BCS CISMP EXAM PREP Q&A 2026 STUDY
GUIDE SOLVED QUESTIONS
⫸ Is it possible to avoid risk?
A) Yes
B) No
C) Sometimes
D) Never. Answer: A) Yes
⫸ What is meant by non-repudiation?
A) If a user does something, they can't later claim that they didn't do
it.
B) Controls to protect the organization's reputation from harm due to
inappropriate social media postings by employees, even if on their
private accounts and personal time.
C) It is part of the rules set by administrative controls.
D) It is a security feature that prevents session replay attacks..
Answer: A) If a user does something, they can't later claim that they
didn't do it.
⫸ Which of the following is NOT one of the four typical ways of
managing risk?
, A) Avoid
B) Accept
C) Mitigate
D) Conflate. Answer: D) Conflate
⫸ Siobhan is deciding whether to make a purchase online; the
vendor wants Siobhan to create a new user account, and is requesting
Siobhan's full name, home address, credit card number, phone
number, email address, the ability to send marketing messages to
Siobhan, and permission to share this data with other vendors.
Siobhan decides that the item for sale is not worth the value of
Siobhan's personal information, and decides to not make the purchase.
What kind of risk management approach did Siobhan make?
A) Avoidance
B) Acceptance
C) Mitigation
D) Transfer. Answer: A) Avoidance
⫸ Guillermo is the system administrator for a midsized retail
organization. Guillermo has been tasked with writing a document that
describes, step-by-step, how to securely install the operating system
on a new laptop. This document is an example of a ________.
GUIDE SOLVED QUESTIONS
⫸ Is it possible to avoid risk?
A) Yes
B) No
C) Sometimes
D) Never. Answer: A) Yes
⫸ What is meant by non-repudiation?
A) If a user does something, they can't later claim that they didn't do
it.
B) Controls to protect the organization's reputation from harm due to
inappropriate social media postings by employees, even if on their
private accounts and personal time.
C) It is part of the rules set by administrative controls.
D) It is a security feature that prevents session replay attacks..
Answer: A) If a user does something, they can't later claim that they
didn't do it.
⫸ Which of the following is NOT one of the four typical ways of
managing risk?
, A) Avoid
B) Accept
C) Mitigate
D) Conflate. Answer: D) Conflate
⫸ Siobhan is deciding whether to make a purchase online; the
vendor wants Siobhan to create a new user account, and is requesting
Siobhan's full name, home address, credit card number, phone
number, email address, the ability to send marketing messages to
Siobhan, and permission to share this data with other vendors.
Siobhan decides that the item for sale is not worth the value of
Siobhan's personal information, and decides to not make the purchase.
What kind of risk management approach did Siobhan make?
A) Avoidance
B) Acceptance
C) Mitigation
D) Transfer. Answer: A) Avoidance
⫸ Guillermo is the system administrator for a midsized retail
organization. Guillermo has been tasked with writing a document that
describes, step-by-step, how to securely install the operating system
on a new laptop. This document is an example of a ________.
