CISMP ACTUAL EXAM QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS VERIFIED
Why is a working group a good idea?
You get perspective from all stakeholders across the business
Confidentiality
The property that information is not made available or disclosed to unauthorised
individuals, entities or processes
Integrity
The property of accuracy and completeness
Availability
The property of informatiuo being accessible upon demand by an authorised entity
Asset
Anything that has value to an organiation
What are the 3 main types of asset?
1. Physical
2. Software
3. Pure information (in any format)
What is the difference between data and information?
Data is the basic facts and stats that can be analysed. Information is the result of this
analysis
Threat
,A potential cause of an unwanted incident that can result in harm to an organisation
Vulnerability
A weakness of an asset or control that can be exploited by one or more threats
Risk
The effect of uncertainty on objectives and the combination of a threat and a
vulnerability
Impact
The result of an info security incident, caused by a threat, which affects assets
True or False
The threat and vulnerability must be present for a risk to exist
True
What is the purpose of a control?
An activity that is taken to manage an identified risk
What are the three main types of strategic control?
Eliminate (Risk avoidance)
Reduce
Transfer
Accept
What is risk avoidance?
The informed decision not to be involved in, or to withdraw from, an activity in order not
to be exposed to a particular risk
What is risk reduction?
Action is taken to lessen the probability, negative consequences associated with the risk
, What is Risk Transfer?
A form of risk treatment involving the agreed distribution of risk with other parties
Why does risk transfer help?
It moves accountability for a risk to another organization that will take on future risk
management. For instance, insurance or writing contracts.
True or False?
Risk transfer will reduce accountability and impact
False. The impact will remain the same
Identity
Info that distinguishes one entity from another
Authentication
Provision of assurance of the claimed identity of an entity
Authorization
The right or permission that is granted to a system entity to access a systemresource
Accountability
The property that ensures that the actions of an entity can be traced uniquely to the
entity
Audit
The review of a party's capacity to meet, or continue to meet, the initial and ongoing
approval agreements as a service provider
Compliance
Meeting or exceeding all applicable requirements or a standard or other published set of
requirements
COMPLETE SOLUTIONS VERIFIED
Why is a working group a good idea?
You get perspective from all stakeholders across the business
Confidentiality
The property that information is not made available or disclosed to unauthorised
individuals, entities or processes
Integrity
The property of accuracy and completeness
Availability
The property of informatiuo being accessible upon demand by an authorised entity
Asset
Anything that has value to an organiation
What are the 3 main types of asset?
1. Physical
2. Software
3. Pure information (in any format)
What is the difference between data and information?
Data is the basic facts and stats that can be analysed. Information is the result of this
analysis
Threat
,A potential cause of an unwanted incident that can result in harm to an organisation
Vulnerability
A weakness of an asset or control that can be exploited by one or more threats
Risk
The effect of uncertainty on objectives and the combination of a threat and a
vulnerability
Impact
The result of an info security incident, caused by a threat, which affects assets
True or False
The threat and vulnerability must be present for a risk to exist
True
What is the purpose of a control?
An activity that is taken to manage an identified risk
What are the three main types of strategic control?
Eliminate (Risk avoidance)
Reduce
Transfer
Accept
What is risk avoidance?
The informed decision not to be involved in, or to withdraw from, an activity in order not
to be exposed to a particular risk
What is risk reduction?
Action is taken to lessen the probability, negative consequences associated with the risk
, What is Risk Transfer?
A form of risk treatment involving the agreed distribution of risk with other parties
Why does risk transfer help?
It moves accountability for a risk to another organization that will take on future risk
management. For instance, insurance or writing contracts.
True or False?
Risk transfer will reduce accountability and impact
False. The impact will remain the same
Identity
Info that distinguishes one entity from another
Authentication
Provision of assurance of the claimed identity of an entity
Authorization
The right or permission that is granted to a system entity to access a systemresource
Accountability
The property that ensures that the actions of an entity can be traced uniquely to the
entity
Audit
The review of a party's capacity to meet, or continue to meet, the initial and ongoing
approval agreements as a service provider
Compliance
Meeting or exceeding all applicable requirements or a standard or other published set of
requirements
