[Jul 03, 2024] Verified CISMP-V9 dumps and 102 unique questions [Q47-Q66]

[Jul 03, 2024] Verified CISMP-V9 dumps and 102 unique questions

CISMP-V9 Dumps for Pass Guaranteed - Pass CISMP-V9 Exam 2024

BCS CISMP-V9 certification exam is based on the BCS Information Security Management Principles framework, which is a comprehensive framework for managing information security. The framework covers all aspects of information security management, including risk management, security policies, security incident management, and compliance. BCS Foundation Certificate in Information Security Management Principles V9.0 certification exam is designed to test the knowledge and understanding of this framework, and to ensure that individuals have the skills and knowledge required to manage information security effectively.

 

NEW QUESTION # 47
Which of the following acronyms covers the real-time analysis of security alerts generated by applications and network hardware?

• A. SIEM.
• B. CISM.
• C. DDoS.
• D. CERT

Answer: A

Explanation:
SIEM, which stands for Security Information and Event Management, is the correct acronym that covers the real-time analysis of security alerts generated by applications and network hardware. SIEM systems aggregate and analyze activity data from various resources across the IT infrastructure, such as network devices, servers, and domain controllers. They operate on rules-based and statistical correlation algorithms to establish relationships between log entries, providing reports on security-related incidents and events, and sending alerts if the analysis indicates a potential security issue. This enables organizations to gain insights into their security posture, identify trends, and detect threats or anomalies that could indicate a security incident1.
References: = The BCS Foundation Certificate in Information Security Management Principles acknowledges the role of SIEM in monitoring and analyzing security events in real-time as part of an effective information security framework1.

NEW QUESTION # 48
When an organisation decides to operate on the public cloud, what does it lose?

• A. Control over Intellectual Property Rights relating to its applications.
• B. Physical access to the servers hosting its information.
• C. The ability to determine in which geographies the information is stored.
• D. The right to audit and monitor access to its information.

Answer: D

NEW QUESTION # 49
When calculating the risk associated with a vulnerability being exploited, how is this risk calculated?

• A. Risk = Vulnerability / Threat.
• B. Risk = Likelihood * Impact.
• C. Risk = Threat * Likelihood.
• D. Risk = Likelihood / Impact.

Answer: A

NEW QUESTION # 50
Once data has been created In a standard information lifecycle, what step TYPICALLY happens next?

• A. Data Archiving.
• B. Data Deletion.
• C. Data Storage.
• D. Data Publication

Answer: C

Explanation:
After data creation, the typical next step in the standard information lifecycle is data storage. This phase involves securing the data in a storage solution where it can be accessed, managed, and protected effectively.
Proper data storage ensures that data remains intact and available for future processing and analysis. It is a critical step before data can be used for any operational or analytical purposes, and precedes other stages such as archiving or deletion, which occur later in the lifecycle123.
References := The BCS Foundation Certificate in Information Security Management Principles includes the understanding of the information lifecycle as part of its syllabus, emphasizing the importance of each stage, including data storage4. This is supported by industry practices and standards that outline the data lifecycle stages, as found in resources like the Harvard Business School Online's insights on the data lifecycle1, and other data management guides23.

NEW QUESTION # 51
Which security framework impacts on organisations that accept credit cards, process credit card transactions, store relevant data or transmit credit card data?

• A. ENISA NIS.
• B. TOGAF.
• C. PCI DSS.
• D. Sarbanes-Oxiey
  https://digitalguardian.com/blog/what-pci-compliance

Answer: C

NEW QUESTION # 52
Geoff wants to ensure the application of consistent security settings to devices used throughout his organisation whether as part of a mobile computing or a BYOD approach.
What technology would be MOST beneficial to his organisation?

• A. SIEM.
• B. IDS.
• C. MDM.
• D. VPN.

