A security analyst has been asked to provide a triple A service (AAA) for both wireless and remote access
network services in an organization and must avoid using proprietary solutions.
What technology SHOULD they adapt?
A. TACACS+
B. RADIUS.
C. Oauth.
D. MS Access Database.
A penetration tester undertaking a port scan of a client's network, discovers a host which responds to
requests on TCP ports 22, 80, 443, 3306 and 8080.
What type of device has MOST LIKELY been discovered?
A. File server.
B. Printer.
C. Firewall.
D. Web server
Which cryptographic protocol preceded Transport Layer Security (TLS)?
A. Public Key Infrastructure (PKI).
B. Simple Network Management Protocol (SNMP).
C. Secure Sockets Layer (SSL).
D. Hypertext Transfer Protocol Secure (HTTPS)
Why is it prudent for Third Parties to be contracted to meet specific security standards?
A. Vulnerabilities in Third Party networks can be malevolently leveraged to gain illicit access into client environments.
B. It is a legal requirement for Third Party support companies to meet client security standards.
C. All access to corporate systems must be controlled via a single set of rules if they are to be enforceable.
D. Third Parties cannot connect to other sites and networks without a contract of similar legal agreement.
When securing a wireless network, which of the following is NOT best practice?
A. Using WPA encryption on the wireless network.
B. Use MAC tittering on a SOHO network with a smart group of clients.
C. Dedicating an access point on a dedicated VLAN connected to a firewall.
D. Turning on SSID broadcasts to advertise security levels.
What types of web application vulnerabilities continue to be the MOST prolific according to the OWASP Top 10?
A. Poor Password Management.
B. Insecure Deserialsiation.
C. Injection Flaws.
D. Security Misconfiguration
In software engineering, what does 'Security by Design" mean?
A. Low Level and High Level Security Designs are restricted in distribution.
B. All security software artefacts are subject to a code-checking regime.
C. The software has been designed from its inception to be secure.
D. All code meets the technical requirements of GDPR.
What is the name of the method used to illicitly target a senior person in an organisation so as to try to coerce them Into taking an unwanted action such as a misdirected high-value payment?
A. Whaling.
B. Spear-phishing.
C. C-suite spamming.
D. Trawling.
What type of attack attempts to exploit the trust relationship between a user client based browser and server based websites forcing the submission of an authenticated request to a third party site?
A. XSS.
B. Parameter Tampering
C. SQL Injection.
D. CSRF.
Which of the following is the MOST important reason for undertaking Continual Professional Development (CPD) within the Information Security sphere?
A. Professional qualification bodies demand CPD.
B. Information Security changes constantly and at speed.
C. IT certifications require CPD and Security needs to remain credible.
D. CPD is a prerequisite of any Chartered Institution qualification.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only BCS exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CISMP-V9 exam preparations and BCS certification application, do not hesitate to visit our Vcedump.com to find your solutions here.