Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. BCS
  3. CISMP-V9

BCS CISMP-V9 Exam (page: 4)
BCS Foundation Certificate in Information Security Management Principles V9.0
Updated on: 15-Feb-2026

Viewing Page 4 of 21
CISMP-V9 PDF 100 Questions

Which of the following describes a qualitative risk assessment approach?

  1. A subjective assessment of risk occurrence likelihood against the potential impact that determines the overall severity of a risk.
  2. The use of verifiable data to predict the risk occurrence likelihood and the potential impact so as to determine the overall severity of a risk.
  3. The use of Monte-Carlo Analysis and Layers of Protection Analysis (LOPA) to determine the overall severity of a risk.
  4. The use of Risk Tolerance and Risk Appetite values to determine the overall severity of a risk

Answer(s): C



You are undertaking a qualitative risk assessment of a likely security threat to an information system. What is the MAIN issue with this type of risk assessment?

  1. These risk assessments are largely subjective and require agreement on rankings beforehand.
  2. Dealing with statistical and other numeric data can often be hard to interpret.
  3. There needs to be a large amount of previous data to "train" a qualitative risk methodology.
  4. It requires the use of complex software tools to undertake this risk assessment.

Answer(s): D



When calculating the risk associated with a vulnerability being exploited, how is this risk calculated?

  1. Risk = Likelihood * Impact.
  2. Risk = Likelihood / Impact.
  3. Risk = Vulnerability / Threat.
  4. Risk = Threat * Likelihood.

Answer(s): C



Which of the following is an accepted strategic option for dealing with risk?

  1. Correction.
  2. Detection.
  3. Forbearance.
  4. Acceptance

Answer(s): A



What Is the KEY purpose of appending security classification labels to information?

  1. To provide guidance and instruction on implementing appropriate security controls to protect the information.
  2. To comply with whatever mandatory security policy framework is in place within the geographical location in question.
  3. To ensure that should the information be lost in transit, it can be returned to the originator using the correct protocols.
  4. To make sure the correct colour-coding system is used when the information is ready for archive.

Answer(s): A



Viewing Page 4 of 21



Share your comments for BCS CISMP-V9 exam with other users:

sarra 1/17/2024 3:44:00 AM

the aaa triad in information security is authentication, accounting and authorisation so the answer should be d 1, 3 and 5.
UNITED KINGDOM