CISMP EXAM QUESTIONS AND ANSWERS WITH COMPLETE
SOLUTIONS LATEST UPDATE
What should be a key feature of security documentation?
Accessible and understandable by all staff.
What is the most appropriate strategy after security controls or countermeasures
are implemented?
Continually review and monitor the risks
Which of the following is not a vulnerability?
A hacked Facebook account
What are the two main approaches used to determine the likelihood of a threat
occurring?
Qualitative and quantitative
Which of the following statements best describes non-repudiation?
'[The] ability to prove the occurrence of a claimed event or action and its originating
entities.'
How should the implementation of an information assurance system be seen
within an organisation?
As a whole organisation issue
Which of the following best describes a vulnerability?
A weakness in the configuration of software or hardware that could allow a threat to
damage the network.
,Which of the following items determine what a user can change or view?
Access control
Which of the following is not provided by an Information Security Management
System?
Risk elimination
You have been tasked with implementing a number of security controls to protect
the organisation's email system, including anti-virus and anti-spam software.
What type of approach are you taking to handle the risk?
Risk reduction
What are the 5 V's of big data?
1. Volume
2. Velocity
3. Variety
4. Veracity
5. Value
When planning an information assurance implementation, consideration should
be given to which of the following?
- The organisation's appetite to resolve the issues
- How easy the implementation will be
- How long it will take to implement controls
To support the information security program, senior management needs to
understand which of the following?
, The risks facing the organisation, the benefits they will see from their investment, and
how they can support or sponsor the program.
Which of the following does a security procedure contain?
Instructions for implementing a security policy.
If you employ a subcontractor for a particular contract, which of the following
should you do?
Ensure that they sign a non-disclosure agreement to protect the organisation's
confidential information.
When you employ contractors, what should you do?
Ensure that they operate within the constraints of the security policy by having them
agree and sign up to it is describes as SAL.
Which of the following security documents is not mandatory?
A guideline
What is the best approach to keeping spending on information security at an
appropriate level?
Take a considered approach and negotiate with the CFO and company stakeholders to
strike the right balance.
To meet the requirements of the Data Protection Act, you implement an ISO 27001
framework in your business. To ensure you are DPA compliant, what should you
do?
Conduct a formal Data Protection Act compliance audit using a specialist.
Which of the following are attributes of an effective information assurance
implementation plan?
SOLUTIONS LATEST UPDATE
What should be a key feature of security documentation?
Accessible and understandable by all staff.
What is the most appropriate strategy after security controls or countermeasures
are implemented?
Continually review and monitor the risks
Which of the following is not a vulnerability?
A hacked Facebook account
What are the two main approaches used to determine the likelihood of a threat
occurring?
Qualitative and quantitative
Which of the following statements best describes non-repudiation?
'[The] ability to prove the occurrence of a claimed event or action and its originating
entities.'
How should the implementation of an information assurance system be seen
within an organisation?
As a whole organisation issue
Which of the following best describes a vulnerability?
A weakness in the configuration of software or hardware that could allow a threat to
damage the network.
,Which of the following items determine what a user can change or view?
Access control
Which of the following is not provided by an Information Security Management
System?
Risk elimination
You have been tasked with implementing a number of security controls to protect
the organisation's email system, including anti-virus and anti-spam software.
What type of approach are you taking to handle the risk?
Risk reduction
What are the 5 V's of big data?
1. Volume
2. Velocity
3. Variety
4. Veracity
5. Value
When planning an information assurance implementation, consideration should
be given to which of the following?
- The organisation's appetite to resolve the issues
- How easy the implementation will be
- How long it will take to implement controls
To support the information security program, senior management needs to
understand which of the following?
, The risks facing the organisation, the benefits they will see from their investment, and
how they can support or sponsor the program.
Which of the following does a security procedure contain?
Instructions for implementing a security policy.
If you employ a subcontractor for a particular contract, which of the following
should you do?
Ensure that they sign a non-disclosure agreement to protect the organisation's
confidential information.
When you employ contractors, what should you do?
Ensure that they operate within the constraints of the security policy by having them
agree and sign up to it is describes as SAL.
Which of the following security documents is not mandatory?
A guideline
What is the best approach to keeping spending on information security at an
appropriate level?
Take a considered approach and negotiate with the CFO and company stakeholders to
strike the right balance.
To meet the requirements of the Data Protection Act, you implement an ISO 27001
framework in your business. To ensure you are DPA compliant, what should you
do?
Conduct a formal Data Protection Act compliance audit using a specialist.
Which of the following are attributes of an effective information assurance
implementation plan?
