Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. BCS
  3. CISMP-V9

BCS CISMP-V9 Exam (page: 1)
BCS Foundation Certificate in Information Security Management Principles V9.0
Updated on: 12-Aug-2025

Viewing Page 1 of 21
CISMP-V9 PDF 100 Questions

Which of the following is NOT an accepted classification of security controls?

  1. Nominative.
  2. Preventive.
  3. Detective.
  4. Corrective.

Answer(s): A



Which three of the following characteristics form the AAA Triad in Information Security?

1. Authentication
2. Availability
3. Accounting
4. Asymmetry
5. Authorisation

  1. 1, 2 and 3.
  2. 2, 4, and 5.
  3. 1, 3 and 4.
  4. 1, 3 and 5.

Answer(s): A

Explanation:

The AAA Triad in Information Security refers to the three characteristics of Authentication, Availability, and Accounting.



According to ISO/IEC 27000, which of the following is the definition of a vulnerability?

  1. A weakness of an asset or group of assets that can be exploited by one or more threats.
  2. The impact of a cyber attack on an asset or group of assets.
  3. The threat that an asset or group of assets may be damaged by an exploit.
  4. The damage that has been caused by a weakness iin a system.

Answer(s): A

Explanation:

Vulnerability
A vulnerability is a weakness of an asset or control that could potentially be exploited by one or more threats. An asset is any tangible or intangible thing or characteristic that has value to an organization, a control is any administrative, managerial, technical, or legal method that can be used to modify or manage risk, and a threat is any potential event that could harm an organization or system.
https://www.praxiom.com/iso-27000-definitions.htm



Which term describes the acknowledgement and acceptance of ownership of actions, decisions, policies and deliverables?

  1. Accountability.
  2. Responsibility.
  3. Credibility.
  4. Confidentiality.

Answer(s): A


Reference:

https://hr.nd.edu/assets/17442/behavior_model_4_ratings_3_.pdf



Which security concept provides redundancy in the event a security control failure or the exploitation of a vulnerability?

  1. System Integrity.
  2. Sandboxing.
  3. Intrusion Prevention System.
  4. Defence in depth.

Answer(s): D


Reference:

https://en.wikipedia.org/wiki/Defense_in_depth_(computing)



Viewing Page 1 of 21



Share your comments for BCS CISMP-V9 exam with other users:

sarra 1/17/2024 3:44:00 AM

the aaa triad in information security is authentication, accounting and authorisation so the answer should be d 1, 3 and 5.
UNITED KINGDOM