CISMP-V9試験無料問題集（102題）「BCS Foundation Certificate in Information Security Management Principles V9.0 認定」

出題：1

In order to maintain the currency of risk countermeasures, how often SHOULD an organisation review these risks?

A. A maximum of once every other month.

B. When the next risk audit is due.

C. Risks remain under constant review.

D. Once defined, they do not need reviewing.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Select the document that is MOST LIKELY to contain direction covering the security and utilisation of all an organisation's information and IT equipment, as well as email, internet and telephony.

A. Cryptographic Statement.

B. Security Policy Framework.

C. Business Continuity Plan.

D. Acceptable Usage Policy.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

What does a penetration test do that a Vulnerability Scan does NOT?

A. A penetration test never uses common tools such as Nrnap, Nessus and Metasploit.

B. A penetration test looks for known vulnerabilities and reports them without further action.

C. A penetration test is always an automated process - a vulnerability scan never is.

D. A penetration test seeks to actively exploit any known or discovered vulnerabilities.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

When seeking third party digital forensics services, what two attributes should one seek when making a choice of service provider?

A. Appropriate company accreditation and staff certification.

B. Affiliation with local law enforcement bodies and local government regulations.

C. Formal certification to ISO/IEC 27001 and alignment with ISO 17025.

D. Clean credit references as well as international experience.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

What type of attack could directly affect the confidentiality of an unencrypted VoIP network?

A. Brute Force Attack.

B. Vishing Attack

C. Ransomware.

D. Packet Sniffing.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which cryptographic protocol preceded Transport Layer Security (TLS)?

A. Simple Network Management Protocol (SNMP).

B. Hypertext Transfer Protocol Secure (HTTPS)

C. Public Key Infrastructure (PKI).

D. Secure Sockets Layer (SSL).

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

What advantage does the delivery of online security training material have over the distribution of printed media?

A. Printed material is a 'discoverable record' and could expose the organisation to litigation in the event of an incident.

B. Online training material is intrinsically more accurate than printed material.

C. Updating online material requires a single edit. Printed material needs to be distributed physically.

D. Online material is protected by international digital copyright legislation across most territories.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

When considering the disposal of confidential data, equipment and storage devices, what social engineering technique SHOULD always be taken into consideration?

A. Spear Phishing.

B. Dumpster Diving.

C. Tailgating.

D. Shoulder Surfing.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Which term describes a vulnerability that is unknown and therefore has no mitigating control which is immediately and generally available?

A. Advanced Persistent Threat.

B. Zero-day.

C. Trojan.

D. Stealthware.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Which of the following controls would be the MOST relevant and effective in detecting zero day attacks?

A. Vulnerability assessment

B. Anomaly based intrusion detection.

C. Signature-based intrusion detection.

D. Strong OS patch management

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

CISMP-V9試験無料問題集「BCS Foundation Certificate in Information Security Management Principles V9.0 認定」