Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • Updated Dec-2021 CISMP-V9 Exam Practice Test Questions [Q14-Q39]

Updated Dec-2021 CISMP-V9 Exam Practice Test Questions [Q14-Q39]

Share

Updated Dec-2021 CISMP-V9 Exam Practice Test Questions

Verified CISMP-V9 dumps Q&As 100% Pass in First Attempt Guaranteed Updated Dump

NEW QUESTION 14
Which of the following is often the final stage in the information management lifecycle?

  • A. Use.
  • B. Disposal.
  • C. Publication.
    https://timg.co.nz/blog-the-information-management-life-cycle/
  • D. Creation.

Answer: B

 

NEW QUESTION 15
Which of the following subjects is UNLIKELY to form part of a cloud service provision laaS contract?

  • A. Intellectual Property Rights.
  • B. End-of-service.
  • C. User security education.
  • D. Liability

Answer: D

 

NEW QUESTION 16
Which algorithm is a current specification for the encryption of electronic data established by NIST?

  • A. RSA.
  • B. DES.
  • C. PGP.
    https://www.nist.gov/publications/advanced-encryption-standard-aes
  • D. AES.

Answer: D

 

NEW QUESTION 17
The policies, processes, practices, and tools used to align the business value of information with the most appropriate and cost-effective infrastructure from the time information is conceived through its final disposition.
Which of the below business practices does this statement define?

  • A. Business Continuity Management.
    https://www.stitchdata.com/resources/glossary/information-lifecycle-management/#:~:text=%E2%80%9CILM%20is%20comprised%20of%20the,(SNIA%2C%20via%20Infoworld).
  • B. Total Quality Management.
  • C. Information Lifecycle Management.
  • D. Information Quality Management.

Answer: C

 

NEW QUESTION 18
What types of web application vulnerabilities continue to be the MOST prolific according to the OWASP Top 10?

  • A. Poor Password Management.
  • B. Insecure Deserialsiation.
  • C. Injection Flaws.
  • D. Security Misconfiguration

Answer: C

 

NEW QUESTION 19
Which of the following statements relating to digital signatures is TRUE?

  • A. A digital signature that uses a signer's private key is illegal.
  • B. Digital signatures are rarely legally enforceable even if the signers know they are signing a legal document.
  • C. Digital signatures are valid and enforceable in law in most countries in the world.
  • D. Digital signatures are legal unless there is a statutory requirement that predates the digital age.

Answer: D

 

NEW QUESTION 20
Which term describes the acknowledgement and acceptance of ownership of actions, decisions, policies and deliverables?

  • A. Confidentiality.
    https://hr.nd.edu/assets/17442/behavior_model_4_ratings_3_.pdf
  • B. Responsibility.
  • C. Accountability.
  • D. Credibility.

Answer: C

 

NEW QUESTION 21
Which of the following describes a qualitative risk assessment approach?

  • A. A subjective assessment of risk occurrence likelihood against the potential impact that determines the overall severity of a risk.
  • B. The use of Risk Tolerance and Risk Appetite values to determine the overall severity of a risk
  • C. The use of Monte-Carlo Analysis and Layers of Protection Analysis (LOPA) to determine the overall severity of a risk.
  • D. The use of verifiable data to predict the risk occurrence likelihood and the potential impact so as to determine the overall severity of a risk.

Answer: C

 

NEW QUESTION 22
Why might the reporting of security incidents that involve personal data differ from other types of security incident?

  • A. Personal data is normally handled on both IT and non-IT systems so such incidents need to be managed in two streams.
  • B. Personal data is not highly transient so its 1 investigation rarely involves the preservation of volatile memory and full forensic digital investigation.
  • C. Data Protection legislation normally requires the reporting of incidents involving personal data to a Supervisory Authority.
  • D. Data Protection legislation is process-oriented and focuses on quality assurance of procedures and governance rather than data-focused event investigation

Answer: D

 

NEW QUESTION 23
Which of the following is an asymmetric encryption algorithm?

  • A. AES.
  • B. DES.
  • C. RSA.
    https://www.omnisecu.com/security/public-key-infrastructure/asymmetric-encryption-algorithms.php
  • D. ATM.

Answer: C

 

NEW QUESTION 24
What is the name of the method used to illicitly target a senior person in an organisation so as to try to coerce them Into taking an unwanted action such as a misdirected high-value payment?

  • A. Spear-phishing.
  • B. C-suite spamming.
  • C. Whaling.
  • D. Trawling.

Answer: A

 

NEW QUESTION 25
When a digital forensics investigator is conducting art investigation and handling the original data, what KEY principle must they adhere to?

