Pass4Future also provide interactive practice exam software for preparing BCS Foundation Certificate in Information Security Management Principles V9.0 (CISMP-V9) Exam effectively. You are welcome to explore sample free BCS CISMP-V9 Exam questions below and also try BCS CISMP-V9 Exam practice test software.
Do you know that you can access more real BCS CISMP-V9 exam questions via Premium Access? ()
What types of web application vulnerabilities continue to be the MOST prolific according to the OWASP Top 10?
Answer : C
According to the OWASP Top 10 list, Injection Flaws are among the most prolific web application vulnerabilities. This category includes a variety of attacks such as SQL, NoSQL, OS, and LDAP injection where untrusted data is sent to an interpreter as part of a command or query. The attacker's hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data. Injection flaws are particularly dangerous because they can lead to data breaches, loss of data integrity, and denial of service, among other impacts.
A penetration tester undertaking a port scan of a client's network, discovers a host which responds to requests on TCP ports 22, 80, 443, 3306 and 8080.
What type of device has MOST LIKELY been discovered?
Answer : D
The ports discovered during the port scan are indicative of the services that are likely running on the device. Here's a breakdown of what each port typically signifies:
TCP port 22: This is commonly used for Secure Shell (SSH) which is used for secure logins, file transfers (scp, sftp) and port forwarding.
TCP port 80: This port is used for Hypertext Transfer Protocol (HTTP), which is the foundation of data communication for the World Wide Web; essentially, it's the standard port for web traffic.
TCP port 443: This is used for HTTP Secure (HTTPS). It's the protocol for secure communication over a computer network within a web browser, providing a secure version of HTTP.
TCP port 3306: This is the default port for the MySQL database, which is often used in conjunction with web applications.
TCP port 8080: This is an alternative to port 80 and is used for web traffic, particularly for proxy and caching.
Given this information, the most likely type of device is aWeb server, as it uses these ports for web traffic, secure communication, and potentially for a database that supports web applications.
What Is the root cause as to why SMS messages are open to attackers and abuse?
What Is the PRIMARY reason for organisations obtaining outsourced managed security services?
Answer : C
The primary reason organizations opt for outsourced managed security services is to gain access to specialized security tools and expertise that may not be feasible to maintain in-house due to cost or resource constraints. Managed Security Service Providers (MSSPs) offer a range of security services that can be tailored to an organization's needs, allowing them to benefit from advanced security measures without the need for significant capital investment or the hiring of specialized staff. This shared service model is cost-effective and enables organizations to focus on their core business activities while ensuring robust security measures are in place. MSSPs can provide continuous monitoring, management of security devices and systems, incident response, and compliance support, which are crucial for maintaining a strong security posture in the face of evolving threats and complex regulatory environments.
What type of attack could directly affect the confidentiality of an unencrypted VoIP network?
Answer : A
Brute Force Attack (B) and Ransomware are more related to the integrity and availability of systems rather than confidentiality. Vishing Attack (D) is a form of phishing which involves social engineering over telephone systems but does not directly affect the network's confidentiality like packet sniffing does.
Information Security Management Principles, 3rd Edition1.
VoIP Hacking: How It Works & How to Protect Your VoIP Phone3.