Answer: C

Explanation:
Mobile Device Management (MDM) is the most beneficial technology for ensuring consistent security settings across an organization's devices, especially in a Bring Your Own Device (BYOD) or mobile computing environment. MDM allows for the central management of security policies,the enforcement of strong authentication measures, and the protection of corporate data on personal devices. It provides the necessary tools to configure devices remotely, enforce security policies, manage applications, and protect against unauthorized access. This aligns with the Information Security Management Principles, particularly under the domains of Technical Security Controls and Procedural/People Security Controls, as it encompasses both the technology and the policies that govern its use by people within the organization123. References: The BCS Foundation Certificate in Information Security Management Principles outlines the importance of understanding the concepts relating to information security management, which includes the knowledge of controls and characteristics that are essential for managing the security of information systems4. Additionally, the benefits of MDM in securing mobile and BYOD environments are well-documented, further supporting its selection as the most appropriate technology for Geoff's requirements123.

NEW QUESTION # 53
What is the name of the method used to illicitly target a senior person in an organisation so as to try to coerce them Into taking an unwanted action such as a misdirected high-value payment?

• A. Trawling.
• B. Whaling.
• C. Spear-phishing.
• D. C-suite spamming.

Answer: C

NEW QUESTION # 54
What Is the root cause as to why SMS messages are open to attackers and abuse?

• A. There are only two mobile phone platforms - Android and iOS - reducing the number of target environments.
• B. The vast majority of mobile phones globally support the SMS protocol inexpensively.
• C. SMS technology was never intended to be used to transmit high risk content such as One-time payment codes.
• D. The store and forward nature of SMS means it is considered a 'fire and forget service'.

Answer: C

Explanation:
SMS technology was originally designed for casual, low-security communication. It lacks the robust security features required for transmitting sensitive information, such as one-time payment codes. The protocol does not encrypt messages, leaving them vulnerable to interception during transmission. Furthermore, the widespread adoption of SMS for various services has made it an attractive target for attackers, leading to exploitation through methods like SIM swapping, phishing, and other forms of abuse12.
References: The explanation is based on the general knowledge of SMS technology's limitations and security vulnerabilities, as well as information from sources discussing SMS attacks and mitigation strategies12.

NEW QUESTION # 55
Which algorithm is a current specification for the encryption of electronic data established by NIST?

• A. AES.
• B. RSA.
• C. DES.
• D. PGP.

Answer: A

Explanation:
The Advanced Encryption Standard (AES) is the current specification for the encryption of electronic data established by the National Institute of Standards and Technology (NIST). AES is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information, converting data to an unintelligible form called ciphertext and back to its original form, plaintext. The AES algorithm is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits. It was selected by NIST as a Federal Information Processing Standard (FIPS) to protect electronic data and is widely recognized and used for secure data encryption1.
References: The BCS Foundation Certificate in Information Security Management Principles outlines the importance of understanding various encryption algorithms, including AES, for protecting electronic data. The NIST publication on AES provides detailed information about the standard and its application1.

NEW QUESTION # 56
What Is the first yet MOST simple and important action to take when setting up a new web server?

• A. Fully encrypt the hard disk.
• B. Apply hardening to all applications.
• C. Change default system passwords.
• D. Patch the OS to the latest version

Answer: B

NEW QUESTION # 57
In a security governance framework, which of the following publications would be at the HIGHEST level?

• A. Policy.
• B. Guidelines
• C. Standards
• D. Procedures.

Answer: D

NEW QUESTION # 58
When establishing objectives for physical security environments, which of the following functional controls SHOULD occur first?

• A. Delay.
• B. Deny.
• C. Deter.
• D. Drop.

Answer: C

NEW QUESTION # 59
When an organisation decides to operate on the public cloud, what does it lose?

• A. Control over Intellectual Property Rights relating to its applications.
• B. Physical access to the servers hosting its information.
• C. The ability to determine in which geographies the information is stored.
• D. The right to audit and monitor access to its information.

Answer: B

Explanation:
When an organization opts for public cloud services, it relinquishes direct control over many aspects of security and privacy. While the cloud service provider maintains the physical servers, the organization loses the ability to physically access these servers. This is a significant shift from traditional on-premises data centers where the organization would have complete control over and access to the physical infrastructure. In the context of the public cloud, the organization must rely on the cloud provider's security measures and protocols to protect its data. However, it's important to note that while physical access is lost, cloud providers typically offer robust security features and compliance certifications that can compensate for this loss12.
References: The information provided aligns with the principles outlined in the BCS Foundation Certificate in Information Security Management Principles, which emphasizes the importance of understanding the security controls and risks associated with different types of information security management environments3. Additionally, the National Institute of Standards and Technology (NIST) provides guidelines on security and privacy in public cloud computing, which discuss the shared responsibility model and the implications of losing physical control over servers2.

