BCS CISMP Exam Questions and
Answers 100% Solved
Which of the following doesn't apply to risk?
a) Risk is the effect of uncertainty on objectives
b) When assessing risk you should take into account the consequence and
likelihood of security incidents
c) Risk is the possibility that a threat actor will exploit a vulnerability to
create a security incident
d) In order to assess risk you will need an understanding of your
organisation's assets and its vulnerabilities, as well as the threats, both
internal and external, that it faces - ✔✔C
Which of the following is true?
a) An unpatched web server is a threat
b) An unencrypted corporate wireless LAN is a threat
c) Both of the above
1
©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
,d) None of the above - ✔✔D
Which of the following is not a vulnerability?
a) A misconfigured firewall
b) A script kiddie
c) Both of the above
d) None of the above - ✔✔B
ISMS stands for...
a) Integrated Security Management System
b) Information System Managed Security
c) Information Security Management System
d) Integrated System for Managed Security - ✔✔C
When accessing an IT system, the order of events is...
a) Authentication, Identification, Authorisation
b) Identification, Authorisation, Authentication
c) Authorisation, Identification, Authentication
d) None of the above - ✔✔D
2
©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
, According to NIST definitions, which of the following is not an essential
characteristic of cloud computing?
a) Access through value-added networks using proprietary protocols
b) Rapid elasticity
c) Location-independent resource pooling
d) On-demand self-service - ✔✔A
A web service available to the public has been compromised. The hackers
were able to copy passwords and modify them. Which information security
principles will have been violated by the breach?
a) Confidentiality and integrity only
b) Integrity and availability only
c) Availability and confidentiality only
d) Confidentiality, integrity and availability - ✔✔D
When considering the deployment of a new information system, which of
the following is correct?
a) The system should be accredited before being certified
3
©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
Answers 100% Solved
Which of the following doesn't apply to risk?
a) Risk is the effect of uncertainty on objectives
b) When assessing risk you should take into account the consequence and
likelihood of security incidents
c) Risk is the possibility that a threat actor will exploit a vulnerability to
create a security incident
d) In order to assess risk you will need an understanding of your
organisation's assets and its vulnerabilities, as well as the threats, both
internal and external, that it faces - ✔✔C
Which of the following is true?
a) An unpatched web server is a threat
b) An unencrypted corporate wireless LAN is a threat
c) Both of the above
1
©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
,d) None of the above - ✔✔D
Which of the following is not a vulnerability?
a) A misconfigured firewall
b) A script kiddie
c) Both of the above
d) None of the above - ✔✔B
ISMS stands for...
a) Integrated Security Management System
b) Information System Managed Security
c) Information Security Management System
d) Integrated System for Managed Security - ✔✔C
When accessing an IT system, the order of events is...
a) Authentication, Identification, Authorisation
b) Identification, Authorisation, Authentication
c) Authorisation, Identification, Authentication
d) None of the above - ✔✔D
2
©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
, According to NIST definitions, which of the following is not an essential
characteristic of cloud computing?
a) Access through value-added networks using proprietary protocols
b) Rapid elasticity
c) Location-independent resource pooling
d) On-demand self-service - ✔✔A
A web service available to the public has been compromised. The hackers
were able to copy passwords and modify them. Which information security
principles will have been violated by the breach?
a) Confidentiality and integrity only
b) Integrity and availability only
c) Availability and confidentiality only
d) Confidentiality, integrity and availability - ✔✔D
When considering the deployment of a new information system, which of
the following is correct?
a) The system should be accredited before being certified
3
©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
