• Home
  • Articles
  • BCS CISMP-V9 Exam Dumps [2021] Practice Valid Exam Dumps Question [Q22-Q43]

BCS CISMP-V9 Exam Dumps [2021] Practice Valid Exam Dumps Question [Q22-Q43]

Share

BCS CISMP-V9 Exam Dumps [2021] Practice Valid Exam Dumps Question

CISMP-V9 Dumps - Grab Out For [NEW-2021] BCS Exam

NEW QUESTION 22
Which of the following international standards deals with the retention of records?

  • A. ISO/IEC 27002.
  • B. IS015489.
  • C. PCI DSS.
  • D. RFC1918.

Answer: B

 

NEW QUESTION 23
Which of the following is often the final stage in the information management lifecycle?

  • A. Use.
  • B. Creation.
  • C. Disposal.
  • D. Publication.
    https://timg.co.nz/blog-the-information-management-life-cycle/

Answer: C

 

NEW QUESTION 24
Which of the following cloud delivery models is NOT intrinsically "trusted" in terms of security by clients using the service?

  • A. Public.
  • B. Hybrid.
  • C. Private.
  • D. Community

Answer: D

 

NEW QUESTION 25
Which standard deals with the implementation of business continuity?

  • A. IS0223G1.
  • B. BS5750.
  • C. ISO/IEC 27001
  • D. COBIT

Answer: C

 

NEW QUESTION 26
In business continuity (BC) terms, what is the name of the individual responsible for recording all pertinent information associated with a BC exercise or real plan invocation?

  • A. Desk secretary.
  • B. Scrum Master.
  • C. Recorder.
  • D. Scribe.

Answer: C

 

NEW QUESTION 27
Which of the following statements relating to digital signatures is TRUE?

  • A. Digital signatures are legal unless there is a statutory requirement that predates the digital age.
  • B. Digital signatures are valid and enforceable in law in most countries in the world.
  • C. Digital signatures are rarely legally enforceable even if the signers know they are signing a legal document.
  • D. A digital signature that uses a signer's private key is illegal.

Answer: A

 

NEW QUESTION 28
Which of the following is MOST LIKELY to be described as a consequential loss?

  • A. Service disruption.
  • B. Reputation damage.
  • C. Monetary theft.
  • D. Processing errors.

Answer: B

 

NEW QUESTION 29
What does a penetration test do that a Vulnerability Scan does NOT?

  • A. A penetration test never uses common tools such as Nrnap, Nessus and Metasploit.
  • B. A penetration test looks for known vulnerabilities and reports them without further action.
  • C. A penetration test is always an automated process - a vulnerability scan never is.
  • D. A penetration test seeks to actively exploit any known or discovered vulnerabilities.

Answer: B

 

NEW QUESTION 30
Which of the following is a framework and methodology for Enterprise Security Architecture and Service Management?

  • A. SABSA
  • B. TOGAF
  • C. PCI DSS.
  • D. OWASP.

Answer: A

 

NEW QUESTION 31
One traditional use of a SIEM appliance is to monitor for exceptions received via syslog.
What system from the following does NOT natively support syslog events?

  • A. Linux Web Server Appliances.
  • B. Windows Desktop Systems.
  • C. Enterprise Stateful Firewall.
  • D. Enterprise Wireless Access Point.

Answer: A

 

NEW QUESTION 32
A system administrator has created the following "array" as an access control for an organisation.
Developers: create files, update files.
Reviewers: upload files, update files.
Administrators: upload files, delete fifes, update files.
What type of access-control has just been created?

  • A. Mandatory access control.
  • B. Rule based access control.
  • C. Role based access control.
  • D. Task based access control.

Answer: B

 

NEW QUESTION 33
What Is the PRIMARY security concern associated with the practice known as Bring Your Own Device (BYOD) that might affect a large organisation?

  • A. Privately owned end user devices are not provided with the same volume nor frequency of security patch updates as a corporation.
  • B. The organisation has significantly less control over the device than over a corporately provided and managed device.
  • C. Under GDPR it is illegal for an individual to use a personal device when handling personal information under corporate control.
  • D. Most BYOD involves the use of non-Windows hardware which is intrinsically insecure and open to abuse.

Answer: D

 

NEW QUESTION 34
Which of the following subjects is UNLIKELY to form part of a cloud service provision laaS contract?

