BCS CISMP EXAM
Computer terminals in a stock, shares and bonds dealing room are set
up to allow quick acceptance of trades. Which of the following would
be the MOST sensible safeguard to limit loss through errors?
a) Thorough staff training in the need to be careful.
b) Separate authorisation of all trades.
c) Confirmation of all trades before committing.
d) Confirmation of trades which are over a set value. - ANSWERS-D
Penetration testing is used primarily...
a) By hackers.
b) To test physical security.
c) By computer operators.
d) By security specialists. - ANSWERS-D
A trapdoor is...
a) A structured programming technique.
b) A generally unknown exit out of or entry into a program.
c) A network programming technique.
,d) A programming technique used in real-time systems. - ANSWERS-
B
What physical control system should be considered to prevent
unauthorised access, damage and interference to IT services?
a) Closed Circuit TV cameras and alarm systems.
b) Defined security procedures.
c) A gate access control system requiring a security token.
d) A physical security policy. - ANSWERS-C
An example of a record of Information Security Management System
operation is...
a) A clear desk policy.
b) A formal disciplinary process.
c) Business continuity plan test results.
d) The procedure for technical conformity checking. - ANSWERS-C
For remote access into a company server containing personal
information, the one thing all solutions will have in common is...
a) A virtual private network (VPN).
b) Strong authentication.
c) Encryption.
, d) An approved gateway. - ANSWERS-D
When setting up a contract with a supplier for hosting cloud services,
which of the following safeguards is most important?
1) The ability to recover all information from the cloud if the contract
is terminated.
2) The confidentiality and integrity of downloading information from
the cloud.
3) The make of hardware used by the hosting supplier.
4) The service level requirement for availability of the information.
a) 1, 2 and 4 only.
b) 2 and 3 only.
c) 1 and 4 only.
d) 1, 3 and 4 only. - ANSWERS-A
Which of the following doesn't apply to risk?
a) Risk is the effect of uncertainty on objectives
b) When assessing risk you should take into account the consequence
and likelihood of security incidents
c) Risk is the possibility that a threat actor will exploit a vulnerability
to create a security incident
Computer terminals in a stock, shares and bonds dealing room are set
up to allow quick acceptance of trades. Which of the following would
be the MOST sensible safeguard to limit loss through errors?
a) Thorough staff training in the need to be careful.
b) Separate authorisation of all trades.
c) Confirmation of all trades before committing.
d) Confirmation of trades which are over a set value. - ANSWERS-D
Penetration testing is used primarily...
a) By hackers.
b) To test physical security.
c) By computer operators.
d) By security specialists. - ANSWERS-D
A trapdoor is...
a) A structured programming technique.
b) A generally unknown exit out of or entry into a program.
c) A network programming technique.
,d) A programming technique used in real-time systems. - ANSWERS-
B
What physical control system should be considered to prevent
unauthorised access, damage and interference to IT services?
a) Closed Circuit TV cameras and alarm systems.
b) Defined security procedures.
c) A gate access control system requiring a security token.
d) A physical security policy. - ANSWERS-C
An example of a record of Information Security Management System
operation is...
a) A clear desk policy.
b) A formal disciplinary process.
c) Business continuity plan test results.
d) The procedure for technical conformity checking. - ANSWERS-C
For remote access into a company server containing personal
information, the one thing all solutions will have in common is...
a) A virtual private network (VPN).
b) Strong authentication.
c) Encryption.
, d) An approved gateway. - ANSWERS-D
When setting up a contract with a supplier for hosting cloud services,
which of the following safeguards is most important?
1) The ability to recover all information from the cloud if the contract
is terminated.
2) The confidentiality and integrity of downloading information from
the cloud.
3) The make of hardware used by the hosting supplier.
4) The service level requirement for availability of the information.
a) 1, 2 and 4 only.
b) 2 and 3 only.
c) 1 and 4 only.
d) 1, 3 and 4 only. - ANSWERS-A
Which of the following doesn't apply to risk?
a) Risk is the effect of uncertainty on objectives
b) When assessing risk you should take into account the consequence
and likelihood of security incidents
c) Risk is the possibility that a threat actor will exploit a vulnerability
to create a security incident
