CISMP-V9 Online Practice Questions and Answers

Which security concept provides redundancy in the event a security control failure or the exploitation of a vulnerability?

A. System Integrity.

B. Sandboxing.

C. Intrusion Prevention System.

D. Defence in depth.

Which of the following describes a qualitative risk assessment approach?

A. A subjective assessment of risk occurrence likelihood against the potential impact that determines the overall severity of a risk.

B. The use of verifiable data to predict the risk occurrence likelihood and the potential impact so as to determine the overall severity of a risk.

C. The use of Monte-Carlo Analysis and Layers of Protection Analysis (LOPA) to determine the overall severity of a risk.

D. The use of Risk Tolerance and Risk Appetite values to determine the overall severity of a risk

Which of the following compliance legal requirements are covered by the ISO/IEC 27000 series?

1.

Intellectual Property Rights.

2.

Protection of Organisational Records

3.

Forensic recovery of data.

4.

Data Deduplication.

5.

Data Protection and Privacy.

A. 1, 2 and 3

B. 3, 4 and 5

C. 2, 3 and 4

D. 1, 2 and 5

Why have MOST European countries developed specific legislation that permits police and security services to monitor communications traffic for specific purposes, such as the detection of crime?

A. Under the European Convention of Human Rights, the interception of telecommunications represents an interference with the right to privacy.

B. GDPR overrides all previous legislation on information handling, so new laws were needed to ensure authorities did not inadvertently break the law.

C. Police could previously intercept without lawful authority any communications in the course of transmission through a public post or telecoms system.

D. Surveillance of a conversation or an online message by law enforcement agents was previously illegal due to the 1950 version of the Human Rights Convention.

Which of the following is often the final stage in the information management lifecycle?

A. Disposal.

B. Creation.

C. Use.

D. Publication.

What term refers to the shared set of values within an organisation that determine how people are expected to behave in regard to information security?

A. Code of Ethics.

B. Security Culture.

C. System Operating Procedures.

D. Security Policy Framework.

How might the effectiveness of a security awareness program be effectively measured?

1) Employees are required to take an online multiple choice exam on security principles.

2) Employees are tested with social engineering techniques by an approved penetration tester.

3) Employees practice ethical hacking techniques on organisation systems.

4) No security vulnerabilities are reported during an audit.

5) Open source intelligence gathering is undertaken on staff social media profiles.

A. 3, 4 and 5.

B. 2, 4 and 5.

C. 1, 2 and 3.

D. 1, 2 and 5.

One traditional use of a SIEM appliance is to monitor for exceptions received via syslog. What system from the following does NOT natively support syslog events?

A. Enterprise Wireless Access Point.

B. Windows Desktop Systems.

C. Linux Web Server Appliances.

D. Enterprise Stateful Firewall.

Why should a loading bay NEVER be used as a staff entrance?

A. Loading bays are intrinsically vulnerable, so minimising the people traffic makes securing the areas easier and more effective.

B. Loading bays are often dirty places, and staff could find their clothing damaged or made less appropriate for the office.

C. Most countries have specific legislation covering loading bays and breaching this could impact on insurance status.

D. Staff should always enter a facility via a dedicated entrance to ensure smooth access and egress.

What term is used to describe the testing of a continuity plan through a written scenario being used as the basis for discussion and simulation?

A. End-to-end testing.

B. Non-dynamic modeling

C. Desk-top exercise.

D. Fault stressing