BCS CISMP-V9 BCS Foundation Certificate in Information Security Management Principles V9.0 Exam Practice Test

Page: 1 / 14
Total 100 questions
Question 1

When seeking third party digital forensics services, what two attributes should one seek when making a choice of service provider?

Answer : A

When selecting a third-party digital forensics service provider, it is crucial to ensure that the company has the appropriate accreditations and the staff hold relevant certifications. This ensures that the service provider adheres to recognized standards and best practices in digital forensics, which is essential for the integrity and admissibility of evidence. Company accreditation provides assurance that the organization follows industry-recognized quality standards, while staff certification demonstrates that the individuals handling the forensic process are qualified and competent. This combination is vital for maintaining the credibility of the forensic investigation and the security of the data handled.

Question 2

For which security-related reason SHOULD staff monitoring critical CCTV systems be rotated regularly during each work session?

Answer : D

Regular rotation of staff monitoring critical CCTV systems is recommended primarily to address the limitations of the human attention span. Research suggests that the average human attention span during intense monitoring tasks is approximately 20 minutes. After this period, vigilance and alertness can significantly decrease, leading to a potential lapse in monitoring effectiveness. Rotating staff helps to ensure that individuals are always at their most attentive when observing the CCTV feeds, which is crucial for maintaining security and safety standards. This practice also helps to mitigate risks associated with fatigue and the potential for missing critical events or details.

Question 3

Why should a loading bay NEVER be used as a staff entrance?

Question 4

One traditional use of a SIEM appliance is to monitor for exceptions received via syslog.

What system from the following does NOT natively support syslog events?

Answer : B

Syslog is a standard for message logging and allows devices to send event notification messages across IP networks to event message collectors - also known as Syslog servers or SIEM (Security Information and Event Management) systems. Native support for syslog is commonly found in various network devices and Unix/Linux-based systems.

Enterprise Wireless Access Points,Linux Web Server Appliances, andEnterprise Stateful Firewallstypically have built-in capabilities to generate and send syslog messages to a SIEM system for monitoring and analysis.

Windows Desktop Systems, on the other hand, do not natively support syslog because Windows uses its own event logging system known as Windows Event Log.While it is possible to configure Windows systems to send logs to a SIEM appliance, this usually requires additional software or agents to translate Windows Event Log messages into syslog format before they can be sent1.

Question 5
Question 6

A penetration tester undertaking a port scan of a client's network, discovers a host which responds to requests on TCP ports 22, 80, 443, 3306 and 8080.

What type of device has MOST LIKELY been discovered?

Answer : D

The ports discovered during the port scan are indicative of the services that are likely running on the device. Here's a breakdown of what each port typically signifies:

TCP port 22: This is commonly used for Secure Shell (SSH) which is used for secure logins, file transfers (scp, sftp) and port forwarding.

TCP port 80: This port is used for Hypertext Transfer Protocol (HTTP), which is the foundation of data communication for the World Wide Web; essentially, it's the standard port for web traffic.

TCP port 443: This is used for HTTP Secure (HTTPS). It's the protocol for secure communication over a computer network within a web browser, providing a secure version of HTTP.

TCP port 3306: This is the default port for the MySQL database, which is often used in conjunction with web applications.

TCP port 8080: This is an alternative to port 80 and is used for web traffic, particularly for proxy and caching.

Given this information, the most likely type of device is aWeb server, as it uses these ports for web traffic, secure communication, and potentially for a database that supports web applications.

Question 7

A security analyst has been asked to provide a triple A service (AAA) for both wireless and remote access network services in an organization and must avoid using proprietary solutions.

What technology SHOULD they adapt?

Answer : B

The AAA service, which stands for Authentication, Authorization, and Accounting, is essential for managing user access to network resources. When it comes to providing AAA services for both wireless and remote access network services in a non-proprietary manner, RADIUS (Remote Authentication Dial-In User Service) is the most suitable technology.

RADIUS is an open standard protocol widely used for network access authentication and accounting. It is supported by a variety of network vendors and devices, making it a non-proprietary solution that can be easily integrated into different network environments.RADIUS provides a centralized way to authenticate users, authorize their access levels, and keep track of their activity on the network1.

TACACS+is a Cisco proprietary protocol and therefore does not meet the requirement of avoiding proprietary solutions.

OAuthis a framework for authorization and is not typically used for network access control in the same way that RADIUS is.

MS Access Databaseis not a network authentication protocol and would not provide the necessary AAA services for network security.

Page:    1 / 14   
Total 100 questions