CISMP-V9 Online Practice Questions and Answers

Which types of organisations are likely to be the target of DDoS attacks?

A. Cloud service providers.

B. Any financial sector organisations.

C. Online retail based organisations.

D. Any organisation with an online presence.

Which of the following describes a qualitative risk assessment approach?

A. A subjective assessment of risk occurrence likelihood against the potential impact that determines the overall severity of a risk.

B. The use of verifiable data to predict the risk occurrence likelihood and the potential impact so as to determine the overall severity of a risk.

C. The use of Monte-Carlo Analysis and Layers of Protection Analysis (LOPA) to determine the overall severity of a risk.

D. The use of Risk Tolerance and Risk Appetite values to determine the overall severity of a risk

Which of the following is an accepted strategic option for dealing with risk?

A. Correction.

B. Detection.

C. Forbearance.

D. Acceptance

Which of the following is NOT a valid statement to include in an organisation's security policy?

A. The policy has the support of Board and the Chief Executive.

B. The policy has been agreed and amended to suit all third party contractors.

C. How the organisation will manage information assurance.

D. The compliance with legal and regulatory obligations.

In order to better improve the security culture within an organisation with a top down approach, which of the following actions at board level is the MOST effective?

A. Appointment of a Chief Information Security Officer (CISO).

B. Purchasing all senior executives personal firewalls.

C. Adopting an organisation wide "clear desk" policy.

D. Developing a security awareness e-learning course.

What form of training SHOULD developers be undertaking to understand the security of the code they have written and how it can improve security defence whilst being attacked?

A. Red Team Training.

B. Blue Team Training.

C. Black Hat Training.

D. Awareness Training.

What type of attack attempts to exploit the trust relationship between a user client based browser and server based websites forcing the submission of an authenticated request to a third party site?

A. XSS.

B. Parameter Tampering

C. SQL Injection.

D. CSRF.

A penetration tester undertaking a port scan of a client's network, discovers a host which responds to

requests on TCP ports 22, 80, 443, 3306 and 8080.

What type of device has MOST LIKELY been discovered?

A. File server.

B. Printer.

C. Firewall.

D. Web server

When an organisation decides to operate on the public cloud, what does it lose?

A. The right to audit and monitor access to its information.

B. Control over Intellectual Property Rights relating to its applications.

C. Physical access to the servers hosting its information.

D. The ability to determine in which geographies the information is stored.

Which of the following is an asymmetric encryption algorithm?

A. DES.

B. AES.

C. ATM.

D. RSA.