CISMP-V9 Online Practice Questions and Answers

Which of the following is NOT an accepted classification of security controls?

A. Nominative.

B. Preventive.

C. Detective.

D. Corrective.

In a security governance framework, which of the following publications would be at the HIGHEST level?

A. Procedures.

B. Standards

C. Policy.

D. Guidelines

Which of the following describes a qualitative risk assessment approach?

A. A subjective assessment of risk occurrence likelihood against the potential impact that determines the overall severity of a risk.

B. The use of verifiable data to predict the risk occurrence likelihood and the potential impact so as to determine the overall severity of a risk.

C. The use of Monte-Carlo Analysis and Layers of Protection Analysis (LOPA) to determine the overall severity of a risk.

D. The use of Risk Tolerance and Risk Appetite values to determine the overall severity of a risk

What Is the KEY purpose of appending security classification labels to information?

A. To provide guidance and instruction on implementing appropriate security controls to protect the information.

B. To comply with whatever mandatory security policy framework is in place within the geographical location in question.

C. To ensure that should the information be lost in transit, it can be returned to the originator using the correct protocols.

D. To make sure the correct colour-coding system is used when the information is ready for archive.

Which of the following compliance legal requirements are covered by the ISO/IEC 27000 series?

1.

Intellectual Property Rights.

2.

Protection of Organisational Records

3.

Forensic recovery of data.

4.

Data Deduplication.

5.

Data Protection and Privacy.

A. 1, 2 and 3

B. 3, 4 and 5

C. 2, 3 and 4

D. 1, 2 and 5

Why have MOST European countries developed specific legislation that permits police and security services to monitor communications traffic for specific purposes, such as the detection of crime?

A. Under the European Convention of Human Rights, the interception of telecommunications represents an interference with the right to privacy.

B. GDPR overrides all previous legislation on information handling, so new laws were needed to ensure authorities did not inadvertently break the law.

C. Police could previously intercept without lawful authority any communications in the course of transmission through a public post or telecoms system.

D. Surveillance of a conversation or an online message by law enforcement agents was previously illegal due to the 1950 version of the Human Rights Convention.

Which term is used to describe the set of processes that analyses code to ensure defined coding practices are being followed?

A. Quality Assurance and Control

B. Dynamic verification.

C. Static verification.

D. Source code analysis.

Which of the following uses are NOT usual ways that attackers have of leveraging botnets?

A. Generating and distributing spam messages.

B. Conducting DDOS attacks.

C. Scanning for system and application vulnerabilities.

D. Undertaking vishing attacks

When securing a wireless network, which of the following is NOT best practice?

A. Using WPA encryption on the wireless network.

B. Use MAC tittering on a SOHO network with a smart group of clients.

C. Dedicating an access point on a dedicated VLAN connected to a firewall.

D. Turning on SSID broadcasts to advertise security levels.

Which of the following controls would be the MOST relevant and effective in detecting zero day attacks?

A. Strong OS patch management

B. Vulnerability assessment

C. Signature-based intrusion detection.

D. Anomaly based intrusion detection.