Online CISMP-V9 Exam Dumps Help You Build Confidence

Practicing with Information security and CCP scheme certifications CISMP-V9 exam dumps questions can help you build confidence and reduce exam anxiety. By familiarizing yourself with the types of questions you can expect to see on the CISMP-V9 BCS Foundation Certificate in Information Security Management Principles V9.0 exam and mastering the concepts and skills required to answer them, you can approach the exam with greater confidence and a sense of calm. Besides, CISMP-V9 dumps questions can help you achieve this level of knowledge and confidence. Study free BCS CISMP-V9 exam dumps below.

Page 1 of 4

1. What form of training SHOULD developers be undertaking to understand the security of the code they have written and how it can improve security defence whilst being attacked?

Red Team Training.

Blue Team Training.

Black Hat Training.

Awareness Training.

 Loading...

2. What type of attack attempts to exploit the trust relationship between a user client based browser and server based websites forcing the submission of an authenticated request to a third party site?

XS

Parameter Tampering

SQL Injection.

CSR

 Loading...

3. Which membership based organisation produces international standards, which cover good practice for information assurance?

BS

IET

OWAS

IS

 Loading...

4. Authorisation

1, 2 and 3.

2, 4, and 5.

1, 3 and 4.

1, 3 and 5.

 Loading...

5. One traditional use of a SIEM appliance is to monitor for exceptions received via syslog.

What system from the following does NOT natively support syslog events?

Enterprise Wireless Access Point.

Windows Desktop Systems.

Linux Web Server Appliances.

Enterprise Stateful Firewall.

 Loading...

6. Which security concept provides redundancy in the event a security control failure or the exploitation of a vulnerability?

System Integrity.

Sandboxing.

Intrusion Prevention System.

Defence in depth.

 Loading...

7. What Is the first yet MOST simple and important action to take when setting up a new web server?

Change default system passwords.

Fully encrypt the hard disk.

Apply hardening to all applications.

Patch the OS to the latest version

 Loading...

8. In business continuity, what is a battle box?

A portable container that holds Items and information useful in the event of an organisational disaster.

An armoured box that holds all an organisation's backup databases.

A collection of tools and protective equipment to be used in the event of civil disturbance.

A list of names and addresses of staff to be utilised should industrial action prevent access to a building.

 Loading...

9. In business continuity (BC) terms, what is the name of the individual responsible for recording all pertinent information associated with a BCexercise or real plan invocation?

Recorder.

Desk secretary.

Scribe.

Scrum Master.

 Loading...

10. How might the effectiveness of a security awareness program be effectively measured?

1) Employees are required to take an online multiple choice exam on security principles.

2) Employees are tested with social engineering techniques by an approved penetration tester.

3) Employees practice ethical hacking techniques on organisation systems.

4) No security vulnerabilities are reported during an audit.

5) Open source intelligence gathering is undertaken on staff social media profiles.

3, 4 and 5.

2, 4 and 5.

1, 2 and 3.

1, 2 and 5.

 Loading...

Page 2 of 4

11. A system administrator has created the following "array" as an access control for an organisation.

Developers: create files, update files.

Reviewers: upload files, update files.

Administrators: upload files, delete fifes, update files.

What type of access-control has just been created?

Task based access control.

Role based access control.

Rule based access control.

Mandatory access control.

 Loading...

12. Which standard deals with the implementation of business continuity?

ISO/IEC 27001

COBIT

IS0223G1.

BS5750.

 Loading...

13. James is working with a software programme that completely obfuscates the entire source code, often in the form of a binary executable making it difficult to inspect, manipulate or reverse engineer the original source code.

What type of software programme is this?

Free Source.

Proprietary Source.

Interpreted Source.

Open Source.

 Loading...

14. What Is the PRIMARY reason for organisations obtaining outsourced managed security services?

Managed security services permit organisations to absolve themselves of responsibility for security.

Managed security services are a de facto requirement for certification to core security standards such as ISG/IEC 27001

Managed security services provide access to specialist security tools and expertiseon a shared, cost-effective basis.

Managed security services are a powerful defence against litigation in the event of a security breach or incident

 Loading...

