[Feb-2023] BCS CISMP-V9 Exam Practice Test Questions - ExamcollectionPass [Q48-Q62]

4/5 - (3 votes)

[Feb-2023] BCS CISMP-V9 Exam Practice Test Questions – ExamcollectionPass

Updated Certification Exam CISMP-V9 Dumps – Practice Test Questions

QUESTION 48
What Is the PRIMARY difference between DevOps and DevSecOps?

Within DevSecOps security is introduced at the end of development immediately prior to deployment.

DevSecOps focuses solely on iterative development cycles.

DevSecOps includes security on the same level as continuous integration and delivery.

DevOps mandates that security is integrated at the beginning of the development lifecycle.
https://www.viva64.com/en/b/0710/#:~:text=DevOps%20is%20a%20methodology%20aiming,in%20the%20software%20development%20process.&text=DevSecOps%20is%20a%20further%20development,code%20quality%20and%20reliability%20assurance.

QUESTION 49
Which of the following acronyms covers the real-time analysis of security alerts generated by applications and network hardware?

CERT

SIEM.

CISM.

DDoS.
https://en.wikipedia.org/wiki/Security_information_and_event_management

QUESTION 50
Which security concept provides redundancy in the event a security control failure or the exploitation of a vulnerability?

System Integrity.

Sandboxing.

Intrusion Prevention System.

Defence in depth.
https://en.wikipedia.org/wiki/Defense_in_depth_(computing)

QUESTION 51
Which type of facility is enabled by a contract with an alternative data processing facility which will provide HVAC, power and communications infrastructure as well computing hardware and a duplication of organisations existing “live” data?

Cold site.

Warm site.

Hot site.

Spare site

QUESTION 52
Which of the following is considered to be the GREATEST risk to information systems that results from deploying end-to-end Internet of Things (IoT) solutions?

Use of ‘cheap” microcontroller based sensors.

Much larger attack surface than traditional IT systems.

Use of proprietary networking protocols between nodes.

Use of cloud based systems to collect loT data.

QUESTION 53
Why might the reporting of security incidents that involve personal data differ from other types of security incident?

Personal data is not highly transient so its 1 investigation rarely involves the preservation of volatile memory and full forensic digital investigation.

Personal data is normally handled on both IT and non-IT systems so such incidents need to be managed in two streams.

Data Protection legislation normally requires the reporting of incidents involving personal data to a Supervisory Authority.

Data Protection legislation is process-oriented and focuses on quality assurance of procedures and governance rather than data-focused event investigation

QUESTION 54
What Is the PRIMARY reason for organisations obtaining outsourced managed security services?

Managed security services permit organisations to absolve themselves of responsibility for security.

Managed security services are a de facto requirement for certification to core security standards such as ISG/IEC 27001

Managed security services provide access to specialist security tools and expertise on a shared, cost-effective basis.

Managed security services are a powerful defence against litigation in the event of a security breach or incident

QUESTION 55
By what means SHOULD a cloud service provider prevent one client accessing data belonging to another in a shared server environment?

By ensuring appropriate data isolation and logical storage segregation.

By using a hypervisor in all shared severs.

By increasing deterrent controls through warning messages.

By employing intrusion detection systems in a VMs.

QUESTION 56
Which of the following types of organisation could be considered the MOST at risk from the theft of electronic based credit card data?

Online retailer.

Traditional market trader.

Mail delivery business.

Agricultural producer.

QUESTION 57
Once data has been created In a standard information lifecycle, what step TYPICALLY happens next?

Data Deletion.

Data Archiving.

Data Storage.

Data Publication

QUESTION 58
Which of the following subjects is UNLIKELY to form part of a cloud service provision laaS contract?

User security education.

Intellectual Property Rights.

End-of-service.

Liability

QUESTION 59
As well as being permitted to access, create, modify and delete information, what right does an Information Owner NORMALLY have in regard to their information?

To assign access privileges to others.

To modify associated information that may lead to inappropriate disclosure.

To access information held in the same format and file structure.

To delete all indexed data in the dataset.

QUESTION 60
Which of the following is NOT an information security specific vulnerability?

Use of HTTP based Apache web server.

Unpatched Windows operating system.

Confidential data stored in a fire safe.

Use of an unlocked filing cabinet.

QUESTION 61
When securing a wireless network, which of the following is NOT best practice?

Using WPA encryption on the wireless network.

Use MAC tittering on a SOHO network with a smart group of clients.

Dedicating an access point on a dedicated VLAN connected to a firewall.

Turning on SSID broadcasts to advertise security levels.

QUESTION 62
In order to better improve the security culture within an organisation with a top down approach, which of the following actions at board level is the MOST effective?

Appointment of a Chief Information Security Officer (CISO).

Purchasing all senior executives personal firewalls.

Adopting an organisation wide “clear desk” policy.

Developing a security awareness e-learning course.

Loading …