Download
1 / 5
50 likes | 50 Vues
Real CISMP-V9 Exam Questions from Killtest are valid for you to pass CISMP-V9 exam.
E N D
The safer , easier way to help you pass any IT exams. 1.What physical security control would be used to broadcast false emanations to mask the presence of true electromagentic emanations from genuine computing equipment? A. Faraday cage. B. Unshielded cabling. C. Copper infused windows. D. White noise generation. Answer: B 2.In software engineering, what does 'Security by Design”mean? A. Low Level and High Level Security Designs are restricted in distribution. B. All security software artefacts are subject to a code-checking regime. C. The software has been designed from its inception to be secure. D. All code meets the technical requirements of GDPR. Answer: C Explanation: https://en.wikipedia.org/wiki/Secure_by_design#:~:text=Secure%20by%20design%20(SBD)%2C,the%20 foundation%20to%20be%20secure.&text=Malicious%20practices%20are%20taken%20for,or%20on%20 invalid%20user%20input. 3.Which of the following is the MOST important reason for undertaking Continual Professional Development (CPD)within the Information Securitysphere? A. Professional qualification bodies demand CPD. B. Information Security changes constantly and at speed. C. IT certifications require CPD and Security needs to remain credible. D. CPD is a prerequisite of any Chartered Institution qualification. Answer: B 4.What form of training SHOULD developers be undertaking to understand the security of the code they have written and how it can improve security defence whilst being attacked? A. Red Team Training. B. Blue Team Training. C. Black Hat Training. D. Awareness Training. Answer: C 5.What advantage does the delivery of online security training material have over the distribution of printed media? A. Updating online material requires a single edit. Printed material needs to be distributed physically. B. Online training material is intrinsically more accurate than printed material. C. Printed material is a 'discoverable record' and could expose the organisation to litigation in the event of an incident. D. Online material is protected by international digital copyright legislation across most territories. Answer: B CISMP-V9 Information security and CCP scheme certifications BCS Questions Killtest 2 / 4
The safer , easier way to help you pass any IT exams. 6.Why have MOST European countries developed specific legislation that permits police and security services to monitor communications traffic for specific purposes, such as the detection of crime? A. Under the European Convention of Human Rights, the interception of telecommunications represents aninterference with the right toprivacy. B. GDPR overrides all previous legislation on information handling, so new laws were needed to ensure authorities did not inadvertentlybreak the law. C. Police could previously intercept without lawful authority any communications in the course of transmission through a public post ortelecoms system. D. Surveillance of a conversation or an online message by law enforcement agents was previously illegaldue to the 1950 version of the Human Rights Convention. Answer: C CISMP-V9 Information security and CCP scheme certifications BCS Questions Killtest 7.Which algorithm is a current specification for the encryption of electronic data established by NIST? A. RSA. B. AES. C. DES. D. PGP. Answer: B Explanation: https://www.nist.gov/publications/advanced-encryption-standard-aes 8.When calculating the risk associated with a vulnerability being exploited, how is this risk calculated? A. Risk = Likelihood * Impact. B. Risk = Likelihood / Impact. C. Risk = Vulnerability / Threat. D. Risk = Threat * Likelihood. Answer: C 9.In a security governance framework, which of the following publications would be at the HIGHEST level? A. Procedures. B. Standards C. Policy. D. Guidelines Answer: A 10.Which term is used to describe the set of processes that analyses code to ensure defined coding practices are being followed? A. Quality Assurance and Control B. Dynamic verification. C. Static verification. D. Source code analysis. Answer: D 11.How does network visualisation assist in managing information security? 3 / 4
The safer , easier way to help you pass any IT exams. A. Visualisation can communicate large amounts of data in a manner that is a relatively simple way for people to analyse and interpret. B. Visualisation provides structured tables and lists that can be analysed using common tools such as MS Excel. C. Visualisation offers unstructured data that records the entirety of the data in a flat, filterable ftle format. D. Visualisation software operates in a way that is rarely and thereby it is less prone to malware infection. Answer: D 12.What type of attack could directly affect the confidentiality of an unencrypted VoIP network? A. Packet Sniffing. B. Brute Force Attack. C. Ransomware. D. Vishing Attack Answer: B 13.What form of attack against an employee has the MOST impact on their compliance with the organisation's "code of conduct"? A. Brute Force Attack. B. Social Engineering. C. Ransomware. D. Denial of Service. Answer: D 14.Which of the following uses are NOT usual ways that attackers have of leveraging botnets? A. Generating and distributing spam messages. B. Conducting DDOS attacks. C. Scanning for system & application vulnerabilities. D. Undertaking vishing attacks Answer: D 15.Whatis the name of the method used to illicitly target a senior person in an organisation so as to try to coerce them Into taking an unwanted action such as a misdirected high-value payment? A. Whaling. B. Spear-phishing. C. C-suite spamming. D. Trawling. Answer: B CISMP-V9 Information security and CCP scheme certifications BCS Questions Killtest 4 / 4
