Which of the following uses are NOT usual ways that attackers have of leveraging botnets?
A. Generating and distributing spam messages.
B. Conducting DDOS attacks.
C. Scanning for system and application vulnerabilities.
D. Undertaking vishing attacks
How might the effectiveness of a security awareness program be effectively measured?
1) Employees are required to take an online multiple choice exam on security principles.
2) Employees are tested with social engineering techniques by an approved penetration tester.
3) Employees practice ethical hacking techniques on organisation systems.
4) No security vulnerabilities are reported during an audit.
5) Open source intelligence gathering is undertaken on staff social media profiles.
A. 3, 4 and 5.
B. 2, 4 and 5.
C. 1, 2 and 3.
D. 1, 2 and 5.
What form of training SHOULD developers be undertaking to understand the security of the code they have written and how it can improve security defence whilst being attacked?
A. Red Team Training.
B. Blue Team Training.
C. Black Hat Training.
D. Awareness Training.
What advantage does the delivery of online security training material have over the distribution of printed media?
A. Updating online material requires a single edit. Printed material needs to be distributed physically.
B. Online training material is intrinsically more accurate than printed material.
C. Printed material is a 'discoverable record' and could expose the organisation to litigation in the event of an incident.
D. Online material is protected by international digital copyright legislation across most territories.
In terms of security culture, what needs to be carried out as an integral part of security by all members of an organisation and is an essential component to any security regime?
A. The 'need to known principle.
B. Verification of visitor's ID
C. Appropriate behaviours.
D. Access denial measures
How does the use of a "single sign-on" access control policy improve the security for an organisation implementing the policy?
A. Password is better encrypted for system authentication.
B. Access control logs are centrally located.
C. Helps prevent the likelihood of users writing down passwords.
D. Decreases the complexity of passwords users have to remember.
A system administrator has created the following "array" as an access control for an organisation.
Developers: create files, update files.
Reviewers: upload files, update files.
Administrators: upload files, delete fifes, update files.
What type of access-control has just been created?
A. Task based access control.
B. Role based access control.
C. Rule based access control.
D. Mandatory access control.
As well as being permitted to access, create, modify and delete information, what right does an Information Owner NORMALLY have in regard to their information?
A. To assign access privileges to others.
B. To modify associated information that may lead to inappropriate disclosure.
C. To access information held in the same format and file structure.
D. To delete all indexed data in the dataset.
What term is used to describe the act of checking out a privileged account password in a manner that bypasses normal access controls procedures during a critical emergency situation?
A. Privileged User Gateway
B. Enterprise Security Management
C. Multi Factor Authentication.
D. Break Glass
What are the different methods that can be used as access controls?
1.
Detective.
2.
Physical.
3.
Reactive.
4.
Virtual.
5.
Preventive.
A. 1, 2 and 4.
B. 1, 2 and 3.
C. 1, 2 and 5.
D. 3, 4 and 5.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only BCS exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CISMP-V9 exam preparations and BCS certification application, do not hesitate to visit our Vcedump.com to find your solutions here.