CISMP-V9 BCS Exam Questions and Free Practice Test

When calculating the risk associated with a vulnerability being exploited, how is this risk calculated?

A. Risk = Likelihood * Impact.

B. Risk = Likelihood / Impact.

C. Risk = Vulnerability / Threat.

D. Risk = Threat * Likelihood.

Correct Answer:C

What types of web application vulnerabilities continue to be the MOST prolific according to the OWASP Top 10?

A. Poor Password Management.

B. Insecure Deserialsiation.

C. Injection Flaws.

D. Security Misconfiguration

Correct Answer:C

When a digital forensics investigator is conducting art investigation and handling the original data, what KEY principle must they adhere to?

A. Ensure they are competent to be able to do so and be able to justify their actions.

B. Ensure they are being observed by a senior investigator in all actions.

C. Ensure they do not handle the evidence as that mustbe done by law enforcement officers.

D. Ensure the data has been adjusted to meet the investigation requirements.

Correct Answer:A

Which security concept provides redundancy in the event a security control failure or the exploitation of a vulnerability?

A. System Integrity.

B. Sandboxing.

C. Intrusion Prevention System.

D. Defence in depth.

Correct Answer:D
https://en.wikipedia.org/wiki/Defense_in_depth_(computing)

Which of the following is NOT a valid statement to include in an organisation's security policy?

A. The policy has the support of Board and the Chief Executive.

B. The policy has been agreed and amended to suit all third party contractors.

C. How the organisation will manage information assurance.

D. The compliance with legal and regulatory obligations.

Correct Answer:C

What type of attack could directly affect the confidentiality of an unencrypted VoIP network?

A. Packet Sniffing.

B. Brute Force Attack.

C. Ransomware.

D. Vishing Attack

Correct Answer:B

START CISMP-V9 EXAM