CISMP-V9 Online Practice Questions and Answers

Which of the following is LEASTLIKELY to be the result of a global pandemic impacting on information security?

A. A large increase in remote workers operating in insecure premises.

B. Additional physical security requirements at data centres and corporate headquarters.

C. Increased demand on service desks as users need additional tools such as VPNs.

D. An upsurge in activity by attackers seeking vulnerabilities caused by operational changes.

Which of the following is MOST LIKELY to be described as a consequential loss?

A. Reputation damage.

B. Monetary theft.

C. Service disruption.

D. Processing errors.

Which of the following statements relating to digital signatures is TRUE?

A. Digital signatures are rarely legally enforceable even if the signers know they are signing a legal document.

B. Digital signatures are valid and enforceable in law in most countries in the world.

C. Digital signatures are legal unless there is a statutory requirement that predates the digital age.

D. A digital signature that uses a signer's private key is illegal.

Which of the following is NOT considered to be a form of computer misuse?

A. Illegal retention of personal data.

B. Illegal interception of information.

C. Illegal access to computer systems.

D. Downloading of pirated software.

Which of the following international standards deals with the retention of records?

A. PCI DSS.

B. RFC1918.

C. IS015489.

D. ISO/IEC 27002.

Which of the following is often the final stage in the information management lifecycle?

A. Disposal.

B. Creation.

C. Use.

D. Publication.

Once data has been created In a standard information lifecycle, what step TYPICALLY happens next?

A. Data Deletion.

B. Data Archiving.

C. Data Storage.

D. Data Publication

Which of the following acronyms covers the real-time analysis of security alerts generated by applications and network hardware?

A. CERT

B. SIEM.

C. CISM.

D. DDoS.

A system administrator has created the following "array" as an access control for an organisation.

Developers: create files, update files.

Reviewers: upload files, update files.

Administrators: upload files, delete fifes, update files.

What type of access-control has just been created?

A. Task based access control.

B. Role based access control.

C. Rule based access control.

D. Mandatory access control.

How does the use of a "single sign-on" access control policy improve the security for an organisation implementing the policy?

A. Password is better encrypted for system authentication.

B. Access control logs are centrally located.

C. Helps prevent the likelihood of users writing down passwords.

D. Decreases the complexity of passwords users have to remember.

What advantage does the delivery of online security training material have over the distribution of printed media?

A. Updating online material requires a single edit. Printed material needs to be distributed physically.

B. Online training material is intrinsically more accurate than printed material.

C. Printed material is a 'discoverable record' and could expose the organisation to litigation in the event of an incident.

D. Online material is protected by international digital copyright legislation across most territories.

Which of the following uses are NOT usual ways that attackers have of leveraging botnets?

A. Generating and distributing spam messages.

B. Conducting DDOS attacks.

C. Scanning for system and application vulnerabilities.

D. Undertaking vishing attacks

What Is the first yet MOST simple and important action to take when setting up a new web server?

A. Change default system passwords.

B. Fully encrypt the hard disk.

C. Apply hardening to all applications.

D. Patch the OS to the latest version

One traditional use of a SIEM appliance is to monitor for exceptions received via syslog. What system from the following does NOT natively support syslog events?

A. Enterprise Wireless Access Point.

B. Windows Desktop Systems.

C. Linux Web Server Appliances.

D. Enterprise Stateful Firewall.

Which of the following is an asymmetric encryption algorithm?

A. DES.

B. AES.

C. ATM.

D. RSA.