Try Before You Buy

Download a free sample of any of our exam questions and answers

  • 24/7 customer support, Secure shopping site
  • Free One year updates to match real exam scenarios
  • If you failed your exam after buying our products we will refund the full amount back to you.
Free Download
  • Home
  • Articles
  • CISMP-V9 Exam Dumps - PDF Questions and Testing Engine [Q29-Q51]

CISMP-V9 Exam Dumps - PDF Questions and Testing Engine [Q29-Q51]

Share

CISMP-V9 Exam Dumps - PDF Questions and Testing Engine

CISMP-V9 Dumps - The Sure Way To Pass Exam

NEW QUESTION # 29
In terms of security culture, what needs to be carried out as an integral part of security by all members of an organisation and is an essential component to any security regime?

  • A. Access denial measures
  • B. The 'need to known principle.
  • C. Appropriate behaviours.
  • D. Verification of visitor's ID

Answer: A


NEW QUESTION # 30
How might the effectiveness of a security awareness program be effectively measured?
1) Employees are required to take an online multiple choice exam on security principles.
2) Employees are tested with social engineering techniques by an approved penetration tester.
3) Employees practice ethical hacking techniques on organisation systems.
4) No security vulnerabilities are reported during an audit.
5) Open source intelligence gathering is undertaken on staff social media profiles.

  • A. 2, 4 and 5.
  • B. 1, 2 and 3.
  • C. 3, 4 and 5.
  • D. 1, 2 and 5.

Answer: B


NEW QUESTION # 31
Which of the following is NOT considered to be a form of computer misuse?

  • A. Illegal access to computer systems.
  • B. Illegal retention of personal data.
  • C. Illegal interception of information.
  • D. Downloading of pirated software.

Answer: B


NEW QUESTION # 32
What type of attack could directly affect the confidentiality of an unencrypted VoIP network?

  • A. Brute Force Attack.
  • B. Ransomware.
  • C. Vishing Attack
  • D. Packet Sniffing.

Answer: D

Explanation:
Packet sniffing is a type of network attack that can directly affect the confidentiality of an unencrypted VoIP network. In packet sniffing, an attacker captures data packets as they travel across the network. Since VoIP calls transmit voice data in the form of data packets, an unencrypted VoIP network is particularly vulnerable to this type of attack. The attacker can potentially listen to the conversations or extract sensitive information from these packets. This compromises the confidentiality principle of information security, which aims to protect information from unauthorized disclosure12.
Brute Force Attack (B) and Ransomware are more related to the integrity and availability of systems rather than confidentiality. Vishing Attack (D) is a form of phishing which involves social engineering over telephone systems but does not directly affect the network's confidentiality like packet sniffing does.
References :=
* Information Security Management Principles, 3rd Edition1.
* VoIP Hacking: How It Works & How to Protect Your VoIP Phone3.


NEW QUESTION # 33
What Is the first yet MOST simple and important action to take when setting up a new web server?

  • A. Change default system passwords.
  • B. Apply hardening to all applications.
  • C. Patch the OS to the latest version
  • D. Fully encrypt the hard disk.

Answer: B


NEW QUESTION # 34
What form of attack against an employee has the MOST impact on their compliance with the organisation's "code of conduct"?

  • A. Brute Force Attack.
  • B. Ransomware.
  • C. Denial of Service.
  • D. Social Engineering.

Answer: C


NEW QUESTION # 35
How does the use of a "single sign-on" access control policy improve the security for an organisation implementing the policy?

  • A. Decreases the complexity of passwords users have to remember.
  • B. Access control logs are centrally located.
  • C. Helps prevent the likelihood of users writing down passwords.
  • D. Password is better encrypted for system authentication.

Answer: C

Explanation:
Single sign-on (SSO) is an access control policy that allows users to authenticate with multiple applications and services by logging in only once. This approach improves security by reducing the number of credentials users must manage, which in turn decreases the likelihood of users writing down passwords. When users have to remember multiple complex passwords, they are more likely to write them down, use simple passwords, or repeat the same password across different services, all of which are security risks. SSO simplifies the login process, which can lead to stronger, unique passwords and reduce the risk of password-related breaches.
References: The BCS Foundation Certificate in Information Security Management Principles provides a comprehensive overview of information security management, including the effectiveness of different types of controls, which supports the understanding of how SSO can enhance an organization's security posture1.


NEW QUESTION # 36
Which security concept provides redundancy in the event a security control failure or the exploitation of a vulnerability?

  • A. Sandboxing.
  • B. Intrusion Prevention System.
  • C. Defence in depth.
  • D. System Integrity.

Answer: C

Explanation:
Defence in depth is a security concept that involves implementing multiple layers of security controls throughout an information system. The idea is that if one control fails or a vulnerability is exploited, other controls will provide redundancy and continue to protect the system. This approach is analogous to a physical fortress with multiple walls; if an attacker breaches one wall, additional barriers exist to stop them from progressing further. In the context of information security, this could include a combination of firewalls, intrusion detection systems, antivirus software, and strict access controls, among others. Defence in depth is designed to address security vulnerabilities not only in technology but also in processes and people, acknowledging that human error or negligence can often lead to security breaches.
References: The concept of defence in depth aligns with the Information Security Management Principles as outlined by BCS, particularly under the domains of Technical Security Controls and Disaster Recovery and Business Continuity Management. It is alsosupported by various industry sources that describe defence in depth as a strategy that leverages multiple security measures to protect an organization's assets12345.
Online retailers are the most at risk for the theft of electronic-based credit card data due to the nature of their business, which involves processing a large volume of transactions over the internet. This exposes them to various cyber threats, including hacking, phishing, and other forms of cyber-attacks that can compromise credit card information. Traditional market traders, mail delivery businesses, and agricultural producers typically do not handle credit card transactions to the same extent or in the same electronic manner as online retailers, making them less likely targets for this specific type of data theft.
The principles of Information Security Management emphasize the importance of protecting sensitive data, such as credit card information, through technical security controls and risk management practices. Online retailers must implement robust security measures, including encryption, secure payment gateways, and regular security audits, to mitigate the risks associated with electronic transactions12.
References :=
* BCS Information Security Management Principles, particularly the sections on Technical Security Controls and Information Risk, provide guidance on protecting electronic data and managing the associated risks1.
* Additional insights can be found in the Information Security Management Principles, 3rd Edition by Andy Taylor, David Alexander, Amanda Finch, David Sutton2.


NEW QUESTION # 37
A system administrator has created the following "array" as an access control for an organisation.
Developers: create files, update files.
Reviewers: upload files, update files.
Administrators: upload files, delete fifes, update files.
What type of access-control has just been created?

  • A. Mandatory access control.
  • B. Rule based access control.
  • C. Role based access control.
  • D. Task based access control.

Answer: C

Explanation:
The access control method described is Role-Based Access Control (RBAC). In RBAC, access permissions are based on the roles within an organization, and users are assigned to these roles based on their responsibilities and qualifications. Each role has a defined set of access permissions to perform certain operations. This method simplifies management and ensures that only authorized users can perform actions relevant to their role. For instance, 'Developers' can create and update files, 'Reviewers' can upload and update files, and 'Administrators' have the rights to upload, delete, and update files. This aligns with the RBAC model where permissions are grouped by role rather than by individual user, making it easier to manage and audit.
References: The BCS Foundation Certificate in Information Security Management Principles provides a framework for understanding the principles of information security management, including access control mechanisms like RBAC12.


NEW QUESTION # 38
Which term describes the acknowledgement and acceptance of ownership of actions, decisions, policies and deliverables?

  • A. Accountability.
  • B. Confidentiality.
    https://hr.nd.edu/assets/17442/behavior_model_4_ratings_3_.pdf
  • C. Responsibility.
  • D. Credibility.

Answer: A


NEW QUESTION # 39
Which of the following controls would be the MOST relevant and effective in detecting zero day attacks?

  • A. Vulnerability assessment
  • B. Anomaly based intrusion detection.
    https://www.sciencedirect.com/topics/computer-science/zero-day-attack
  • C. Strong OS patch management
  • D. Signature-based intrusion detection.

Answer: A


NEW QUESTION # 40
By what means SHOULD a cloud service provider prevent one client accessing data belonging to another in a shared server environment?

  • A. By employing intrusion detection systems in a VMs.
  • B. By using a hypervisor in all shared severs.
  • C. By ensuring appropriate data isolation and logical storage segregation.
  • D. By increasing deterrent controls through warning messages.

