BCS CISMP-V9 Dumps Updated [Jul-2021] Get 100% Real Exam Questions! [Q42-Q61]

Share

[Jul-2021] Pass BCS CISMP-V9 Exam in First Attempt Guaranteed!

Full CISMP-V9 Practice Test and 102 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 42
Which of the following controls would be the MOST relevant and effective in detecting zero day attacks?

  • A. Signature-based intrusion detection.
  • B. Anomaly based intrusion detection.
    https://www.sciencedirect.com/topics/computer-science/zero-day-attack
  • C. Strong OS patch management
  • D. Vulnerability assessment

Answer: D

 

NEW QUESTION 43
A system administrator has created the following "array" as an access control for an organisation.
Developers: create files, update files.
Reviewers: upload files, update files.
Administrators: upload files, delete fifes, update files.
What type of access-control has just been created?

  • A. Task based access control.
  • B. Rule based access control.
  • C. Mandatory access control.
  • D. Role based access control.

Answer: B

 

NEW QUESTION 44
In a security governance framework, which of the following publications would be at the HIGHEST level?

  • A. Guidelines
  • B. Standards
  • C. Policy.
  • D. Procedures.

Answer: D

 

NEW QUESTION 45
Why is it prudent for Third Parties to be contracted to meet specific security standards?

  • A. It is a legal requirement for Third Party support companies to meet client security standards.
  • B. Vulnerabilities in Third Party networks can be malevolently leveraged to gain illicit access into client environments.
  • C. Third Parties cannot connect to other sites and networks without a contract of similar legal agreement.
  • D. All access to corporate systems must be controlled via a single set of rules if they are to be enforceable.

Answer: D

 

NEW QUESTION 46
One traditional use of a SIEM appliance is to monitor for exceptions received via syslog.
What system from the following does NOT natively support syslog events?

  • A. Enterprise Stateful Firewall.
  • B. Linux Web Server Appliances.
  • C. Windows Desktop Systems.
  • D. Enterprise Wireless Access Point.

Answer: B

 

NEW QUESTION 47
As well as being permitted to access, create, modify and delete information, what right does an Information Owner NORMALLY have in regard to their information?

  • A. To access information held in the same format and file structure.
  • B. To modify associated information that may lead to inappropriate disclosure.
  • C. To assign access privileges to others.
  • D. To delete all indexed data in the dataset.

Answer: B

 

NEW QUESTION 48
Which types of organisations are likely to be the target of DDoS attacks?

  • A. Any organisation with an online presence.
  • B. Any financial sector organisations.
  • C. Cloud service providers.
  • D. Online retail based organisations.

Answer: A

 

NEW QUESTION 49
Which standard deals with the implementation of business continuity?

  • A. COBIT
  • B. BS5750.
  • C. IS0223G1.
  • D. ISO/IEC 27001

Answer: D

 

NEW QUESTION 50
What does a penetration test do that a Vulnerability Scan does NOT?

  • A. A penetration test looks for known vulnerabilities and reports them without further action.
  • B. A penetration test never uses common tools such as Nrnap, Nessus and Metasploit.
  • C. A penetration test is always an automated process - a vulnerability scan never is.
  • D. A penetration test seeks to actively exploit any known or discovered vulnerabilities.

Answer: A

 

NEW QUESTION 51
How does network visualisation assist in managing information security?

  • A. Visualisation can communicate large amounts of data in a manner that is a relatively simple way for people to analyse and interpret.
  • B. Visualisation provides structured tables and lists that can be analysed using common tools such as MS Excel.
  • C. Visualisation offers unstructured data that records the entirety of the data in a flat, filterable ftle format.
  • D. Visualisation software operates in a way that is rarely and thereby it is less prone to malware infection.

Answer: D

 

NEW QUESTION 52
Which of the following is considered to be the GREATEST risk to information systems that results from deploying end-to-end Internet of Things (IoT) solutions?

  • A. Use of cloud based systems to collect loT data.
  • B. Use of proprietary networking protocols between nodes.
  • C. Use of 'cheap" microcontroller based sensors.
  • D. Much larger attack surface than traditional IT systems.

Answer: A

 

NEW QUESTION 53
Which of the following uses are NOT usual ways that attackers have of leveraging botnets?

  • A. Scanning for system & application vulnerabilities.
  • B. Undertaking vishing attacks
  • C. Conducting DDOS attacks.
  • D. Generating and distributing spam messages.

Answer: B

 

NEW QUESTION 54
What form of attack against an employee has the MOST impact on their compliance with the organisation's "code of conduct"?

  • A. Brute Force Attack.
  • B. Ransomware.
  • C. Denial of Service.
  • D. Social Engineering.

Answer: C

 

NEW QUESTION 55
Which type of facility is enabled by a contract with an alternative data processing facility which will provide HVAC, power and communications infrastructure as well computing hardware and a duplication of organisations existing "live" data?

  • A. Cold site.
  • B. Hot site.
  • C. Spare site
  • D. Warm site.

Answer: A

 

NEW QUESTION 56
Which three of the following characteristics form the AAA Triad in Information Security?
1. Authentication
2. Availability
3. Accounting
4. Asymmetry
5. Authorisation

  • A. 2, 4, and 5.
  • B. 1, 2 and 3.
  • C. 1, 3 and 5.
  • D. 1, 3 and 4.

Answer: C

 

NEW QUESTION 57
Which of the following is the MOST important reason for undertaking Continual Professional Development (CPD) within the Information Security sphere?

  • A. IT certifications require CPD and Security needs to remain credible.
  • B. CPD is a prerequisite of any Chartered Institution qualification.
  • C. Professional qualification bodies demand CPD.
  • D. Information Security changes constantly and at speed.

Answer: D

 

NEW QUESTION 58
When a digital forensics investigator is conducting art investigation and handling the original data, what KEY principle must they adhere to?

  • A. Ensure they do not handle the evidence as that must be done by law enforcement officers.
  • B. Ensure the data has been adjusted to meet the investigation requirements.
  • C. Ensure they are being observed by a senior investigator in all actions.
  • D. Ensure they are competent to be able to do so and be able to justify their actions.

Answer: D

 

NEW QUESTION 59
By what means SHOULD a cloud service provider prevent one client accessing data belonging to another in a shared server environment?

  • A. By using a hypervisor in all shared severs.
  • B. By ensuring appropriate data isolation and logical storage segregation.
  • C. By increasing deterrent controls through warning messages.
  • D. By employing intrusion detection systems in a VMs.

Answer: D

 

NEW QUESTION 60
Once data has been created In a standard information lifecycle, what step TYPICALLY happens next?

  • A. Data Archiving.
  • B. Data Publication
  • C. Data Deletion.
  • D. Data Storage.

Answer: C

 

NEW QUESTION 61
......

Prepare for your BCS certification with the updated PDFTorrent CISMP-V9 exam questions: https://drive.google.com/open?id=1jYpTqCZoh6j5DVoWtorrikD9I_Qw08CC

Get Latest CISMP-V9 Dumps Exam Questions in here: https://www.pdftorrent.com/CISMP-V9-exam-prep-dumps.html