Free Access BCS.CISMP-V9.v2022-04-21.q35 Practice Test (Page 8)

Question 31

Why have MOST European countries developed specific legislation that permits police and security services to monitor communications traffic for specific purposes, such as the detection of crime?

A.GDPR overrides all previous legislation on information handling, so new laws were needed to ensure authorities did not inadvertently break the law.

B.Surveillance of a conversation or an online message by law enforcement agents was previously illegal due to the 1950 version of the Human Rights Convention.

C.Police could previously intercept without lawful authority any communications in the course of transmission through a public post or telecoms system.

D.Under the European Convention of Human Rights, the interception of telecommunications represents an interference with the right to privacy.

Question 32

Which of the following controls would be the MOST relevant and effective in detecting zero day attacks?

A.Signature-based intrusion detection.

B.Anomaly based intrusion detection.
https://www.sciencedirect.com/topics/computer-science/zero-day-attack

C.Strong OS patch management

D.Vulnerability assessment

Question 33

When calculating the risk associated with a vulnerability being exploited, how is this risk calculated?

A.Risk = Vulnerability / Threat.

B.Risk = Likelihood * Impact.

C.Risk = Threat * Likelihood.

D.Risk = Likelihood / Impact.

Question 34

According to ISO/IEC 27000, which of the following is the definition of a vulnerability?

A.The damage that has been caused by a weakness iin a system.
Vulnerability
A vulnerability is a weakness of an asset or control that could potentially be exploited by one or more threats.
An asset is any tangible or intangible thing or characteristic that has value to an organization, a control is any administrative, managerial, technical, or legal method that can be used to modify or manage risk, and a threat is any potential event that could harm an organization or system.
https://www.praxiom.com/iso-27000-definitions.htm

B.The impact of a cyber attack on an asset or group of assets.

C.A weakness of an asset or group of assets that can be exploited by one or more threats.

D.The threat that an asset or group of assets may be damaged by an exploit.

Question 35

What Is the PRIMARY difference between DevOps and DevSecOps?

A.DevSecOps includes security on the same level as continuous integration and delivery.

B.DevSecOps focuses solely on iterative development cycles.

C.DevOps mandates that security is integrated at the beginning of the development lifecycle.
https://www.viva64.com/en/b/0710/#:~:text=DevOps%20is%20a%20methodology%20aiming,in%20the%20software%20development%20process.&text=DevSecOps%20is%20a%20further%20development,code%20quality%20and%20reliability%20assurance.

D.Within DevSecOps security is introduced at the end of development immediately prior to deployment.

Other Version: 826BCS.CISMP-V9.v2022-06-01.q34

Latest Upload: 101OCEG.GRCP.v2025-09-11.q211; 101HP.HPE0-V27.v2025-09-11.q78; 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 222CFAInstitute.ESG-Investing.v2025-09-08.q173; 157PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 146Salesforce.Data-Architect.v2025-09-05.q216; 140Adobe.AD0-E605.v2025-09-05.q50

Question 31

Question 32

Question 33

Question 34

Question 35

Download PDF File