  • A. Ensure they are competent to be able to do so and be able to justify their actions.
  • B. Ensure the data has been adjusted to meet the investigation requirements.
  • C. Ensure they do not handle the evidence as that must be done by law enforcement officers.
  • D. Ensure they are being observed by a senior investigator in all actions.

Answer: A

 

NEW QUESTION 26
Which of the following is the MOST important reason for undertaking Continual Professional Development (CPD) within the Information Security sphere?

  • A. IT certifications require CPD and Security needs to remain credible.
  • B. Information Security changes constantly and at speed.
  • C. Professional qualification bodies demand CPD.
  • D. CPD is a prerequisite of any Chartered Institution qualification.

Answer: B

 

NEW QUESTION 27
Which of the following international standards deals with the retention of records?

  • A. RFC1918.
  • B. PCI DSS.
  • C. ISO/IEC 27002.
  • D. IS015489.

Answer: D

 

NEW QUESTION 28
Geoff wants to ensure the application of consistent security settings to devices used throughout his organisation whether as part of a mobile computing or a BYOD approach.
What technology would be MOST beneficial to his organisation?

  • A. MDM.
  • B. IDS.
  • C. SIEM.
  • D. VPN.

Answer: A

 

NEW QUESTION 29
Which of the following is NOT considered to be a form of computer misuse?

  • A. Illegal access to computer systems.
  • B. Illegal interception of information.
  • C. Illegal retention of personal data.
  • D. Downloading of pirated software.

Answer: C

 

NEW QUESTION 30
Which cryptographic protocol preceded Transport Layer Security (TLS)?

  • A. Simple Network Management Protocol (SNMP).
  • B. Public Key Infrastructure (PKI).
  • C. Hypertext Transfer Protocol Secure (HTTPS)
  • D. Secure Sockets Layer (SSL).

Answer: D

 

NEW QUESTION 31
According to ISO/IEC 27000, which of the following is the definition of a vulnerability?

  • A. The impact of a cyber attack on an asset or group of assets.
  • B. A weakness of an asset or group of assets that can be exploited by one or more threats.
  • C. The threat that an asset or group of assets may be damaged by an exploit.
  • D. The damage that has been caused by a weakness iin a system.
    Vulnerability
    A vulnerability is a weakness of an asset or control that could potentially be exploited by one or more threats.
    An asset is any tangible or intangible thing or characteristic that has value to an organization, a control is any administrative, managerial, technical, or legal method that can be used to modify or manage risk, and a threat is any potential event that could harm an organization or system.
    https://www.praxiom.com/iso-27000-definitions.htm

Answer: B

 

NEW QUESTION 32
What Is the first yet MOST simple and important action to take when setting up a new web server?

  • A. Change default system passwords.
  • B. Fully encrypt the hard disk.
  • C. Patch the OS to the latest version
  • D. Apply hardening to all applications.

Answer: D

 

NEW QUESTION 33
Which of the following is NOT a valid statement to include in an organisation's security policy?

  • A. The policy has been agreed and amended to suit all third party contractors.
  • B. How the organisation will manage information assurance.
  • C. The policy has the support of Board and the Chief Executive.
  • D. The compliance with legal and regulatory obligations.

Answer: B

 

NEW QUESTION 34
James is working with a software programme that completely obfuscates the entire source code, often in the form of a binary executable making it difficult to inspect, manipulate or reverse engineer the original source code.
What type of software programme is this?

  • A. Interpreted Source.
  • B. Free Source.
  • C. Proprietary Source.
  • D. Open Source.

Answer: A

 

NEW QUESTION 35
A system administrator has created the following "array" as an access control for an organisation.
Developers: create files, update files.
Reviewers: upload files, update files.
Administrators: upload files, delete fifes, update files.
What type of access-control has just been created?

  • A. Task based access control.
  • B. Mandatory access control.
  • C. Rule based access control.
  • D. Role based access control.

Answer: C

 

NEW QUESTION 36
In business continuity (BC) terms, what is the name of the individual responsible for recording all pertinent information associated with a BC exercise or real plan invocation?

  • A. Scribe.
  • B. Recorder.
  • C. Scrum Master.
  • D. Desk secretary.

Answer: B

 

NEW QUESTION 37
When establishing objectives for physical security environments, which of the following functional controls SHOULD occur first?

  • A. Deny.
  • B. Delay.
  • C. Deter.
  • D. Drop.

Answer: C

 

NEW QUESTION 38
Which of the following is an accepted strategic option for dealing with risk?

  • A. Correction.
  • B. Acceptance
  • C. Detection.
  • D. Forbearance.

Answer: A

 

NEW QUESTION 39
......

Pass Information security and CCP scheme certifications CISMP-V9 Exam With  102 Questions: https://www.testsimulate.com/CISMP-V9-study-materials.html

Related Blogs

more
Go To CISMP-V9 Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.