NEW QUESTION # 60
What term refers to the shared set of values within an organisation that determine how people are expected to behave in regard to information security?

• A. System Operating Procedures.
• B. Code of Ethics.
• C. Security Policy Framework.
  https://www.cpni.gov.uk/developing-security-culture#:~:text=Developing%20a%20Security%20Culture,-What%20type%20of&text=Security%20culture%20refers%20to%20the,think%20about%20and%20approach%20security.&text=Employees%20are%20more%20likley%20to%20think%20and%20act%20in%20a%20security%20conscious%20manner
• D. Security Culture.

Answer: D

NEW QUESTION # 61
How might the effectiveness of a security awareness program be effectively measured?
1) Employees are required to take an online multiple choice exam on security principles.
2) Employees are tested with social engineering techniques by an approved penetration tester.
3) Employees practice ethical hacking techniques on organisation systems.
4) No security vulnerabilities are reported during an audit.
5) Open source intelligence gathering is undertaken on staff social media profiles.

• A. 3, 4 and 5.
• B. 1, 2 and 5.
• C. 1, 2 and 3.
• D. 2, 4 and 5.

Answer: C

NEW QUESTION # 62
How does the use of a "single sign-on" access control policy improve the security for an organisation implementing the policy?

• A. Access control logs are centrally located.
• B. Helps prevent the likelihood of users writing down passwords.
• C. Password is better encrypted for system authentication.
• D. Decreases the complexity of passwords users have to remember.

Answer: B

Explanation:
Single sign-on (SSO) is an access control policy that allows users to authenticate with multiple applications and services by logging in only once. This approach improves security by reducing the number of credentials users must manage, which in turn decreases the likelihood of users writing down passwords. When users have to remember multiple complex passwords, they are more likely to write them down, use simple passwords, or repeat the same password across different services, all of which are security risks. SSO simplifies the login process, which can lead to stronger, unique passwords and reduce the risk of password-related breaches.
References: The BCS Foundation Certificate in Information Security Management Principles provides a comprehensive overview of information security management, including the effectiveness of different types of controls, which supports the understanding of how SSO can enhance an organization's security posture1.

NEW QUESTION # 63
Which of the following is often the final stage in the information management lifecycle?

• A. Creation.
• B. Disposal.
• C. Use.
• D. Publication.

Answer: B

Explanation:
The final stage in the information management lifecycle is often disposal. This stage involves the secure deletion or destruction of information that is no longer needed or has reached the end of its retention period.
Proper disposal is crucial to prevent unauthorized access or recovery of sensitive data. It ensures compliance with data protection regulations and organizational policies regarding the retention and destruction of data.
References: The BCS Foundation Certificate in Information Security Management Principles highlights the importance of managing information throughout its lifecycle, including the final stage of disposal. This aligns with industry best practices and standards such as ISO/IEC 27001, which includes requirements for the secure disposal of information1. Additionally, the Information Lifecycle Management (ILM) framework also identifies disposal as a key phase, emphasizing the need for policies and procedures to manage the end-of-life of information assets1.

NEW QUESTION # 64
What types of web application vulnerabilities continue to be the MOST prolific according to the OWASP Top 10?

• A. Injection Flaws.
• B. Insecure Deserialsiation.
• C. Poor Password Management.
• D. Security Misconfiguration

Answer: A

NEW QUESTION # 65
Which of the following statements relating to digital signatures is TRUE?

• A. A digital signature that uses a signer's private key is illegal.
• B. Digital signatures are legal unless there is a statutory requirement that predates the digital age.
• C. Digital signatures are rarely legally enforceable even if the signers know they are signing a legal document.
• D. Digital signatures are valid and enforceable in law in most countries in the world.

Answer: B

NEW QUESTION # 66
......

Latest 100% Passing Guarantee - Brilliant CISMP-V9 Exam Questions PDF: https://www.passcollection.com/CISMP-V9_real-exams.html

CISMP-V9 Exam Dumps - Try Best CISMP-V9 Exam Questions: https://drive.google.com/open?id=1Amr8SN9Yqg1Ziz5KEpBLFcn_OJf4_KoP