1. Home
  2. BCS
  3. CISMP-V9

BCS Foundation Certificate in Information Security Management Principles V9.0

Exam Details

  • Exam Code
    :CISMP-V9
  • Exam Name
    :BCS Foundation Certificate in Information Security Management Principles V9.0
  • Certification
    :BCS Certifications
  • Vendor
    :BCS
  • Total Questions
    :100 Q&As
  • Last Updated
    :Jul 14, 2025

BCS BCS Certifications CISMP-V9 Questions & Answers

  • Question 71:

    Which membership based organisation produces international standards, which cover good practice for information assurance?

    A. BSI.

    B. IETF.

    C. OWASP.

    D. ISF.

  • Question 72:

    Which of the following statements relating to digital signatures is TRUE?

    A. Digital signatures are rarely legally enforceable even if the signers know they are signing a legal document.

    B. Digital signatures are valid and enforceable in law in most countries in the world.

    C. Digital signatures are legal unless there is a statutory requirement that predates the digital age.

    D. A digital signature that uses a signer's private key is illegal.

  • Question 73:

    Why have MOST European countries developed specific legislation that permits police and security services to monitor communications traffic for specific purposes, such as the detection of crime?

    A. Under the European Convention of Human Rights, the interception of telecommunications represents an interference with the right to privacy.

    B. GDPR overrides all previous legislation on information handling, so new laws were needed to ensure authorities did not inadvertently break the law.

    C. Police could previously intercept without lawful authority any communications in the course of transmission through a public post or telecoms system.

    D. Surveillance of a conversation or an online message by law enforcement agents was previously illegal due to the 1950 version of the Human Rights Convention.

  • Question 74:

    Which of the following compliance legal requirements are covered by the ISO/IEC 27000 series?

    1.

    Intellectual Property Rights.

    2.

    Protection of Organisational Records

    3.

    Forensic recovery of data.

    4.

    Data Deduplication.

    5.

    Data Protection and Privacy.

    A. 1, 2 and 3

    B. 3, 4 and 5

    C. 2, 3 and 4

    D. 1, 2 and 5

  • Question 75:

    When handling and investigating digital evidence to be used in a criminal cybercrime investigation, which of the following principles is considered BEST practice?

    A. Digital evidence must not be altered unless absolutely necessary.

    B. Acquiring digital evidence cart only be carried on digital devices which have been turned off.

    C. Digital evidence can only be handled by a member of law enforcement.

    D. Digital devices must be forensically "clean" before investigation.

  • Question 76:

    Why might the reporting of security incidents that involve personal data differ from other types of security incident?

    A. Personal data is not highly transient so its 1 investigation rarely involves the preservation of volatile memory and full forensic digital investigation.

    B. Personal data is normally handled on both IT and non-IT systems so such incidents need to be managed in two streams.

    C. Data Protection legislation normally requires the reporting of incidents involving personal data to a Supervisory Authority.

    D. Data Protection legislation is process-oriented and focuses on quality assurance of procedures and governance rather than data-focused event investigation

  • Question 77:

    What form of risk assessment is MOST LIKELY to provide objective support for a security Return on Investment case?

    A. ISO/IEC 27001.

    B. Qualitative.

    C. CPNI.

    D. Quantitative

  • Question 78:

    In order to better improve the security culture within an organisation with a top down approach, which of the following actions at board level is the MOST effective?

    A. Appointment of a Chief Information Security Officer (CISO).

    B. Purchasing all senior executives personal firewalls.

    C. Adopting an organisation wide "clear desk" policy.

    D. Developing a security awareness e-learning course.

  • Question 79:

    Which of the following is NOT a valid statement to include in an organisation's security policy?

    A. The policy has the support of Board and the Chief Executive.

    B. The policy has been agreed and amended to suit all third party contractors.

    C. How the organisation will manage information assurance.

    D. The compliance with legal and regulatory obligations.

  • Question 80:

    Which of the following statutory requirements are likely to be of relevance to all organisations no matter which sector nor geographical location they operate in?

    A. Sarbanes-Oxley.

    B. GDPR.

    C. HIPAA.

    D. FSA.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only BCS exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CISMP-V9 exam preparations and BCS certification application, do not hesitate to visit our Vcedump.com to find your solutions here.