試験合格保証付きのInformation security and CCP scheme certifications CISMP-V9試験問題集 [Q31-Q46]

31、What term is used to describe the testing of a continuity plan through a written scenario being used as the basis for discussion and simulation?

32、Which of the following is considered to be the GREATEST risk to information systems that results from deploying end-to-end Internet of Things (IoT) solutions?

33、Why might the reporting of security incidents that involve personal data differ from other types of security incident?

34、What type of attack could directly affect the confidentiality of an unencrypted VoIP network?

35、Which of the following statements relating to digital signatures is TRUE?

36、By what means SHOULD a cloud service provider prevent one client accessing data belonging to another in a shared server environment?

37、Which membership based organisation produces international standards, which cover good practice for information assurance?

38、Why have MOST European countries developed specific legislation that permits police and security services to monitor communications traffic for specific purposes, such as the detection of crime?

39、When establishing objectives for physical security environments, which of the following functional controls SHOULD occur first?

40、In order to better improve the security culture within an organisation with a top down approach, which of the following actions at board level is the MOST effective?

41、How might the effectiveness of a security awareness program be effectively measured?
1) Employees are required to take an online multiple choice exam on security principles.
2) Employees are tested with social engineering techniques by an approved penetration tester.
3) Employees practice ethical hacking techniques on organisation systems.
4) No security vulnerabilities are reported during an audit.
5) Open source intelligence gathering is undertaken on staff social media profiles.

42、You are undertaking a qualitative risk assessment of a likely security threat to an information system.
What is the MAIN issue with this type of risk assessment?

43、When seeking third party digital forensics services, what two attributes should one seek when making a choice of service provider?

44、What types of web application vulnerabilities continue to be the MOST prolific according to the OWASP Top 10?

45、Which of the following statutory requirements are likely to be of relevance to all organisations no matter which sector nor geographical location they operate in?

46、How does the use of a “single sign-on” access control policy improve the security for an organisation implementing the policy?