Answer: A


NEW QUESTION # 41
When seeking third party digital forensics services, what two attributes should one seek when making a choice of service provider?

  • A. Clean credit references as well as international experience.
  • B. Appropriate company accreditation and staff certification.
  • C. Affiliation with local law enforcement bodies and local government regulations.
  • D. Formal certification to ISO/IEC 27001 and alignment with ISO 17025.

Answer: B

Explanation:
When selecting a third-party digital forensics service provider, it is crucial to ensure that the company has the appropriate accreditations and the staff hold relevant certifications. This ensures that the service provider adheres to recognized standards and best practices in digital forensics, which is essential for the integrity and admissibility of evidence. Company accreditation provides assurance that the organization follows industry-recognized quality standards, while staff certification demonstrates that the individuals handling the forensic process are qualified and competent. This combination is vital for maintaining the credibility of the forensic investigation and the security of the data handled.
References: The BCS Foundation Certificate in Information Security Management Principles emphasizes the importance of management issues, including risk management, security standards, and legislation, which are relevant when considering third-party services1.


NEW QUESTION # 42
Which of the following cloud delivery models is NOT intrinsically "trusted" in terms of security by clients using the service?

  • A. Private.
  • B. Public.
  • C. Hybrid.
  • D. Community

Answer: D


NEW QUESTION # 43
Which of the following is often the final stage in the information management lifecycle?

  • A. Disposal.
  • B. Creation.
  • C. Use.
  • D. Publication.

Answer: A

Explanation:
The final stage in the information management lifecycle is often disposal. This stage involves the secure deletion or destruction of information that is no longer needed or has reached the end of its retention period.
Proper disposal is crucial to prevent unauthorized access or recovery of sensitive data. It ensures compliance with data protection regulations and organizational policies regarding the retention and destruction of data.
References: The BCS Foundation Certificate in Information Security Management Principles highlights the importance of managing information throughout its lifecycle, including the final stage of disposal. This aligns with industry best practices and standards such as ISO/IEC 27001, which includes requirements for the secure disposal of information1. Additionally, the Information Lifecycle Management (ILM) framework also identifies disposal as a key phase, emphasizing the need for policies and procedures to manage the end-of-life of information assets1.


NEW QUESTION # 44
In a virtualised cloud environment, what component is responsible for the secure separation between guest machines?

  • A. Guest Manager
  • B. Security Engine.
  • C. OS Kernal
  • D. Hypervisor.

Answer: A


NEW QUESTION # 45
When a digital forensics investigator is conducting art investigation and handling the original data, what KEY principle must they adhere to?

  • A. Ensure they do not handle the evidence as that must be done by law enforcement officers.
  • B. Ensure they are being observed by a senior investigator in all actions.
  • C. Ensure they are competent to be able to do so and be able to justify their actions.
  • D. Ensure the data has been adjusted to meet the investigation requirements.

Answer: C


NEW QUESTION # 46
When handling and investigating digital evidence to be used in a criminal cybercrime investigation, which of the following principles is considered BEST practice?

  • A. Digital devices must be forensically "clean" before investigation.
  • B. Digital evidence must not be altered unless absolutely necessary.
  • C. Acquiring digital evidence cart only be carried on digital devices which have been turned off.
  • D. Digital evidence can only be handled by a member of law enforcement.

Answer: A

Explanation:
The best practice when handling and investigating digital evidence for use in a criminal cybercrime investigation is to ensure that digital devices are forensically "clean" before any investigation takes place. This means that the devices should be free from any potential contamination that could compromise the integrity of the evidence. It's crucial to maintain the original state of digital evidence as much as possible to ensure its admissibility in court. Altering digital evidence should be avoided unless it's absolutely necessary for the investigation, and even then, it should be done following strict protocols to document the changes made.
While law enforcement often handles digital evidence, the principle of maintaining a forensically clean state applies universally to ensure the evidence remains untainted and reliable.
References: The BCS Foundation Certificate in Information Security Management Principles emphasizes the importance of maintaining the integrity and reliability of digital evidence. It outlines the procedures and controls that should be in place when dealing with digital evidence, which includes ensuring devices are forensically clean before investigation1.


