CISMP EXAM PREP QUESTIONS AND
ANSWERS (VERIFIED ANSWERS) | NEW
UPDATE 2025
Information Assurance - ANSWER The confidence that systems will protect the
info they carry and will function as and when they need to under legit, authorised
users
information security management system (ISMS) - ANSWER Preservers the CIA
of info by applying a risk management process.
ISMS must be part of and integr. with the org's processes/management structure
and that InfoSec is considered in the design of processes, IS's and controls
CIA - ANSWER Confidentiality, integrity, and availability.
Confidentiality helps prevent the unauthorized disclosure of data.
Integrity provides assurances that data has not been modified, tampered with, or
corrupted.
Availability indicates that data and services are available when needed.
statement of applicability (SOA) - ANSWER a document listing all the controls
that you have implemented against the risks you have identified
, SIEM - ANSWER System Information and Event Management
Software tool that aggregates multiple server logs and monitors them
CTI - ANSWER Cyber Threat Intelligence
Risk Assessment - ANSWER The overall process of risk identification, analysis
and evalation.
Risk treatment - ANSWER a process to modify risk
Risk management/evaluation process - ANSWER coordinated activities to
direct and control an org with regard to risk
AVOID, ACCEPT, TRANSFER, REDUCE
Risk Management Lifecycle - ANSWER Identify, analyse, treat, monitor
Residual risk - ANSWER exposure remaining from a specific risk after action
has been taken to manage it, assuming the action is effective
Risk appetite - ANSWER level of risk an org is prepared to accept, tolerate or
be exposed to
Asset value - ANSWER How much the business will lose if the asset is
compromised, how much it is worth in business terms
ANSWERS (VERIFIED ANSWERS) | NEW
UPDATE 2025
Information Assurance - ANSWER The confidence that systems will protect the
info they carry and will function as and when they need to under legit, authorised
users
information security management system (ISMS) - ANSWER Preservers the CIA
of info by applying a risk management process.
ISMS must be part of and integr. with the org's processes/management structure
and that InfoSec is considered in the design of processes, IS's and controls
CIA - ANSWER Confidentiality, integrity, and availability.
Confidentiality helps prevent the unauthorized disclosure of data.
Integrity provides assurances that data has not been modified, tampered with, or
corrupted.
Availability indicates that data and services are available when needed.
statement of applicability (SOA) - ANSWER a document listing all the controls
that you have implemented against the risks you have identified
, SIEM - ANSWER System Information and Event Management
Software tool that aggregates multiple server logs and monitors them
CTI - ANSWER Cyber Threat Intelligence
Risk Assessment - ANSWER The overall process of risk identification, analysis
and evalation.
Risk treatment - ANSWER a process to modify risk
Risk management/evaluation process - ANSWER coordinated activities to
direct and control an org with regard to risk
AVOID, ACCEPT, TRANSFER, REDUCE
Risk Management Lifecycle - ANSWER Identify, analyse, treat, monitor
Residual risk - ANSWER exposure remaining from a specific risk after action
has been taken to manage it, assuming the action is effective
Risk appetite - ANSWER level of risk an org is prepared to accept, tolerate or
be exposed to
Asset value - ANSWER How much the business will lose if the asset is
compromised, how much it is worth in business terms
