CISMP-V9問題集、BCS実際の試験問題

質問 1

What is the name of the method used to illicitly target a senior person in an organisation so as to try to coerce them Into taking an unwanted action such as a misdirected high-value payment?

A. Trawling.

B. Spear-phishing.

C. Whaling.

D. C-suite spamming.

正解: C

解説: (PassTest メンバーにのみ表示されます)

質問 2

Which of the following cloud delivery models is NOT intrinsically "trusted" in terms of security by clients using the service?

A. Private.

B. Hybrid.

C. Public.

D. Community

正解: C

解説: (PassTest メンバーにのみ表示されます)

質問 3

When establishing objectives for physical security environments, which of the following functional controls SHOULD occur first?

A. Deter.

B. Deny.

C. Delay.

D. Drop.

正解: A

解説: (PassTest メンバーにのみ表示されます)

質問 4

What advantage does the delivery of online security training material have over the distribution of printed media?

A. Online material is protected by international digital copyright legislation across most territories.

B. Online training material is intrinsically more accurate than printed material.

C. Updating online material requires a single edit. Printed material needs to be distributed physically.

D. Printed material is a 'discoverable record' and could expose the organisation to litigation in the event of an incident.

正解: C

解説: (PassTest メンバーにのみ表示されます)

質問 5

In a virtualised cloud environment, what component is responsible for the secure separation between guest machines?

A. Hypervisor.

B. OS Kernal

C. Guest Manager

D. Security Engine.

正解: A

解説: (PassTest メンバーにのみ表示されます)

質問 6

Which of the following is NOT an accepted classification of security controls?

A. Detective.

B. Preventive.

C. Nominative.

D. Corrective.

正解: C

解説: (PassTest メンバーにのみ表示されます)

質問 7

What Is the PRIMARY reason for organisations obtaining outsourced managed security services?

A. Managed security services are a powerful defence against litigation in the event of a security breach or incident

B. Managed security services permit organisations to absolve themselves of responsibility for security.

C. Managed security services provide access to specialist security tools and expertise on a shared, cost-effective basis.

D. Managed security services are a de facto requirement for certification to core security standards such as ISG/IEC 27001

正解: C

解説: (PassTest メンバーにのみ表示されます)

質問 8

A penetration tester undertaking a port scan of a client's network, discovers a host which responds to requests on TCP ports 22, 80, 443, 3306 and 8080.
What type of device has MOST LIKELY been discovered?

A. File server.

B. Printer.

C. Web server

D. Firewall.

正解: C

解説: (PassTest メンバーにのみ表示されます)

質問 9

You are undertaking a qualitative risk assessment of a likely security threat to an information system.
What is the MAIN issue with this type of risk assessment?

A. There needs to be a large amount of previous data to "train" a qualitative risk methodology.

B. Dealing with statistical and other numeric data can often be hard to interpret.

C. It requires the use of complex software tools to undertake this risk assessment.

D. These risk assessments are largely subjective and require agreement on rankings beforehand.

正解: D

解説: (PassTest メンバーにのみ表示されます)

質問 10

Which of the following testing methodologies TYPICALLY involves code analysis in an offline environment without ever actually executing the code?

A. Static Testing.

B. Penetration Testing.

C. User Testing.

D. Dynamic Testing.

正解: A

解説: (PassTest メンバーにのみ表示されます)

BCS Foundation Certificate in Information Security Management Principles V9.0 - CISMP-V9 模擬練習