NEW QUESTION # 47
When considering outsourcing the processing of data, which two legal "duty of care" considerations SHOULD the original data owner make?
1 Third party is competent to process the data securely.
2. Observes the same high standards as data owner.
3. Processes the data wherever the data can be transferred.
4. Archive the data for long term third party's own usage.

  • A. 3 and 4.
  • B. 1 and 2.
  • C. 1 and 4.
  • D. 2 and 3.

Answer: C


NEW QUESTION # 48
Which of the following statements relating to digital signatures is TRUE?

  • A. A digital signature that uses a signer's private key is illegal.
  • B. Digital signatures are legal unless there is a statutory requirement that predates the digital age.
  • C. Digital signatures are valid and enforceable in law in most countries in the world.
  • D. Digital signatures are rarely legally enforceable even if the signers know they are signing a legal document.

Answer: C

Explanation:
Digital signatures are a form of electronic signature that uses cryptographic techniques to provide secure and verifiable means of signing electronic documents. They are widely recognized and accepted as legally binding in many jurisdictions around the world. The enforceability of digital signatures is backed by various laws and regulations that recognize electronic signatures as equivalent to handwritten signatures, provided they meet certain criteria for authenticity and integrity. For instance, in the United States, the ESIGN Act establishes the legal validity of electronic signatures, including digital signatures1. Similarly, the eIDAS regulation in the European Union provides a legal framework for electronic signatures and trust services, including digital signatures2.
References := The BCS Foundation Certificate in Information Security Management Principles addresses the legal aspects of information security, including the enforceability of digital signatures. It aligns with international standards and practices that affirm the legal validity of digital signatures, as reflected in documents such as the ESIGN Act and the eIDAS regulation34.


NEW QUESTION # 49
In order to better improve the security culture within an organisation with a top down approach, which of the following actions at board level is the MOST effective?

  • A. Adopting an organisation wide "clear desk" policy.
  • B. Purchasing all senior executives personal firewalls.
  • C. Developing a security awareness e-learning course.
  • D. Appointment of a Chief Information Security Officer (CISO).

Answer: D

Explanation:
Appointing a Chief Information Security Officer (CISO) is the most effective action at the board level to improve the security culture within an organization using a top-downapproach. The CISO plays a critical role in establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO is responsible for leading the development and implementation of a security program across all aspects of the organization, which includes aligning security initiatives with business objectives, managing risk, and ensuring compliance with relevant laws and regulations. This strategic role not only helps in creating a robust security posture but also promotes a culture of security awareness throughout the organization. By having a dedicated executive responsible for security, it sends a clear message that the organization prioritizes information security and is committed to protecting its assets and stakeholders.
References: = The BCS Foundation Certificate in Information Security Management Principles emphasizes the importance of leadership and governance in the context of information security management, which includes the appointment of key roles such as the CISO1. Additionally, industry best practices and guidelines often recommend the appointment of a CISO as a critical step in fostering a strong security culture from the top down23.


NEW QUESTION # 50
Ensuring the correctness of data inputted to a system is an example of which facet of information security?

  • A. Integrity.
  • B. Authenticity.
  • C. Availability.
  • D. Confidentiality.

Answer: A


NEW QUESTION # 51
......


BCS CISMP-V9 exam, also known as the BCS Foundation Certificate in Information Security Management Principles V9.0, is a globally recognized certification program offered by BCS, The Chartered Institute for IT. BCS Foundation Certificate in Information Security Management Principles V9.0 certification is designed to assess the candidate's knowledge and understanding of key information security concepts, principles, and practices, including risk management, security policies, cryptography, and regulatory compliance.

 

Pass BCS CISMP-V9 Exam Quickly With BraindumpsIT: https://www.braindumpsit.com/CISMP-V9_real-exam.html

Related Articles

more
BCS CISMP-V9 Certification Practice Exam

The passing rate of BraindumpsIT braindumps pdf is about 98%~100% for all IT certification examinations. BraindumpsIT braindumps pdf helps you pass exam for sure.

Latest Pass Braindumps Exam

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 BraindumpsIT NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
BraindumpsIT doesn't offer Real SAP Exam Questions. The site is in no way affiliated with SAP SE.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
BraindumpsIT material do not contain actual actual Oracle Exam Questions or material.
BraindumpsIT doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
BraindumpsIT Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
BraindumpsIT.com does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. BraindumpsIT does not own or claim any ownership on any of the brands.