Get instant access to CISMP-V9 Practice Tests 2021 Free Updated Today! [Q55-Q75]

Get instant access to CISMP-V9 Practice Tests 2021 Free Updated Today!

Welcome to download the newest PassLeader CISMP-V9 PDF dumps ( 102  Q&As)

NEW QUESTION 55
What are the different methods that can be used as access controls?
1. Detective.
2. Physical.
3. Reactive.
4. Virtual.
5. Preventive.

• A. 1, 2 and 3.
• B. 3, 4 and 5.
• C. 1, 2 and 5.
• D. 1, 2 and 4.

Answer: C

 

NEW QUESTION 56
What term refers to the shared set of values within an organisation that determine how people are expected to behave in regard to information security?

• A. System Operating Procedures.
• B. Security Culture.
• C. Security Policy Framework.
  https://www.cpni.gov.uk/developing-security-culture#:~:text=Developing%20a%20Security%20Culture,-What%20type%20of&text=Security%20culture%20refers%20to%20the,think%20about%20and%20approach%20security.&text=Employees%20are%20more%20likley%20to%20think%20and%20act%20in%20a%20security%20conscious%20manner
• D. Code of Ethics.

Answer: B

 

NEW QUESTION 57
Ensuring the correctness of data inputted to a system is an example of which facet of information security?

• A. Integrity.
• B. Availability.
• C. Authenticity.
• D. Confidentiality.

Answer: A

 

NEW QUESTION 58
Which term is used to describe the set of processes that analyses code to ensure defined coding practices are being followed?

• A. Source code analysis.
• B. Quality Assurance and Control
• C. Dynamic verification.
• D. Static verification.

Answer: A

 

NEW QUESTION 59
In terms of security culture, what needs to be carried out as an integral part of security by all members of an organisation and is an essential component to any security regime?

• A. Access denial measures
• B. Verification of visitor's ID
• C. Appropriate behaviours.
• D. The 'need to known principle.

Answer: A

 

NEW QUESTION 60
For which security-related reason SHOULD staff monitoring critical CCTV systems be rotated regularly during each work session?

• A. To give experience to monitoring staff across a range of activities for training purposes.
• B. The human attention span during intense monitoring sessions is about 20 minutes.
• C. To reduce the chance of collusion between security staff and those being monitored.
• D. Health and Safety regulations demand that staff are rotated to prevent posture and vision related harm.

Answer: B

 

NEW QUESTION 61
Which term describes the acknowledgement and acceptance of ownership of actions, decisions, policies and deliverables?

• A. Responsibility.
• B. Credibility.
• C. Confidentiality.
  https://hr.nd.edu/assets/17442/behavior_model_4_ratings_3_.pdf
• D. Accountability.

Answer: D

 

NEW QUESTION 62
When securing a wireless network, which of the following is NOT best practice?

• A. Use MAC tittering on a SOHO network with a smart group of clients.
• B. Using WPA encryption on the wireless network.
• C. Dedicating an access point on a dedicated VLAN connected to a firewall.
• D. Turning on SSID broadcasts to advertise security levels.

Answer: C

 

NEW QUESTION 63
What term is used to describe the testing of a continuity plan through a written scenario being used as the basis for discussion and simulation?

• A. Non-dynamic modeling
• B. Fault stressing
• C. Desk-top exercise.
• D. End-to-end testing.

Answer: C

 

NEW QUESTION 64
Geoff wants to ensure the application of consistent security settings to devices used throughout his organisation whether as part of a mobile computing or a BYOD approach.
What technology would be MOST beneficial to his organisation?

• A. SIEM.
• B. IDS.
• C. MDM.
• D. VPN.

Answer: C

 

NEW QUESTION 65
Once data has been created In a standard information lifecycle, what step TYPICALLY happens next?

• A. Data Archiving.
• B. Data Publication
• C. Data Deletion.
• D. Data Storage.

Answer: C

 

NEW QUESTION 66
What Is the PRIMARY difference between DevOps and DevSecOps?

• A. Within DevSecOps security is introduced at the end of development immediately prior to deployment.
• B. DevSecOps includes security on the same level as continuous integration and delivery.
• C. DevOps mandates that security is integrated at the beginning of the development lifecycle.
  https://www.viva64.com/en/b/0710/#:~:text=DevOps%20is%20a%20methodology%20aiming,in%20the%20software%20development%20process.&text=DevSecOps%20is%20a%20further%20development,code%20quality%20and%20reliability%20assurance.
• D. DevSecOps focuses solely on iterative development cycles.

Answer: B

 

NEW QUESTION 67
What type of attack could directly affect the confidentiality of an unencrypted VoIP network?

• A. Packet Sniffing.
• B. Ransomware.
• C. Vishing Attack
• D. Brute Force Attack.

Answer: D

 

NEW QUESTION 68
In order to better improve the security culture within an organisation with a top down approach, which of the following actions at board level is the MOST effective?

• A. Adopting an organisation wide "clear desk" policy.
• B. Purchasing all senior executives personal firewalls.
• C. Developing a security awareness e-learning course.
• D. Appointment of a Chief Information Security Officer (CISO).

Answer: D

 

NEW QUESTION 69
James is working with a software programme that completely obfuscates the entire source code, often in the form of a binary executable making it difficult to inspect, manipulate or reverse engineer the original source code.
What type of software programme is this?

• A. Open Source.
• B. Proprietary Source.
• C. Interpreted Source.
• D. Free Source.

Answer: C

 

NEW QUESTION 70
What Is the PRIMARY reason for organisations obtaining outsourced managed security services?

• A. Managed security services permit organisations to absolve themselves of responsibility for security.
• B. Managed security services are a de facto requirement for certification to core security standards such as ISG/IEC 27001
• C. Managed security services provide access to specialist security tools and expertise on a shared, cost-effective basis.
• D. Managed security services are a powerful defence against litigation in the event of a security breach or incident

Answer: A

 

NEW QUESTION 71
Which of the following subjects is UNLIKELY to form part of a cloud service provision laaS contract?

• A. End-of-service.
• B. Intellectual Property Rights.
• C. Liability
• D. User security education.

Answer: C

 

NEW QUESTION 72
How might the effectiveness of a security awareness program be effectively measured?
1) Employees are required to take an online multiple choice exam on security principles.
2) Employees are tested with social engineering techniques by an approved penetration tester.
3) Employees practice ethical hacking techniques on organisation systems.
4) No security vulnerabilities are reported during an audit.
5) Open source intelligence gathering is undertaken on staff social media profiles.

• A. 2, 4 and 5.
• B. 3, 4 and 5.
• C. 1, 2 and 5.
• D. 1, 2 and 3.

Answer: D

 

NEW QUESTION 73
In a security governance framework, which of the following publications would be at the HIGHEST level?

• A. Guidelines
• B. Standards
• C. Policy.
• D. Procedures.

Answer: D

 

NEW QUESTION 74
What types of web application vulnerabilities continue to be the MOST prolific according to the OWASP Top 10?

• A. Poor Password Management.
• B. Security Misconfiguration
• C. Injection Flaws.
• D. Insecure Deserialsiation.

Answer: C

 

NEW QUESTION 75
......

Oct-2021 Latest RealVCE CISMP-V9 Exam Dumps with PDF and Exam Engine: https://www.realvce.com/CISMP-V9_free-dumps.html

Premium Quality BCS CISMP-V9 Online dumps: https://drive.google.com/open?id=1qYsOhG-hJGyLRnJ_uiK2kQy9lLuIOtd_