CISMP-V9試験無料問題集（102題）「BCS Foundation Certificate in Information Security Management Principles V9.0 認定」

出題：1

What is the name of the method used to illicitly target a senior person in an organisation so as to try to coerce them Into taking an unwanted action such as a misdirected high-value payment?

A. C-suite spamming.

B. Whaling.

C. Trawling.

D. Spear-phishing.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Which of the following is considered to be the GREATEST risk to information systems that results from deploying end-to-end Internet of Things (IoT) solutions?

A. Use of cloud based systems to collect loT data.

B. Use of proprietary networking protocols between nodes.

C. Use of 'cheap" microcontroller based sensors.

D. Much larger attack surface than traditional IT systems.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Select the document that is MOST LIKELY to contain direction covering the security and utilisation of all an organisation's information and IT equipment, as well as email, internet and telephony.

A. Cryptographic Statement.

B. Security Policy Framework.

C. Business Continuity Plan.

D. Acceptable Usage Policy.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which of the following is an asymmetric encryption algorithm?

A. DES.

B. RSA.

C. ATM.

D. AES.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Which of the following is NOT an information security specific vulnerability?

A. Use of HTTP based Apache web server.

B. Use of an unlocked filing cabinet.

C. Unpatched Windows operating system.

D. Confidential data stored in a fire safe.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which algorithm is a current specification for the encryption of electronic data established by NIST?

A. PGP.

B. DES.

C. RSA.

D. AES.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Which of the following compliance legal requirements are covered by the ISO/IEC 27000 series?
1. Intellectual Property Rights.
2. Protection of Organisational Records
3. Forensic recovery of data.
4. Data Deduplication.
5. Data Protection & Privacy.

A. 3, 4 and 5

B. 1, 2 and 5

C. 2, 3 and 4

D. 1, 2 and 3

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

What does a penetration test do that a Vulnerability Scan does NOT?

A. A penetration test never uses common tools such as Nrnap, Nessus and Metasploit.

B. A penetration test looks for known vulnerabilities and reports them without further action.

C. A penetration test is always an automated process - a vulnerability scan never is.

D. A penetration test seeks to actively exploit any known or discovered vulnerabilities.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Once data has been created In a standard information lifecycle, what step TYPICALLY happens next?

A. Data Publication

B. Data Storage.

C. Data Deletion.

D. Data Archiving.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

One traditional use of a SIEM appliance is to monitor for exceptions received via syslog.
What system from the following does NOT natively support syslog events?

A. Enterprise Wireless Access Point.

B. Linux Web Server Appliances.

C. Windows Desktop Systems.

D. Enterprise Stateful Firewall.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

CISMP-V9試験無料問題集「BCS Foundation Certificate in Information Security Management Principles V9.0 認定」