BCS – CISMP QUESTIONS AND ANSWERS
WITH COMPLETE SOLUTIONS
A chief information security officer (CISO) at a large organization documented a
policy that establishes the acceptable use of cloud environments for all staff. This
is an example of a:
A) Management/Administrative control
B) Technical control
C) Physical control
D) Cloud control - ANSWER A) Management/Administrative control
Is it possible to avoid risk?
A) Yes
B) No
C) Sometimes
D) Never - ANSWER A) Yes
What is meant by non-repudiation?
A) If a user does something, they can't later claim that they didn't do it.
B) Controls to protect the organization's reputation from harm due to
inappropriate social media postings by employees, even if on their private
accounts and personal time.
, C) It is part of the rules set by administrative controls.
D) It is a security feature that prevents session replay attacks. - ANSWER A) If a
user does something, they can't later claim that they didn't do it.
Which of the following is NOT one of the four typical ways of managing risk?
A) Avoid
B) Accept
C) Mitigate
D) Conflate - ANSWER D) Conflate
Siobhan is deciding whether to make a purchase online; the vendor wants Siobhan
to create a new user account, and is requesting Siobhan's full name, home
address, credit card number, phone number, email address, the ability to send
marketing messages to Siobhan, and permission to share this data with other
vendors. Siobhan decides that the item for sale is not worth the value of Siobhan's
personal information, and decides to not make the purchase. What kind of risk
management approach did Siobhan make?
A) Avoidance
B) Acceptance
C) Mitigation
D) Transfer - ANSWER A) Avoidance
Guillermo is the system administrator for a midsized retail organization. Guillermo
has been tasked with writing a document that describes, step-by-step, how to
WITH COMPLETE SOLUTIONS
A chief information security officer (CISO) at a large organization documented a
policy that establishes the acceptable use of cloud environments for all staff. This
is an example of a:
A) Management/Administrative control
B) Technical control
C) Physical control
D) Cloud control - ANSWER A) Management/Administrative control
Is it possible to avoid risk?
A) Yes
B) No
C) Sometimes
D) Never - ANSWER A) Yes
What is meant by non-repudiation?
A) If a user does something, they can't later claim that they didn't do it.
B) Controls to protect the organization's reputation from harm due to
inappropriate social media postings by employees, even if on their private
accounts and personal time.
, C) It is part of the rules set by administrative controls.
D) It is a security feature that prevents session replay attacks. - ANSWER A) If a
user does something, they can't later claim that they didn't do it.
Which of the following is NOT one of the four typical ways of managing risk?
A) Avoid
B) Accept
C) Mitigate
D) Conflate - ANSWER D) Conflate
Siobhan is deciding whether to make a purchase online; the vendor wants Siobhan
to create a new user account, and is requesting Siobhan's full name, home
address, credit card number, phone number, email address, the ability to send
marketing messages to Siobhan, and permission to share this data with other
vendors. Siobhan decides that the item for sale is not worth the value of Siobhan's
personal information, and decides to not make the purchase. What kind of risk
management approach did Siobhan make?
A) Avoidance
B) Acceptance
C) Mitigation
D) Transfer - ANSWER A) Avoidance
Guillermo is the system administrator for a midsized retail organization. Guillermo
has been tasked with writing a document that describes, step-by-step, how to