  • A. Intellectual Property Rights.
  • B. Liability
  • C. End-of-service.
  • D. User security education.

Answer: B

 

NEW QUESTION 35
Which of the following acronyms covers the real-time analysis of security alerts generated by applications and network hardware?

  • A. DDoS.
    https://en.wikipedia.org/wiki/Security_information_and_event_management
  • B. CERT
  • C. SIEM.
  • D. CISM.

Answer: C

 

NEW QUESTION 36
What Is the PRIMARY reason for organisations obtaining outsourced managed security services?

  • A. Managed security services permit organisations to absolve themselves of responsibility for security.
  • B. Managed security services are a de facto requirement for certification to core security standards such as ISG/IEC 27001
  • C. Managed security services provide access to specialist security tools and expertise on a shared, cost-effective basis.
  • D. Managed security services are a powerful defence against litigation in the event of a security breach or incident

Answer: A

 

NEW QUESTION 37
When calculating the risk associated with a vulnerability being exploited, how is this risk calculated?

  • A. Risk = Likelihood / Impact.
  • B. Risk = Likelihood * Impact.
  • C. Risk = Threat * Likelihood.
  • D. Risk = Vulnerability / Threat.

Answer: D

 

NEW QUESTION 38
In software engineering, what does 'Security by Design" mean?

  • A. All code meets the technical requirements of GDPR.
    https://en.wikipedia.org/wiki/Secure_by_design#:~:text=Secure%20by%20design%20(SBD)%2C,the%20foundation%20to%20be%20secure.&text=Malicious%20practices%20are%20taken%20for,or%20on%20invalid%20user%20input.
  • B. The software has been designed from its inception to be secure.
  • C. All security software artefacts are subject to a code-checking regime.
  • D. Low Level and High Level Security Designs are restricted in distribution.

Answer: B

 

NEW QUESTION 39
When an organisation decides to operate on the public cloud, what does it lose?

  • A. Control over Intellectual Property Rights relating to its applications.
  • B. The right to audit and monitor access to its information.
  • C. Physical access to the servers hosting its information.
  • D. The ability to determine in which geographies the information is stored.

Answer: B

 

NEW QUESTION 40
In order to maintain the currency of risk countermeasures, how often SHOULD an organisation review these risks?

  • A. A maximum of once every other month.
  • B. When the next risk audit is due.
  • C. Risks remain under constant review.
  • D. Once defined, they do not need reviewing.

Answer: C

 

NEW QUESTION 41
Which standards framework offers a set of IT Service Management best practices to assist organisations in aligning IT service delivery with business goals - including security goals?

  • A. ITIL.
  • B. ISAGA.
    https://www.cherwell.com/it-service-management/library/essential-guides/essential-guide-to-itil-framework-and-processes/
  • C. SABSA.
  • D. COBIT

Answer: A

 

NEW QUESTION 42
Which of the following describes a qualitative risk assessment approach?

  • A. A subjective assessment of risk occurrence likelihood against the potential impact that determines the overall severity of a risk.
  • B. The use of Monte-Carlo Analysis and Layers of Protection Analysis (LOPA) to determine the overall severity of a risk.
  • C. The use of Risk Tolerance and Risk Appetite values to determine the overall severity of a risk
  • D. The use of verifiable data to predict the risk occurrence likelihood and the potential impact so as to determine the overall severity of a risk.

Answer: B

 

NEW QUESTION 43
......

CISMP-V9 Exam Dumps PDF Guaranteed Success  with Accurate & Updated Questions: https://www.test4cram.com/CISMP-V9_real-exam-dumps.html

Pass CISMP-V9 Exam - Real Test Engine PDF with 102 Questions: https://drive.google.com/open?id=1ij4lycd3TKLy-4GkqtHe4jF5AEQ_D5GO

Related Articles

more
BCS CISMP-V9 Certification Practice Exam

Contact Us

Our Working Time: ( GMT 0:00-15:00 )   From Monday to Saturday

Contact now

Test4cram provides latest and valid test questions and dumps which help people pass exam and get the certification they want. We serve every customer at our best and guarantee 100% pass with exam cram pdf.

Disclaimer:
Test4Cram doesn't offer Real Lenovo Exam Questions.
Test4Cram does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Test4Cram does not own or claim any ownership on any of the brands.

Copyright © 2026 Test4Cram NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy