New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

CISMP-V9 Questions and Answers

Question # 6

What type of attack could directly affect the confidentiality of an unencrypted VoIP network?

A.

Packet Sniffing.

B.

Brute Force Attack.

C.

Ransomware.

D.

Vishing Attack

Full Access
Question # 7

Which of the following testing methodologies TYPICALLY involves code analysis in an offline environment without ever actually executing the code?

A.

Dynamic Testing.

B.

Static Testing.

C.

User Testing.

D.

Penetration Testing.

Full Access
Question # 8

Which types of organisations are likely to be the target of DDoS attacks?

A.

Cloud service providers.

B.

Any financial sector organisations.

C.

Online retail based organisations.

D.

Any organisation with an online presence.

Full Access
Question # 9

In a virtualised cloud environment, what component is responsible for the secure separation between guest machines?

A.

Guest Manager

B.

Hypervisor.

C.

Security Engine.

D.

OS Kernal

Full Access
Question # 10

Which of the following is NOT a valid statement to include in an organisation's security policy?

A.

The policy has the support of Board and the Chief Executive.

B.

The policy has been agreed and amended to suit all third party contractors.

C.

How the organisation will manage information assurance.

D.

The compliance with legal and regulatory obligations.

Full Access
Question # 11

What is the name of the method used to illicitly target a senior person in an organisation so as to try to coerce them Into taking an unwanted action such as a misdirected high-value payment?

A.

Whaling.

B.

Spear-phishing.

C.

C-suite spamming.

D.

Trawling.

Full Access
Question # 12

When establishing objectives for physical security environments, which of the following functional controls SHOULD occur first?

A.

Delay.

B.

Drop.

C.

Deter.

D.

Deny.

Full Access
Question # 13

Geoff wants to ensure the application of consistent security settings to devices used throughout his organisation whether as part of a mobile computing or a BYOD approach.

What technology would be MOST beneficial to his organisation?

A.

VPN.

B.

IDS.

C.

MDM.

D.

SIEM.

Full Access
Question # 14

Which of the following cloud delivery models is NOT intrinsically "trusted" in terms of security by clients using the service?

A.

Public.

B.

Private.

C.

Hybrid.

D.

Community

Full Access
Question # 15

In order to better improve the security culture within an organisation with a top down approach, which of the following actions at board level is the MOST effective?

A.

Appointment of a Chief Information Security Officer (CISO).

B.

Purchasing all senior executives personal firewalls.

C.

Adopting an organisation wide "clear desk" policy.

D.

Developing a security awareness e-learning course.

Full Access
Question # 16

Why might the reporting of security incidents that involve personal data differ from other types of security incident?

A.

Personal data is not highly transient so its 1 investigation rarely involves the preservation of volatile memory and full forensic digital investigation.

B.

Personal data is normally handled on both IT and non-IT systems so such incidents need to be managed in two streams.

C.

Data Protection legislation normally requires the reporting of incidents involving personal data to a Supervisory Authority.

D.

Data Protection legislation is process-oriented and focuses on quality assurance of procedures and governance rather than data-focused event investigation

Full Access
Question # 17

Which security framework impacts on organisations that accept credit cards, process credit card transactions, store relevant data or transmit credit card data?

A.

PCI DSS.

B.

TOGAF.

C.

ENISA NIS.

D.

Sarbanes-Oxiey

Full Access
Question # 18

Which of the following describes a qualitative risk assessment approach?

A.

A subjective assessment of risk occurrence likelihood against the potential impact that determines the overall severity of a risk.

B.

The use of verifiable data to predict the risk occurrence likelihood and the potential impact so as to determine the overall severity of a risk.

C.

The use of Monte-Carlo Analysis and Layers of Protection Analysis (LOPA) to determine the overall severity of a risk.

D.

The use of Risk Tolerance and Risk Appetite values to determine the overall severity of a risk

Full Access
Question # 19

Which of the following is often the final stage in the information management lifecycle?

A.

Disposal.

B.

Creation.

C.

Use.

D.

Publication.

Full Access
Question # 20

When considering outsourcing the processing of data, which two legal "duty of care" considerations SHOULD the original data owner make?

1 Third party is competent to process the data securely.

2. Observes the same high standards as data owner.

3. Processes the data wherever the data can be transferred.

4. Archive the data for long term third party's own usage.

A.

2 and 3.

B.

3 and 4.

C.

1 and 4.

D.

1 and 2.

Full Access
Question # 21

What advantage does the delivery of online security training material have over the distribution of printed media?

A.

Updating online material requires a single edit. Printed material needs to be distributed physically.

B.

Online training material is intrinsically more accurate than printed material.

C.

Printed material is a 'discoverable record' and could expose the organisation to litigation in the event of an incident.

D.

Online material is protected by international digital copyright legislation across most territories.

Full Access
Question # 22

Which of the following is NOT considered to be a form of computer misuse?

A.

Illegal retention of personal data.

B.

Illegal interception of information.

C.

Illegal access to computer systems.

D.

Downloading of pirated software.

Full Access
Question # 23

Which of the following is an asymmetric encryption algorithm?

A.

DES.

B.

AES.

C.

ATM.

D.

RSA.

Full Access
Question # 24

What form of attack against an employee has the MOST impact on their compliance with the organisation's "code of conduct"?

A.

Brute Force Attack.

B.

Social Engineering.

C.

Ransomware.

D.

Denial of Service.

Full Access
Question # 25

In terms of security culture, what needs to be carried out as an integral part of security by all members of an organisation and is an essential component to any security regime?

A.

The 'need to known principle.

B.

Verification of visitor's ID

C.

Appropriate behaviours.

D.

Access denial measures

Full Access
Question # 26

Which of the following statements relating to digital signatures is TRUE?

A.

Digital signatures are rarely legally enforceable even if the signers know they are signing a legal document.

B.

Digital signatures are valid and enforceable in law in most countries in the world.

C.

Digital signatures are legal unless there is a statutory requirement that predates the digital age.

D.

A digital signature that uses a signer’s private key is illegal.

Full Access
Question # 27

Ensuring the correctness of data inputted to a system is an example of which facet of information security?

A.

Confidentiality.

B.

Integrity.

C.

Availability.

D.

Authenticity.

Full Access
Question # 28

What aspect of an employee's contract of employment Is designed to prevent the unauthorised release of confidential data to third parties even after an employee has left their employment?

A.

Segregation of Duties.

B.

Non-disclosure.

C.

Acceptable use policy.

D.

Security clearance.

Full Access
Question # 29

What type of attack attempts to exploit the trust relationship between a user client based browser and server based websites forcing the submission of an authenticated request to a third party site?

A.

XSS.

B.

Parameter Tampering

C.

SQL Injection.

D.

CSRF.

Full Access
Question # 30

Which term describes the acknowledgement and acceptance of ownership of actions, decisions, policies and deliverables?

A.

Accountability.

B.

Responsibility.

C.

Credibility.

D.

Confidentiality.

Full Access