CISMP-V9 Free Practice Test

As well as being permitted to access, create, modify and delete information, what right does an Information Owner NORMALLY have in regardto their information?

1. A. To assign access privileges to others.
2. B. To modify associated information that may lead to inappropriate disclosure.
3. C. To access information held in the same format and file structure.
4. D. To delete all indexed data in the dataset.

Correct Answer: B

Which of the following is NOT a valid statement to include in an organisation's security policy?

1. A. The policy has the support of Board and the Chief Executive.
2. B. The policy has been agreed and amended to suit all third party contractors.
3. C. How the organisation will manage information assurance.
4. D. The compliance with legal and regulatory obligations.

Correct Answer: C

What Is the first yet MOST simple and important action to take when setting up a new web server?

1. A. Change default system passwords.
2. B. Fully encrypt the hard disk.
3. C. Apply hardening to all applications.
4. D. Patch the OS to the latest version

Correct Answer: C

You are undertaking a qualitative risk assessment of a likely security threat to an information system. What is the MAIN issue with this type of risk assessment?

1. A. These risk assessments are largely subjective and require agreement on rankings beforehand.
2. B. Dealing with statistical and other numeric data can often be hard to interpret.
3. C. There needs to be a large amount of previous data to "train" a qualitative risk methodology.
4. D. It requires the use of complex software tools to undertake this risk assessment.

Correct Answer: D

What Is the PRIMARY reason for organisations obtaining outsourced managed security services?

1. A. Managed security services permit organisations to absolve themselves of responsibility for security.
2. B. Managed security services are a de facto requirement for certification to core security standards such as ISG/IEC 27001
3. C. Managed security services provide access to specialist security tools and expertiseon a shared, cost-effective basis.
4. D. Managed security services are a powerful defence against litigation in the event of a security breach or incident

Correct Answer: A