• Home
  • Articles
  • Latest CISMP-V9 Pass Guaranteed Exam Dumps Certification Sample Questions [Q10-Q29]

Latest CISMP-V9 Pass Guaranteed Exam Dumps Certification Sample Questions [Q10-Q29]

Share

Latest CISMP-V9 Pass Guaranteed Exam Dumps Certification Sample Questions

New CISMP-V9 Test Materials & Valid CISMP-V9 Test Engine

NEW QUESTION 10
How does the use of a "single sign-on" access control policy improve the security for an organisation implementing the policy?

  • A. Helps prevent the likelihood of users writing down passwords.
  • B. Decreases the complexity of passwords users have to remember.
  • C. Access control logs are centrally located.
  • D. Password is better encrypted for system authentication.

Answer: C

 

NEW QUESTION 11
Which of the following describes a qualitative risk assessment approach?

  • A. A subjective assessment of risk occurrence likelihood against the potential impact that determines the overall severity of a risk.
  • B. The use of Monte-Carlo Analysis and Layers of Protection Analysis (LOPA) to determine the overall severity of a risk.
  • C. The use of Risk Tolerance and Risk Appetite values to determine the overall severity of a risk
  • D. The use of verifiable data to predict the risk occurrence likelihood and the potential impact so as to determine the overall severity of a risk.

Answer: B

 

NEW QUESTION 12
Which algorithm is a current specification for the encryption of electronic data established by NIST?

  • A. DES.
  • B. RSA.
  • C. AES.
  • D. PGP.
    https://www.nist.gov/publications/advanced-encryption-standard-aes

Answer: C

 

NEW QUESTION 13
Which of the following is LEASTLIKELY to be the result of a global pandemic impacting on information security?

  • A. A large increase in remote workers operating in insecure premises.
  • B. Increased demand on service desks as users need additional tools such as VPNs.
  • C. Additional physical security requirements at data centres and corporate headquarters.
  • D. An upsurge in activity by attackers seeking vulnerabilities caused by operational changes.

Answer: B

 

NEW QUESTION 14
Which of the following is NOT a valid statement to include in an organisation's security policy?

  • A. The policy has the support of Board and the Chief Executive.
  • B. The compliance with legal and regulatory obligations.
  • C. How the organisation will manage information assurance.
  • D. The policy has been agreed and amended to suit all third party contractors.

Answer: C

 

NEW QUESTION 15
What physical security control would be used to broadcast false emanations to mask the presence of true electromagentic emanations from genuine computing equipment?

  • A. Faraday cage.
  • B. White noise generation.
  • C. Unshielded cabling.
  • D. Copper infused windows.

Answer: C

 

NEW QUESTION 16
Which of the following types of organisation could be considered the MOST at risk from the theft of electronic based credit card data?

  • A. Agricultural producer.
  • B. Traditional market trader.
  • C. Online retailer.
  • D. Mail delivery business.

Answer: C

 

NEW QUESTION 17
For which security-related reason SHOULD staff monitoring critical CCTV systems be rotated regularly during each work session?

  • A. The human attention span during intense monitoring sessions is about 20 minutes.
  • B. Health and Safety regulations demand that staff are rotated to prevent posture and vision related harm.
  • C. To give experience to monitoring staff across a range of activities for training purposes.
  • D. To reduce the chance of collusion between security staff and those being monitored.

Answer: A

 

NEW QUESTION 18
Which of the following is an accepted strategic option for dealing with risk?

  • A. Detection.
  • B. Correction.
  • C. Acceptance
  • D. Forbearance.

Answer: B

 

NEW QUESTION 19
Which of the following controls would be the MOST relevant and effective in detecting zero day attacks?

  • A. Strong OS patch management
  • B. Vulnerability assessment
  • C. Signature-based intrusion detection.
  • D. Anomaly based intrusion detection.
    https://www.sciencedirect.com/topics/computer-science/zero-day-attack

Answer: B

 

NEW QUESTION 20
When calculating the risk associated with a vulnerability being exploited, how is this risk calculated?

  • A. Risk = Likelihood / Impact.
  • B. Risk = Likelihood * Impact.
  • C. Risk = Threat * Likelihood.
  • D. Risk = Vulnerability / Threat.

Answer: D

 

NEW QUESTION 21
What Is the first yet MOST simple and important action to take when setting up a new web server?

  • A. Apply hardening to all applications.
  • B. Patch the OS to the latest version
  • C. Change default system passwords.
  • D. Fully encrypt the hard disk.

Answer: A

 

NEW QUESTION 22
Which membership based organisation produces international standards, which cover good practice for information assurance?

  • A. IETF.
  • B. OWASP.
  • C. ISF.
  • D. BSI.

Answer: D

 

NEW QUESTION 23
How does network visualisation assist in managing information security?

  • A. Visualisation offers unstructured data that records the entirety of the data in a flat, filterable ftle format.
  • B. Visualisation software operates in a way that is rarely and thereby it is less prone to malware infection.
  • C. Visualisation provides structured tables and lists that can be analysed using common tools such as MS Excel.
  • D. Visualisation can communicate large amounts of data in a manner that is a relatively simple way for people to analyse and interpret.

Answer: B

 

NEW QUESTION 24
Why should a loading bay NEVER be used as a staff entrance?

  • A. Staff should always enter a facility via a dedicated entrance to ensure smooth access and egress.
  • B. Loading bays are intrinsically vulnerable, so minimising the people traffic makes securing the areas easier and more effective.
  • C. Most countries have specific legislation covering loading bays and breaching this could impact on insurance status.
  • D. Loading bays are often dirty places, and staff could find their clothing damaged or made less appropriate for the office.

Answer: A

 

NEW QUESTION 25
A penetration tester undertaking a port scan of a client's network, discovers a host which responds to requests on TCP ports 22, 80, 443, 3306 and 8080.
What type of device has MOST LIKELY been discovered?

  • A. File server.
  • B. Firewall.
  • C. Printer.
  • D. Web server

Answer: A

 

NEW QUESTION 26
What term is used to describe the testing of a continuity plan through a written scenario being used as the basis for discussion and simulation?

  • A. Fault stressing
  • B. Non-dynamic modeling
  • C. Desk-top exercise.
  • D. End-to-end testing.

Answer: C

 

NEW QUESTION 27
Which type of facility is enabled by a contract with an alternative data processing facility which will provide HVAC, power and communications infrastructure as well computing hardware and a duplication of organisations existing "live" data?

  • A. Warm site.
  • B. Spare site
  • C. Cold site.
  • D. Hot site.

Answer: C

 

NEW QUESTION 28
Which of the following is the MOST important reason for undertaking Continual Professional Development (CPD) within the Information Security sphere?

  • A. CPD is a prerequisite of any Chartered Institution qualification.
  • B. Information Security changes constantly and at speed.
  • C. Professional qualification bodies demand CPD.
  • D. IT certifications require CPD and Security needs to remain credible.

Answer: B

 

NEW QUESTION 29
......

CISMP-V9 Sample with Accurate & Updated Questions: https://www.troytecdumps.com/CISMP-V9-troytec-exam-dumps.html

CISMP-V9 Updated Exam Dumps [2021] Practice Valid Exam Dumps Question: https://drive.google.com/open?id=1NU55Z26y2tob7ccwewZ7t29C1qUDFPCE 

Related Articles

more
BCS CISMP-V9 Certification Practice Exam

Copyright © 2026 TroytecDumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
TroytecDumps doesn't offer Real CompTIA Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
TroytecDumps material do not contain actual actual Oracle Exam Questions or material.
TroytecDumps doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
TroytecDumps Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
TroytecDumps.com does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. TroytecDumps does not own or claim any ownership on any of the brands.