15. Why is it prudent for Third Parties to be contracted to meet specific security standards?

Vulnerabilities in Third Party networks can be malevolently leveraged to gain illicit access into client environments.

It is a legal requirement for Third Party support companies to meet client security standards.

All access to corporate systems must be controlled via a single set of rules if they are to be enforceable.

Third Parties cannot connect to other sites and networks without a contract of similar legal agreement.

 Loading...

16. Which term is used to describe the set of processes that analyses code to ensure defined coding practices are being followed?

Quality Assurance and Control

Dynamic verification.

Static verification.

Source code analysis.

 Loading...

17. What form of attack against an employee has the MOST impact on their compliance with the organisation's "code of conduct"?

Brute Force Attack.

Social Engineering.

Ransomware.

Denial of Service.

 Loading...

18. Which of the following is the MOST important reason for undertaking Continual Professional Development (CPD)within the Information Securitysphere?

Professional qualification bodies demand CP

Information Security changes constantly and at speed.

IT certifications require CPD and Security needs to remain credible.

CPD is a prerequisite of any Chartered Institution qualification.

 Loading...

19. What type of attack could directly affect the confidentiality of an unencrypted VoIP network?

Packet Sniffing.

Brute Force Attack.

Ransomware.

Vishing Attack

 Loading...

20. Which of the following international standards deals with the retention of records?

PCI DS

RFC1918.

IS015489.

ISO/IEC 27002.

 Loading...

Page 3 of 4

21. What form of risk assessment is MOST LIKELY to provide objective support for a security Return on Investment case?

ISO/IEC 27001.

Qualitative.

CPN

Quantitative

 Loading...

22. In terms of security culture, what needs to be carried out as an integral part of security by all members of an organisation and is an essential component to any security regime?

The 'need to knownprinciple.

Verification of visitor's ID

Appropriate behaviours.

Access denial measures

 Loading...

23. Which cryptographic protocol preceded Transport Layer Security (TLS)?

Public Key Infrastructure (PKI).

Simple Network Management Protocol (SNMP).

Secure Sockets Layer (SSL).

Hypertext Transfer Protocol Secure (HTTPS)

 Loading...

24. In a virtualised cloud environment, what component is responsible for the secure separation between guest machines?

Guest Manager

Hypervisor.

Security Engine.

OS Kernal

 Loading...

25. Geoff wants to ensure the application of consistent security settings to devices used throughout his organisation whether as part of a mobile computing or a BYOD approach.

What technology would be MOST beneficial to his organisation?

VP

ID

MD

SIE

 Loading...

26. A security analyst has been asked to provide a triple A service (AAA) for both wireless and remote access network services in an organization and must avoid using proprietary solutions.

What technology SHOULD they adapt?

TACACS+

RADIU

Oauth.

MS Access Database.

 Loading...

27. What Is the KEY purpose of appending security classification labels to information?

To provide guidance and instruction on implementing appropriate security controls to protect the information.

To comply with whatever mandatory security policy framework is in place within the geographical location in question.

To ensure that should the information be lost in transit, it can be returned to the originator using the correct protocols.

To make sure the correct colour-coding system is used when the information is ready for archive.

 Loading...

28. What types of web application vulnerabilities continue to be the MOST prolific according to the OWASP Top 10?

Poor Password Management.

Insecure Deserialsiation.

Injection Flaws.

Security Misconfiguration

 Loading...

29. What type of diagram used in application threat modeling includes malicious users as well as descriptions like mitigates and threatens?

Threat trees.

STRIDE charts.

Misuse case diagrams.

DREAD diagrams.

 Loading...

30. Which of the following is an accepted strategic option for dealing with risk?

Correction.

Detection.

Forbearance.

Acceptance

 Loading...

Page 4 of 4

31. Which standards framework offers a set of IT Service Management best practices to assist organisations in aligning IT service delivery with business goals - including security goals?

ITI

SABS

COBIT

ISAG

 Loading...

32. Which types of organisations are likely to be the target of DDoS attacks?

Cloud service providers.

Any financial sector organisations.

Online retail based organisations.

Any organisation with an online presence.

 Loading...

 Loading...