CISMP EXAM QUESTIONS AND ANSWERS WITH COMPLETE
SOLUTIONS VERIFIED LATEST UPDATE 2024/2025
What is the difference between data and information?
Data is the basic facts and stats and information is the result of Data analysis
What are the main types of Risk management controls?
Eliminate,Reduce,Transfer,Accept
Onion layer Approach
A layered approach to operational security
using all types
Egress control
Organizations can monitor egress traffic for anomalous or malicious activity through
egress filtering.
Ingress Control
An ingress controller acts as a reverse proxy and load balancer
what is Active content
Active content is code hidden in documents and websites that enhance the end-user
experience
WAP(wireless application protocol)
A standard that defines the way in which Internet communications and other advanced
services are provided on wireless mobile devices.
Public Key Infrastructure
, a combination of policies, procedures and technology needed to manage digital
certificates in a public key cryptography scheme.
What is Network sniffing?
A passive technique that monitors network communication, decodes protocols, and
examines headers and payloads for information of interest.
Main uses of cryptography
confidentiality and integrity of both data in transit as well as data at rest. It can also
authenticate senders and recipients to one another and protect against repudiation.
What are the 3 protocols used in IPsec?
Authentication Header
Encapsulating Security Payload
Enhanced Cryptographic Algorithms
Which of the following lists UK Government data classifications (in decreasing
order)?
a) TOP SECRET, SECRET, OFFICIAL
b) TOP SECRET, SECRET, OFFICIAL-SENSITIVE, PUBLIC
c) TOP SECRET, SECRET, OFFICIAL, PUBLIC
A
Which of the following is a principle of data processing under GDPR?
a) Purpose limitation
b) Data minimisation
c) Storage limitation
d)All of above
SOLUTIONS VERIFIED LATEST UPDATE 2024/2025
What is the difference between data and information?
Data is the basic facts and stats and information is the result of Data analysis
What are the main types of Risk management controls?
Eliminate,Reduce,Transfer,Accept
Onion layer Approach
A layered approach to operational security
using all types
Egress control
Organizations can monitor egress traffic for anomalous or malicious activity through
egress filtering.
Ingress Control
An ingress controller acts as a reverse proxy and load balancer
what is Active content
Active content is code hidden in documents and websites that enhance the end-user
experience
WAP(wireless application protocol)
A standard that defines the way in which Internet communications and other advanced
services are provided on wireless mobile devices.
Public Key Infrastructure
, a combination of policies, procedures and technology needed to manage digital
certificates in a public key cryptography scheme.
What is Network sniffing?
A passive technique that monitors network communication, decodes protocols, and
examines headers and payloads for information of interest.
Main uses of cryptography
confidentiality and integrity of both data in transit as well as data at rest. It can also
authenticate senders and recipients to one another and protect against repudiation.
What are the 3 protocols used in IPsec?
Authentication Header
Encapsulating Security Payload
Enhanced Cryptographic Algorithms
Which of the following lists UK Government data classifications (in decreasing
order)?
a) TOP SECRET, SECRET, OFFICIAL
b) TOP SECRET, SECRET, OFFICIAL-SENSITIVE, PUBLIC
c) TOP SECRET, SECRET, OFFICIAL, PUBLIC
A
Which of the following is a principle of data processing under GDPR?
a) Purpose limitation
b) Data minimisation
c) Storage limitation
d)All of above
