Which of the following is an accepted strategic option for dealing with risk?
A. Correction.
B. Detection.
C. Forbearance.
D. Acceptance
What Is the KEY purpose of appending security classification labels to information?
A. To provide guidance and instruction on implementing appropriate security controls to protect the information.
B. To comply with whatever mandatory security policy framework is in place within the geographical location in question.
C. To ensure that should the information be lost in transit, it can be returned to the originator using the correct protocols.
D. To make sure the correct colour-coding system is used when the information is ready for archive.
When calculating the risk associated with a vulnerability being exploited, how is this risk calculated?
A. Risk = Likelihood * Impact.
B. Risk = Likelihood / Impact.
C. Risk = Vulnerability / Threat.
D. Risk = Threat * Likelihood.
You are undertaking a qualitative risk assessment of a likely security threat to an information system. What is the MAIN issue with this type of risk assessment?
A. These risk assessments are largely subjective and require agreement on rankings beforehand.
B. Dealing with statistical and other numeric data can often be hard to interpret.
C. There needs to be a large amount of previous data to "train" a qualitative risk methodology.
D. It requires the use of complex software tools to undertake this risk assessment.
Which of the following describes a qualitative risk assessment approach?
A. A subjective assessment of risk occurrence likelihood against the potential impact that determines the overall severity of a risk.
B. The use of verifiable data to predict the risk occurrence likelihood and the potential impact so as to determine the overall severity of a risk.
C. The use of Monte-Carlo Analysis and Layers of Protection Analysis (LOPA) to determine the overall severity of a risk.
D. The use of Risk Tolerance and Risk Appetite values to determine the overall severity of a risk
What Is the PRIMARY security concern associated with the practice known as Bring Your Own Device (BYOD) that might affect a large organisation?
A. Most BYOD involves the use of non-Windows hardware which is intrinsically insecure and open to abuse.
B. The organisation has significantly less control over the device than over a corporately provided and managed device.
C. Privately owned end user devices are not provided with the same volume nor frequency of security patch updates as a corporation.
D. Under GDPR it is illegal for an individual to use a personal device when handling personal information under corporate control.
Which of the following is NOT an information security specific vulnerability?
A. Use of HTTP based Apache web server.
B. Unpatched Windows operating system.
C. Confidential data stored in a fire safe.
D. Use of an unlocked filing cabinet.
Which of the following is MOST LIKELY to be described as a consequential loss?
A. Reputation damage.
B. Monetary theft.
C. Service disruption.
D. Processing errors.
Which of the following is considered to be the GREATEST risk to information systems that results from deploying end-to-end Internet of Things (IoT) solutions?
A. Use of 'cheap" microcontroller based sensors.
B. Much larger attack surface than traditional IT systems.
C. Use of proprietary networking protocols between nodes.
D. Use of cloud based systems to collect loT data.
In order to maintain the currency of risk countermeasures, how often SHOULD an organisation review these risks?
A. Once defined, they do not need reviewing.
B. A maximum of once every other month.
C. When the next risk audit is due.
D. Risks remain under constant review.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only BCS exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CISMP-V9 exam preparations and BCS certification application, do not hesitate to visit our Vcedump.com to find your solutions here.