• Home
  • Articles
  • Latest [Dec 14, 2021] BCS CISMP-V9 Real Exam Dumps PDF [Q32-Q52]

Latest [Dec 14, 2021] BCS CISMP-V9 Real Exam Dumps PDF [Q32-Q52]

Share

Latest [Dec 14, 2021] BCS CISMP-V9 Real Exam Dumps PDF

CISMP-V9 Practice Test Questions Updated 102 Questions

NEW QUESTION 32
In order to better improve the security culture within an organisation with a top down approach, which of the following actions at board level is the MOST effective?

  • A. Adopting an organisation wide "clear desk" policy.
  • B. Developing a security awareness e-learning course.
  • C. Purchasing all senior executives personal firewalls.
  • D. Appointment of a Chief Information Security Officer (CISO).

Answer: D

 

NEW QUESTION 33
In business continuity, what is a battle box?

  • A. An armoured box that holds all an organisation's backup databases.
  • B. A portable container that holds Items and information useful in the event of an organisational disaster.
  • C. A list of names and addresses of staff to be utilised should industrial action prevent access to a building.
    http://www.battlebox.biz/why.asp
  • D. A collection of tools and protective equipment to be used in the event of civil disturbance.

Answer: B

 

NEW QUESTION 34
What Is the root cause as to why SMS messages are open to attackers and abuse?

  • A. The vast majority of mobile phones globally support the SMS protocol inexpensively.
  • B. There are only two mobile phone platforms - Android and iOS - reducing the number of target environments.
  • C. The store and forward nature of SMS means it is considered a 'fire and forget service'.
  • D. SMS technology was never intended to be used to transmit high risk content such as One-time payment codes.

Answer: D

 

NEW QUESTION 35
Which security concept provides redundancy in the event a security control failure or the exploitation of a vulnerability?

  • A. Intrusion Prevention System.
  • B. Sandboxing.
  • C. System Integrity.
  • D. Defence in depth.
    https://en.wikipedia.org/wiki/Defense_in_depth_(computing)

Answer: D

 

NEW QUESTION 36
What is the name of the method used to illicitly target a senior person in an organisation so as to try to coerce them Into taking an unwanted action such as a misdirected high-value payment?

  • A. C-suite spamming.
  • B. Spear-phishing.
  • C. Whaling.
  • D. Trawling.

Answer: B

 

NEW QUESTION 37
What advantage does the delivery of online security training material have over the distribution of printed media?

  • A. Printed material is a 'discoverable record' and could expose the organisation to litigation in the event of an incident.
  • B. Updating online material requires a single edit. Printed material needs to be distributed physically.
  • C. Online material is protected by international digital copyright legislation across most territories.
  • D. Online training material is intrinsically more accurate than printed material.

Answer: D

 

NEW QUESTION 38
Which standards framework offers a set of IT Service Management best practices to assist organisations in aligning IT service delivery with business goals - including security goals?

  • A. ITIL.
  • B. ISAGA.
    https://www.cherwell.com/it-service-management/library/essential-guides/essential-guide-to-itil-framework-and-processes/
  • C. SABSA.
  • D. COBIT

Answer: A

 

NEW QUESTION 39
Which of the following cloud delivery models is NOT intrinsically "trusted" in terms of security by clients using the service?

  • A. Public.
  • B. Hybrid.
  • C. Private.
  • D. Community

Answer: D

 

NEW QUESTION 40
Which of the following describes a qualitative risk assessment approach?

  • A. A subjective assessment of risk occurrence likelihood against the potential impact that determines the overall severity of a risk.
  • B. The use of Monte-Carlo Analysis and Layers of Protection Analysis (LOPA) to determine the overall severity of a risk.
  • C. The use of Risk Tolerance and Risk Appetite values to determine the overall severity of a risk
  • D. The use of verifiable data to predict the risk occurrence likelihood and the potential impact so as to determine the overall severity of a risk.

Answer: B

 

NEW QUESTION 41
Which of the following international standards deals with the retention of records?

  • A. ISO/IEC 27002.
  • B. IS015489.
  • C. PCI DSS.
  • D. RFC1918.

Answer: B

 

NEW QUESTION 42
In a security governance framework, which of the following publications would be at the HIGHEST level?

