What aspect of an employee's contract of employment Is designed to prevent the unauthorised release of confidential data to third parties even after an employee has left their employment?
A. Segregation of Duties.
B. Non-disclosure.
C. Acceptable use policy.
D. Security clearance.
What term refers to the shared set of values within an organisation that determine how people are expected to behave in regard to information security?
A. Code of Ethics.
B. Security Culture.
C. System Operating Procedures.
D. Security Policy Framework.
Select the document that is MOST LIKELY to contain direction covering the security and utilisation of all an organisation's information and IT equipment, as well as email, internet and telephony.
A. Cryptographic Statement.
B. Security Policy Framework.
C. Acceptable Usage Policy.
D. Business Continuity Plan.
When considering outsourcing the processing of data, which two legal "duty of care" considerations
SHOULD the original data owner make?
1 Third party is competent to process the data securely.
2.
Observes the same high standards as data owner.
3.
Processes the data wherever the data can be transferred.
4.
Archive the data for long term third party's own usage.
A. 2 and 3.
B. 3 and 4.
C. 1 and 4.
D. 1 and 2.
What form of attack against an employee has the MOST impact on their compliance with the organisation's "code of conduct"?
A. Brute Force Attack.
B. Social Engineering.
C. Ransomware.
D. Denial of Service.
Which term is used to describe the set of processes that analyses code to ensure defined coding practices are being followed?
A. Quality Assurance and Control
B. Dynamic verification.
C. Static verification.
D. Source code analysis.
James is working with a software programme that completely obfuscates the entire source code, often in
the form of a binary executable making it difficult to inspect, manipulate or reverse engineer the original
source code.
What type of software programme is this?
A. Free Source.
B. Proprietary Source.
C. Interpreted Source.
D. Open Source.
Which of the following testing methodologies TYPICALLY involves code analysis in an offline environment without ever actually executing the code?
A. Dynamic Testing.
B. Static Testing.
C. User Testing.
D. Penetration Testing.
Which of the following acronyms covers the real-time analysis of security alerts generated by applications and network hardware?
A. CERT
B. SIEM.
C. CISM.
D. DDoS.
What does a penetration test do that a Vulnerability Scan does NOT?
A. A penetration test seeks to actively exploit any known or discovered vulnerabilities.
B. A penetration test looks for known vulnerabilities and reports them without further action.
C. A penetration test is always an automated process - a vulnerability scan never is.
D. A penetration test never uses common tools such as Nrnap, Nessus and Metasploit.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only BCS exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CISMP-V9 exam preparations and BCS certification application, do not hesitate to visit our Vcedump.com to find your solutions here.