BCS CISMP EXAMINATION TEST 2026 Q&A
WITH CORRECT ANSWERS GRADED A+
⫸ Which of the following is true?
a) An unpatched web server is a threat
b) An unencrypted corporate wireless LAN is a threat
c) Both of the above
d) None of the above. Answer: D
⫸ Which of the following is not a vulnerability?
a) A misconfigured firewall
b) A script kiddie
c) Both of the above
d) None of the above. Answer: B
⫸ ISMS stands for...
a) Integrated Security Management System
b) Information System Managed Security
c) Information Security Management System
,d) Integrated System for Managed Security. Answer: C
⫸ When accessing an IT system, the order of events is...
a) Authentication, Identification, Authorisation
b) Identification, Authorisation, Authentication
c) Authorisation, Identification, Authentication
d) None of the above. Answer: D
⫸ According to NIST definitions, which of the following is not an
essential characteristic of cloud computing?
a) Access through value-added networks using proprietary protocols
b) Rapid elasticity
c) Location-independent resource pooling
d) On-demand self-service. Answer: A
⫸ A web service available to the public has been compromised. The
hackers were able to copy passwords and modify them. Which
information security principles will have been violated by the breach?
a) Confidentiality and integrity only
b) Integrity and availability only
c) Availability and confidentiality only
, d) Confidentiality, integrity and availability. Answer: D
⫸ When considering the deployment of a new information system,
which of the following is correct?
a) The system should be accredited before being certified
b) Certification is a formal assessment of the information system
against information assurance requirements, resulting in the
acceptance of residual risk in the context of business requirements
and formal approval by management
c) Accreditation is a comprehensive assessment of the system's
security controls to determine whether they meet the security
requirements of the system
d) The system should be certified before being accredited. Answer: D
⫸ When valuing an asset, what should you take into consideration?
Select the best answer.
a) Its replacement cost
b) Lost revenue while the asset is unavailable
c) Lost business owing to repetitional damage
d) All of the above. Answer: D
⫸ Which of the following is a tangible asset?
a) Brand image
WITH CORRECT ANSWERS GRADED A+
⫸ Which of the following is true?
a) An unpatched web server is a threat
b) An unencrypted corporate wireless LAN is a threat
c) Both of the above
d) None of the above. Answer: D
⫸ Which of the following is not a vulnerability?
a) A misconfigured firewall
b) A script kiddie
c) Both of the above
d) None of the above. Answer: B
⫸ ISMS stands for...
a) Integrated Security Management System
b) Information System Managed Security
c) Information Security Management System
,d) Integrated System for Managed Security. Answer: C
⫸ When accessing an IT system, the order of events is...
a) Authentication, Identification, Authorisation
b) Identification, Authorisation, Authentication
c) Authorisation, Identification, Authentication
d) None of the above. Answer: D
⫸ According to NIST definitions, which of the following is not an
essential characteristic of cloud computing?
a) Access through value-added networks using proprietary protocols
b) Rapid elasticity
c) Location-independent resource pooling
d) On-demand self-service. Answer: A
⫸ A web service available to the public has been compromised. The
hackers were able to copy passwords and modify them. Which
information security principles will have been violated by the breach?
a) Confidentiality and integrity only
b) Integrity and availability only
c) Availability and confidentiality only
, d) Confidentiality, integrity and availability. Answer: D
⫸ When considering the deployment of a new information system,
which of the following is correct?
a) The system should be accredited before being certified
b) Certification is a formal assessment of the information system
against information assurance requirements, resulting in the
acceptance of residual risk in the context of business requirements
and formal approval by management
c) Accreditation is a comprehensive assessment of the system's
security controls to determine whether they meet the security
requirements of the system
d) The system should be certified before being accredited. Answer: D
⫸ When valuing an asset, what should you take into consideration?
Select the best answer.
a) Its replacement cost
b) Lost revenue while the asset is unavailable
c) Lost business owing to repetitional damage
d) All of the above. Answer: D
⫸ Which of the following is a tangible asset?
a) Brand image
