CISMP v9 study Questions and Answers Latest Update

CISMP v9 study Questions and Answers Latest Update AAA Triad in Information Security - Answers Authentication, Accounting, Authorisation Accountability - Answers Acknowledgement and acceptance of ownership of actions, decisions, policies and deliverables Defence in depth - Answers Provides redundancy in the event a security control failure or vulnerability In security governance, which publication is at the highest level? - Answers Policy What is considered the greatest risk to information systems that results from deploying end-to-end Internet of Things (IoT) solutions? - Answers Much larger attack surface than traditional IT systems How is risk calculated - Answers Risk = likelihood * impact Key purpose of appending security classification labels to information? - Answers To provide guidance and instruction on implementing appropriate security controls to protect the information What statutory requirement is relevant no matter which sector or geographical location someone is in? - Answers GDPR To better improve security culture within an org. with top down approach, what action is most effective? - Answers Adopting "clear desk" policy What form of risk assessment most likely to provide objective support for a security return on a investment case? - Answers Quantitative What is covered by ISO/IEC 27000 series? - Answers Forensic recovery of data, Data deduplication, data protection and privacy What is not a form of computer misuse? - Answers Illegal retention of personal data Which membership based organisation produces international standards, which cover good practice for information assurance? - Answers BSI Which standards framework offers a set of IT Service Management best practices to assist organisations in aligning IT service delivery with business goals - including security goals? - Answers ITIL Which security framework impacts on organisations that accept credit cards, process credit card transactions, store relevant data or transmit credit card data? - Answers PCI DSS Which of the following international standards deals with the retention of records? - Answers IS015489 Once data has been created In a standard information lifecycle, what step TYPICALLY happens next? - Answers Data Storage Which of the following is a framework and methodology for Enterprise Security Architecture and Service Management? - Answers SABSA Acronym that covers the real-time analysis of security alerts generated by applications and network hardware? - Answers SIEM James is working with a software programme that completely obfuscates the entire source code, often in the form of a binary executable making it difficult to inspect, manipulate or reverse engineer the original source code. What type of software programme is this? - Answers Interpreted Source What term refers to the shared set of values within an organisation that determine how people are expected to behave in regard to information security? - Answers Security Culture How does the use of a "single sign-on" access control policy improve the security for an organisation implementing the policy? - Answers Access control logs are centrally located In terms of security culture, what needs to be carried out as an integral part of security by all members of an organisation and is an essential component to any security regime? - Answers The 'need to know' principle What form of training SHOULD developers be undertaking to understand the security of the code they have written and how it can improve security defence whilst being attacked? - Answers Black Hat Training How might the effectiveness of a security awareness program be effectively measured? - Answers 1) Employees are required to take an online multiple choice exam on security principles. 2) Employees are tested with social engineering techniques by an approved penetration tester. 3) Employees practice ethical hacking techniques on organisation systems. Which of the following is the MOST important reason for under