CPHIMS 2025-2026 EXAM QUESTIONS AND
ANSWERS 100% CORRECT
Threat Sources for Systems Privacy and Security
1. humans, including employee saboteurs and hackers 2. natural disasters or other
environmental events.
Risk mitigation process
Was are used to lower the factor of risk. It includes an action that can be taken in order
to lower the risk, controls over it that will help lower the risk, and also documentation of
the residual risk.
AAA or triple A
1. Approach 2. Authentication 3. Accounting
Authentication
1. User knows 2. User has - Token 3. Biometric - fingerprint
Physical safeguards
Physical safeguards are the measures, policies and procedures that protect electronic
information systems from natural and environmental hazards as well as unauthorized
intrusion. Examples of physical safeguards include data centers located outside a
floodplain, having redundant sources of power and limiting access to server rooms or
areas where data may be accessed or damaged.
Network diagramsto include the location and configuration of firewalls, servers and
routers must be maintained.
Strategy
A master plan to achieve one or more long-range or overall objectives under uncertainty
SWOT analysis
A planning tool for examining information on an organization's: strengths, weaknesses,
opportunities and threats
Page 1 of 56
,IT Strategic plan
A set of long-term objectives that describes the IT infrastructure along with major IT
initiatives necessary to accomplish the organizations objectives
Test Strategies
1. testing scope and objectives
2. testing tools and automation
3. Risks and mitigation
4. Testing roles and responsibilities
5. Testing measurements and metrics
6. Defect reporting and tracking
Manual testing - tools required
1. Written test plan
2. Test script
3. Method of recording test results
Black Box Testing
Also known as Functional testing.
Look at program spec to develop test data covering I/O and program functions. Tester
has no knowledge of the internal ops of the system
White box testing
Internal structures of the system as opposed to its functionality
Also knows as structure testing
Grey Box Testing
Gray-box testing is a combination of white-box testing and black-box testing. Goal of this
Page 2 of 56
,testing is to search for the defects if any due to improper structure or improper usage of
applications.
Tester knows expected functionality and some understanding of internal structures
What are 3 testing types performed at specific levels of development?
1. unit level testing
2. integration testing
3. system testing
3 Examples of Objective testing
1. stress
2. user acceptance
3. regression
Unit testing
Smallest part of an application that can be independently tested
Unit tests are
Written by programmers and white-box testers in during the development of the
application
Used to guarantee pieces function in isolation, but individually can't be relied on with
regards to functions being valid
Integration testing
Integration testing is the systematic testing of individual software modules,
applications, or units integrated together that test them as a combined entity for the
purpose of finding interface defects between the integrated components, how well they
interact with each other.
Page 3 of 56
, - When in Gray Box testing this type is mostly applied: The tester needs to be informed of
the internal code of the individual units and also the expected system functionality.
System Testing
Carried out on a full, integrated system to assess the system's conformity with its set
requirements.
Stress testing
Looks for the stability of system. Tests beyond normal operational capacity, sometimes
to a breaking point, to see what happens as a result.
Acceptance testing
To check that requirements of a specification or contract are satisfied and to verify
successful system implementation.
3 types of test controls
1. Version controls or revision controls
2. Security audits
3. Change controls
Version control
monitors and gives control over the different changes made to source code.
Sometimes, software developers and testers make use of version control software to
maintain documentation and configuration files, along with source code.
Also known as revision control
Change control
Page 4 of 56
ANSWERS 100% CORRECT
Threat Sources for Systems Privacy and Security
1. humans, including employee saboteurs and hackers 2. natural disasters or other
environmental events.
Risk mitigation process
Was are used to lower the factor of risk. It includes an action that can be taken in order
to lower the risk, controls over it that will help lower the risk, and also documentation of
the residual risk.
AAA or triple A
1. Approach 2. Authentication 3. Accounting
Authentication
1. User knows 2. User has - Token 3. Biometric - fingerprint
Physical safeguards
Physical safeguards are the measures, policies and procedures that protect electronic
information systems from natural and environmental hazards as well as unauthorized
intrusion. Examples of physical safeguards include data centers located outside a
floodplain, having redundant sources of power and limiting access to server rooms or
areas where data may be accessed or damaged.
Network diagramsto include the location and configuration of firewalls, servers and
routers must be maintained.
Strategy
A master plan to achieve one or more long-range or overall objectives under uncertainty
SWOT analysis
A planning tool for examining information on an organization's: strengths, weaknesses,
opportunities and threats
Page 1 of 56
,IT Strategic plan
A set of long-term objectives that describes the IT infrastructure along with major IT
initiatives necessary to accomplish the organizations objectives
Test Strategies
1. testing scope and objectives
2. testing tools and automation
3. Risks and mitigation
4. Testing roles and responsibilities
5. Testing measurements and metrics
6. Defect reporting and tracking
Manual testing - tools required
1. Written test plan
2. Test script
3. Method of recording test results
Black Box Testing
Also known as Functional testing.
Look at program spec to develop test data covering I/O and program functions. Tester
has no knowledge of the internal ops of the system
White box testing
Internal structures of the system as opposed to its functionality
Also knows as structure testing
Grey Box Testing
Gray-box testing is a combination of white-box testing and black-box testing. Goal of this
Page 2 of 56
,testing is to search for the defects if any due to improper structure or improper usage of
applications.
Tester knows expected functionality and some understanding of internal structures
What are 3 testing types performed at specific levels of development?
1. unit level testing
2. integration testing
3. system testing
3 Examples of Objective testing
1. stress
2. user acceptance
3. regression
Unit testing
Smallest part of an application that can be independently tested
Unit tests are
Written by programmers and white-box testers in during the development of the
application
Used to guarantee pieces function in isolation, but individually can't be relied on with
regards to functions being valid
Integration testing
Integration testing is the systematic testing of individual software modules,
applications, or units integrated together that test them as a combined entity for the
purpose of finding interface defects between the integrated components, how well they
interact with each other.
Page 3 of 56
, - When in Gray Box testing this type is mostly applied: The tester needs to be informed of
the internal code of the individual units and also the expected system functionality.
System Testing
Carried out on a full, integrated system to assess the system's conformity with its set
requirements.
Stress testing
Looks for the stability of system. Tests beyond normal operational capacity, sometimes
to a breaking point, to see what happens as a result.
Acceptance testing
To check that requirements of a specification or contract are satisfied and to verify
successful system implementation.
3 types of test controls
1. Version controls or revision controls
2. Security audits
3. Change controls
Version control
monitors and gives control over the different changes made to source code.
Sometimes, software developers and testers make use of version control software to
maintain documentation and configuration files, along with source code.
Also known as revision control
Change control
Page 4 of 56
