100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
BCS CISMP UPDATED Exam Questions and CORRECT Answers $9.99   Add to cart

Exam (elaborations)

BCS CISMP UPDATED Exam Questions and CORRECT Answers

 7 views  0 purchase
  • Course
  • CISMP
  • Institution
  • CISMP

BCS CISMP UPDATED Exam Questions and CORRECT Answers Which of the following doesn't apply to risk? a) Risk is the effect of uncertainty on objectives b) When assessing risk you should take into account the consequence and likelihood of security incidents c) Risk is the possibility that a thr...

[Show more]

Preview 3 out of 19  pages

  • August 7, 2024
  • 19
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • CISMP
  • CISMP
avatar-seller
MGRADES
BCS CISMP UPDATED Exam Questions
and CORRECT Answers

Which of the following doesn't apply to risk?


a) Risk is the effect of uncertainty on objectives
b) When assessing risk you should take into account the consequence and likelihood of
security incidents
c) Risk is the possibility that a threat actor will exploit a vulnerability to create a security
incident
d) In order to assess risk you will need an understanding of your organisation's assets and its
vulnerabilities, as well as the threats, both internal and external, that it faces - CORRECT
ANSWER- C


Which of the following is true?


a) An unpatched web server is a threat
b) An unencrypted corporate wireless LAN is a threat
c) Both of the above
d) None of the above - CORRECT ANSWER- D


Which of the following is not a vulnerability?


a) A misconfigured firewall
b) A script kiddie
c) Both of the above
d) None of the above - CORRECT ANSWER- B


ISMS stands for...


a) Integrated Security Management System

,b) Information System Managed Security
c) Information Security Management System
d) Integrated System for Managed Security - CORRECT ANSWER- C


When accessing an IT system, the order of events is...


a) Authentication, Identification, Authorisation
b) Identification, Authorisation, Authentication
c) Authorisation, Identification, Authentication
d) None of the above - CORRECT ANSWER- D


According to NIST definitions, which of the following is not an essential characteristic of
cloud computing?


a) Access through value-added networks using proprietary protocols
b) Rapid elasticity
c) Location-independent resource pooling
d) On-demand self-service - CORRECT ANSWER- A


A web service available to the public has been compromised. The hackers were able to copy
passwords and modify them. Which information security principles will have been violated
by the breach?


a) Confidentiality and integrity only
b) Integrity and availability only
c) Availability and confidentiality only
d) Confidentiality, integrity and availability - CORRECT ANSWER- D


When considering the deployment of a new information system, which of the following is
correct?


a) The system should be accredited before being certified

, b) Certification is a formal assessment of the information system against information
assurance requirements, resulting in the acceptance of residual risk in the context of business
requirements and formal approval by management
c) Accreditation is a comprehensive assessment of the system's security controls to determine
whether they meet the security requirements of the system
d) The system should be certified before being accredited - CORRECT ANSWER- D


When valuing an asset, what should you take into consideration? Select the best answer.


a) Its replacement cost
b) Lost revenue while the asset is unavailable
c) Lost business owing to repetitional damage
d) All of the above - CORRECT ANSWER- D


Which of the following is a tangible asset?


a) Brand image
b) A data record stored on a hard drive
c) Reputation
d) None of the above - CORRECT ANSWER- B


Which of the following lists UK Government data classifications (in decreasing order of
sensitivity and criticality)?


a) TOP SECRET, SECRET, OFFICIAL, PUBLIC
b) SECRET, OFFICIAL-SENSITIVE, UNCLASSIFIED
c) TOP SECRET, SECRET, OFFICIAL
d) TOP SECRET, SECRET, OFFICIAL-SENSITIVE, PUBLIC - CORRECT ANSWER- C


In the ISO 27005 framework, which of the following is not true?


a) In the risk evaluation phase, a value is assigned to risk

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller MGRADES. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $9.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

67096 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$9.99
  • (0)
  Add to cart