BCS CISMP UPDATED Exam Questions and CORRECT Answers
7 keer bekeken 0 keer verkocht
Vak
CISMP
Instelling
CISMP
BCS CISMP UPDATED Exam Questions
and CORRECT Answers
Which of the following doesn't apply to risk?
a) Risk is the effect of uncertainty on objectives
b) When assessing risk you should take into account the consequence and likelihood of
security incidents
c) Risk is the possibility that a thr...
BCS CISMP UPDATED Exam Questions
and CORRECT Answers
Which of the following doesn't apply to risk?
a) Risk is the effect of uncertainty on objectives
b) When assessing risk you should take into account the consequence and likelihood of
security incidents
c) Risk is the possibility that a threat actor will exploit a vulnerability to create a security
incident
d) In order to assess risk you will need an understanding of your organisation's assets and its
vulnerabilities, as well as the threats, both internal and external, that it faces - CORRECT
ANSWER- C
Which of the following is true?
a) An unpatched web server is a threat
b) An unencrypted corporate wireless LAN is a threat
c) Both of the above
d) None of the above - CORRECT ANSWER- D
Which of the following is not a vulnerability?
a) A misconfigured firewall
b) A script kiddie
c) Both of the above
d) None of the above - CORRECT ANSWER- B
ISMS stands for...
a) Integrated Security Management System
,b) Information System Managed Security
c) Information Security Management System
d) Integrated System for Managed Security - CORRECT ANSWER- C
When accessing an IT system, the order of events is...
a) Authentication, Identification, Authorisation
b) Identification, Authorisation, Authentication
c) Authorisation, Identification, Authentication
d) None of the above - CORRECT ANSWER- D
According to NIST definitions, which of the following is not an essential characteristic of
cloud computing?
a) Access through value-added networks using proprietary protocols
b) Rapid elasticity
c) Location-independent resource pooling
d) On-demand self-service - CORRECT ANSWER- A
A web service available to the public has been compromised. The hackers were able to copy
passwords and modify them. Which information security principles will have been violated
by the breach?
a) Confidentiality and integrity only
b) Integrity and availability only
c) Availability and confidentiality only
d) Confidentiality, integrity and availability - CORRECT ANSWER- D
When considering the deployment of a new information system, which of the following is
correct?
a) The system should be accredited before being certified
, b) Certification is a formal assessment of the information system against information
assurance requirements, resulting in the acceptance of residual risk in the context of business
requirements and formal approval by management
c) Accreditation is a comprehensive assessment of the system's security controls to determine
whether they meet the security requirements of the system
d) The system should be certified before being accredited - CORRECT ANSWER- D
When valuing an asset, what should you take into consideration? Select the best answer.
a) Its replacement cost
b) Lost revenue while the asset is unavailable
c) Lost business owing to repetitional damage
d) All of the above - CORRECT ANSWER- D
Which of the following is a tangible asset?
a) Brand image
b) A data record stored on a hard drive
c) Reputation
d) None of the above - CORRECT ANSWER- B
Which of the following lists UK Government data classifications (in decreasing order of
sensitivity and criticality)?
a) TOP SECRET, SECRET, OFFICIAL, PUBLIC
b) SECRET, OFFICIAL-SENSITIVE, UNCLASSIFIED
c) TOP SECRET, SECRET, OFFICIAL
d) TOP SECRET, SECRET, OFFICIAL-SENSITIVE, PUBLIC - CORRECT ANSWER- C
In the ISO 27005 framework, which of the following is not true?
a) In the risk evaluation phase, a value is assigned to risk
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper MGRADES. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €9,82. Je zit daarna nergens aan vast.