an individual to use a personal device when handling personal information under corporate control.
- D. Most BYOD involves the use of non-Windows hardware which is intrinsically insecure and open to abuse.
Answer: D
NEW QUESTION 46
How does network visualisation assist in managing information security?
- A. Visualisation offers unstructured data that records the entirety of the data in a flat, filterable ftle format.
- B. Visualisation software operates in a way that is rarely and thereby it is less prone to malware infection.
- C. Visualisation provides structured tables and lists that can be analysed using common tools such as MS Excel.
- D. Visualisation can communicate large amounts of data in a manner that is a relatively simple way for people to analyse and interpret.
Answer: B
NEW QUESTION 47
When an organisation decides to operate on the public cloud, what does it lose?
- A. Control over Intellectual Property Rights relating to its applications.
- B. The right to audit and monitor access to its information.
- C. Physical access to the servers hosting its information.
- D. The ability to determine in which geographies the information is stored.
Answer: B
NEW QUESTION 48
Which of the following is LEASTLIKELY to be the result of a global pandemic impacting on information security?
- A. A large increase in remote workers operating in insecure premises.
- B. Increased demand on service desks as users need additional tools such as VPNs.
- C. Additional physical security requirements at data centres and corporate headquarters.
- D. An upsurge in activity by attackers seeking vulnerabilities caused by operational changes.
Answer: B
NEW QUESTION 49
What term refers to the shared set of values within an organisation that determine how people are expected to behave in regard to information security?
- A. Security Policy Framework.
https://www.cpni.gov.uk/developing-security-culture#:~:text=Developing%20a%20Security%20Culture,-What%20type%20of&text=Security%20culture%20refers%20to%20the,think%20about%20and%20approach%20security.&text=Employees%20are%20more%20likley%20to%20think%20and%20act%20in%20a%20security%20conscious%20manner - B. Security Culture.
- C. Code of Ethics.
- D. System Operating Procedures.
Answer: B
NEW QUESTION 50
When handling and investigating digital evidence to be used in a criminal cybercrime investigation, which of the following principles is considered BEST practice?
- A. Digital evidence must not be altered unless absolutely necessary.
- B. Digital evidence can only be handled by a member of law enforcement.
- C. Acquiring digital evidence cart only be carried on digital devices which have been turned off.
- D. Digital devices must be forensically "clean" before investigation.
Answer: D
NEW QUESTION 51
What type of attack could directly affect the confidentiality of an unencrypted VoIP network?
- A. Ransomware.
- B. Vishing Attack
- C. Packet Sniffing.
- D. Brute Force Attack.
Answer: D
NEW QUESTION 52
What is the name of the method used to illicitly target a senior person in an organisation so as to try to coerce them Into taking an unwanted action such as a misdirected high-value payment?
- A. C-suite spamming.
- B. Spear-phishing.
- C. Whaling.
- D. Trawling.
Answer: B
NEW QUESTION 53
What type of attack attempts to exploit the trust relationship between a user client based browser and server based websites forcing the submission of an authenticated request to a third party site?
- A. Parameter Tampering
- B. SQL Injection.
- C. XSS.
- D. CSRF.
Answer: D
NEW QUESTION 54
What types of web application vulnerabilities continue to be the MOST prolific according to the OWASP Top 10?
- A. Insecure Deserialsiation.
- B. Injection Flaws.
- C. Poor Password Management.
- D. Security Misconfiguration
Answer: B
NEW QUESTION 55
Select the document that is MOST LIKELY to contain direction covering the security and utilisation of all an organisation's information and IT equipment, as well as email, internet and telephony.
- A. Business Continuity Plan.
- B. Cryptographic Statement.
- C. Acceptable Usage Policy.
- D. Security Policy Framework.
Answer: B
NEW QUESTION 56
How might the effectiveness of a security awareness program be effectively measured?
1) Employees are required to take an online multiple choice exam on security principles.
2) Employees are tested with social engineering techniques by an approved penetration tester.
3) Employees practice ethical hacking techniques on organisation systems.
4) No security vulnerabilities are reported during an audit.
5) Open source intelligence gathering is undertaken on staff social media profiles.
- A. 2, 4 and 5.
- B. 3, 4 and 5.
- C. 1, 2 and 5.
- D. 1, 2 and 3.
Answer: D
NEW QUESTION 57
......
Latest CISMP-V9 Pass Guaranteed Exam Dumps with Accurate & Updated Questions: https://www.vceprep.com/CISMP-V9-latest-vce-prep.html
Pass CISMP-V9 Exam with Updated CISMP-V9 Exam Dumps PDF 2021: https://drive.google.com/open?id=1UDufgfQCqEgc2TmCUMrCqPT1QfBUh7u4