  • A. Policy.
  • B. Standards
  • C. Procedures.
  • D. Guidelines

Answer: C

 

NEW QUESTION 43
How might the effectiveness of a security awareness program be effectively measured?
1) Employees are required to take an online multiple choice exam on security principles.
2) Employees are tested with social engineering techniques by an approved penetration tester.
3) Employees practice ethical hacking techniques on organisation systems.
4) No security vulnerabilities are reported during an audit.
5) Open source intelligence gathering is undertaken on staff social media profiles.

  • A. 2, 4 and 5.
  • B. 3, 4 and 5.
  • C. 1, 2 and 5.
  • D. 1, 2 and 3.

Answer: D

 

NEW QUESTION 44
How does the use of a "single sign-on" access control policy improve the security for an organisation implementing the policy?

  • A. Helps prevent the likelihood of users writing down passwords.
  • B. Decreases the complexity of passwords users have to remember.
  • C. Access control logs are centrally located.
  • D. Password is better encrypted for system authentication.

Answer: C

 

NEW QUESTION 45
Which of the following is LEASTLIKELY to be the result of a global pandemic impacting on information security?

  • A. A large increase in remote workers operating in insecure premises.
  • B. Increased demand on service desks as users need additional tools such as VPNs.
  • C. Additional physical security requirements at data centres and corporate headquarters.
  • D. An upsurge in activity by attackers seeking vulnerabilities caused by operational changes.

Answer: B

 

NEW QUESTION 46
Which of the following is the MOST important reason for undertaking Continual Professional Development (CPD) within the Information Security sphere?

  • A. CPD is a prerequisite of any Chartered Institution qualification.
  • B. Information Security changes constantly and at speed.
  • C. Professional qualification bodies demand CPD.
  • D. IT certifications require CPD and Security needs to remain credible.

Answer: B

 

NEW QUESTION 47
Which of the following types of organisation could be considered the MOST at risk from the theft of electronic based credit card data?

  • A. Agricultural producer.
  • B. Traditional market trader.
  • C. Online retailer.
  • D. Mail delivery business.

Answer: C

 

NEW QUESTION 48
When considering outsourcing the processing of data, which two legal "duty of care" considerations SHOULD the original data owner make?
1 Third party is competent to process the data securely.
2. Observes the same high standards as data owner.
3. Processes the data wherever the data can be transferred.
4. Archive the data for long term third party's own usage.

  • A. 1 and 2.
  • B. 2 and 3.
  • C. 1 and 4.
  • D. 3 and 4.

Answer: C

 

NEW QUESTION 49
One traditional use of a SIEM appliance is to monitor for exceptions received via syslog.
What system from the following does NOT natively support syslog events?

  • A. Linux Web Server Appliances.
  • B. Windows Desktop Systems.
  • C. Enterprise Stateful Firewall.
  • D. Enterprise Wireless Access Point.

Answer: A

 

NEW QUESTION 50
Why might the reporting of security incidents that involve personal data differ from other types of security incident?

  • A. Personal data is not highly transient so its 1 investigation rarely involves the preservation of volatile memory and full forensic digital investigation.
  • B. Personal data is normally handled on both IT and non-IT systems so such incidents need to be managed in two streams.
  • C. Data Protection legislation is process-oriented and focuses on quality assurance of procedures and governance rather than data-focused event investigation
  • D. Data Protection legislation normally requires the reporting of incidents involving personal data to a Supervisory Authority.

Answer: C

 

NEW QUESTION 51
Geoff wants to ensure the application of consistent security settings to devices used throughout his organisation whether as part of a mobile computing or a BYOD approach.
What technology would be MOST beneficial to his organisation?

  • A. VPN.
  • B. MDM.
  • C. IDS.
  • D. SIEM.

Answer: B

 

NEW QUESTION 52
......

BCS CISMP-V9 Dumps - Secret To Pass in First Attempt: https://www.itexamreview.com/CISMP-V9-exam-dumps.html

CISMP-V9 Dumps - Grab Out For [NEW-2021] BCS Exam: https://drive.google.com/open?id=1CLDb9iq86QN2N2mDG6cYdK0HP-FRm2rg

Related Articles

more
BCS CISMP-V9 Certification Practice Exam

ITexamReview is the provider of reliable and professional exam dumps and question solver for your coming real exam. Please trust us to give you a perfect answer.

Latest Exam Review

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ITexamReview NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy