Free BCS CISMP-V9 Test Practice Test Questions Exam Dumps [Q40-Q63]

NO.40 When a digital forensics investigator is conducting art investigation and handling the original data, what KEY principle must they adhere to?

NO.41 Which of the following is NOT an accepted classification of security controls?

NO.42 Which term describes a vulnerability that is unknown and therefore has no mitigating control which is immediately and generally available?

NO.43 What form of risk assessment is MOST LIKELY to provide objective support for a security Return on Investment case?

NO.44 Which of the following is a framework and methodology for Enterprise Security Architecture and Service Management?

NO.45 Ensuring the correctness of data inputted to a system is an example of which facet of information security?

NO.46 What Is the KEY purpose of appending security classification labels to information?

NO.47 For which security-related reason SHOULD staff monitoring critical CCTV systems be rotated regularly during each work session?

NO.48 One traditional use of a SIEM appliance is to monitor for exceptions received via syslog.
What system from the following does NOT natively support syslog events?

NO.49 Which of the following is MOST LIKELY to be described as a consequential loss?

NO.50 When an organisation decides to operate on the public cloud, what does it lose?

NO.51 Why should a loading bay NEVER be used as a staff entrance?

NO.52 In order to better improve the security culture within an organisation with a top down approach, which of the following actions at board level is the MOST effective?

NO.53 When seeking third party digital forensics services, what two attributes should one seek when making a choice of service provider?

NO.54 Which cryptographic protocol preceded Transport Layer Security (TLS)?

NO.55 What types of web application vulnerabilities continue to be the MOST prolific according to the OWASP Top 10?

NO.56 When considering outsourcing the processing of data, which two legal “duty of care” considerations SHOULD the original data owner make?
1 Third party is competent to process the data securely.
2. Observes the same high standards as data owner.
3. Processes the data wherever the data can be transferred.
4. Archive the data for long term third party’s own usage.

NO.57 James is working with a software programme that completely obfuscates the entire source code, often in the form of a binary executable making it difficult to inspect, manipulate or reverse engineer the original source code.
What type of software programme is this?

NO.58 Which of the following types of organisation could be considered the MOST at risk from the theft of electronic based credit card data?

NO.59 Why have MOST European countries developed specific legislation that permits police and security services to monitor communications traffic for specific purposes, such as the detection of crime?

NO.60 Which types of organisations are likely to be the target of DDoS attacks?

NO.61 The policies, processes, practices, and tools used to align the business value of information with the most appropriate and cost-effective infrastructure from the time information is conceived through its final disposition.
Which of the below business practices does this statement define?

NO.62 Which standard deals with the implementation of business continuity?

NO.63 Which membership based organisation produces international standards, which cover good practice for information assurance?