When considering the disposal of confidential data, equipment and storage devices, what social engineering technique SHOULD always be taken into consideration?
A. Spear Phishing.
B. Shoulder Surfing.
C. Dumpster Diving.
D. Tailgating.
What term is used to describe the testing of a continuity plan through a written scenario being used as the basis for discussion and simulation?
A. End-to-end testing.
B. Non-dynamic modeling
C. Desk-top exercise.
D. Fault stressing
What physical security control would be used to broadcast false emanations to mask the presence of true electromagentic emanations from genuine computing equipment?
A. Faraday cage.
B. Unshielded cabling.
C. Copper infused windows.
D. White noise generation.
Why should a loading bay NEVER be used as a staff entrance?
A. Loading bays are intrinsically vulnerable, so minimising the people traffic makes securing the areas easier and more effective.
B. Loading bays are often dirty places, and staff could find their clothing damaged or made less appropriate for the office.
C. Most countries have specific legislation covering loading bays and breaching this could impact on insurance status.
D. Staff should always enter a facility via a dedicated entrance to ensure smooth access and egress.
For which security-related reason SHOULD staff monitoring critical CCTV systems be rotated regularly during each work session?
A. To reduce the chance of collusion between security staff and those being monitored.
B. To give experience to monitoring staff across a range of activities for training purposes.
C. Health and Safety regulations demand that staff are rotated to prevent posture and vision related harm.
D. The human attention span during intense monitoring sessions is about 20 minutes.
Which of the following controls would be the MOST relevant and effective in detecting zero day attacks?
A. Strong OS patch management
B. Vulnerability assessment
C. Signature-based intrusion detection.
D. Anomaly based intrusion detection.
Ensuring the correctness of data inputted to a system is an example of which facet of information security?
A. Confidentiality.
B. Integrity.
C. Availability.
D. Authenticity.
How does network visualisation assist in managing information security?
A. Visualisation can communicate large amounts of data in a manner that is a relatively simple way for people to analyse and interpret.
B. Visualisation provides structured tables and lists that can be analysed using common tools such as MS Excel.
C. Visualisation offers unstructured data that records the entirety of the data in a flat, filterable ftle format.
D. Visualisation software operates in a way that is rarely and thereby it is less prone to malware infection.
What type of diagram used in application threat modeling includes malicious users as well as descriptions like mitigates and threatens?
A. Threat trees.
B. STRIDE charts.
C. Misuse case diagrams.
D. DREAD diagrams.
Which of the following subjects is UNLIKELY to form part of a cloud service provision laaS contract? A User security education.
A. Intellectual Property Rights.
B. End-of-service.
C. Liability
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only BCS exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CISMP-V9 exam preparations and BCS certification application, do not hesitate to visit our Vcedump.com to find your solutions here.