CISMP-V9 Free Practice Test

You are undertaking a qualitative risk assessment of a likely security threat to an information system. What is the MAIN issue with this type of risk assessment?

1. A. These risk assessments are largely subjective and require agreement on rankings beforehand.
2. B. Dealing with statistical and other numeric data can often be hard to interpret.
3. C. There needs to be a large amount of previous data to "train" a qualitative risk methodology.
4. D. It requires the use of complex software tools to undertake this risk assessment.

Correct Answer: D

Select the document that is MOST LIKELY to contain direction covering the security and utilisation of all an organisation's information and ITequipment, as well as email, internet and telephony.

1. A. CryptographicStatement.
2. B. Security Policy Framework.
3. C. Acceptable Usage Policy.
4. D. Business Continuity Plan.

Correct Answer: A

What form of attack against an employee has the MOST impact on their compliance with the organisation's "code of conduct"?

1. A. Brute Force Attack.
2. B. Social Engineering.
3. C. Ransomware.
4. D. Denial of Service.

Correct Answer: D

What physical security control would be used to broadcast false emanations to mask the presence of true electromagentic emanations fromgenuine computing equipment?

1. A. Faraday cage.
2. B. Unshielded cabling.
3. C. Copper infused windows.
4. D. White noise generation.

Correct Answer: B

Which of the following types of organisation could be considered the MOST at risk from the theft of electronic based credit card data?

1. A. Online retailer.
2. B. Traditional market trader.
3. C. Mail delivery business.
4. D. Agricultural producer.

Correct Answer: A