©BRIGHTSTARS EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
BCS CISMP Exam Questions With Verified
Answers
Which of the following doesn't apply to risk?
a) Risk is the effect of uncertainty on objectives
b) When assessing risk you should take into account the consequence and likelihood of security
incidents
c) Risk is the possibility that a threat actor will exploit a vulnerability to create a security
incident
d) In order to assess risk you will need an understanding of your organisation's assets and its
vulnerabilities, as well as the threats, both internal and external, that it faces - Answers✔C
Which of the following is true?
a) An unpatched web server is a threat
b) An unencrypted corporate wireless LAN is a threat
c) Both of the above
d) None of the above - Answers✔D
Which of the following is not a vulnerability?
a) A misconfigured firewall
b) A script kiddie
c) Both of the above
d) None of the above - Answers✔B
1
, ©BRIGHTSTARS EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
ISMS stands for...
a) Integrated Security Management System
b) Information System Managed Security
c) Information Security Management System
d) Integrated System for Managed Security - Answers✔C
When accessing an IT system, the order of events is...
a) Authentication, Identification, Authorisation
b) Identification, Authorisation, Authentication
c) Authorisation, Identification, Authentication
d) None of the above - Answers✔D
According to NIST definitions, which of the following is not an essential characteristic of cloud
computing?
a) Access through value-added networks using proprietary protocols
b) Rapid elasticity
c) Location-independent resource pooling
d) On-demand self-service - Answers✔A
A web service available to the public has been compromised. The hackers were able to copy
passwords and modify them. Which information security principles will have been violated by
the breach?
a) Confidentiality and integrity only
b) Integrity and availability only
c) Availability and confidentiality only
d) Confidentiality, integrity and availability - Answers✔D
2
, ©BRIGHTSTARS EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
When considering the deployment of a new information system, which of the following is
correct?
a) The system should be accredited before being certified
b) Certification is a formal assessment of the information system against information assurance
requirements, resulting in the acceptance of residual risk in the context of business requirements
and formal approval by management
c) Accreditation is a comprehensive assessment of the system's security controls to determine
whether they meet the security requirements of the system
d) The system should be certified before being accredited - Answers✔D
When valuing an asset, what should you take into consideration? Select the best answer.
a) Its replacement cost
b) Lost revenue while the asset is unavailable
c) Lost business owing to repetitional damage
d) All of the above - Answers✔D
Which of the following is a tangible asset?
a) Brand image
b) A data record stored on a hard drive
c) Reputation
d) None of the above - Answers✔B
Which of the following lists UK Government data classifications (in decreasing order of
sensitivity and criticality)?
a) TOP SECRET, SECRET, OFFICIAL, PUBLIC
b) SECRET, OFFICIAL-SENSITIVE, UNCLASSIFIED
c) TOP SECRET, SECRET, OFFICIAL
d) TOP SECRET, SECRET, OFFICIAL-SENSITIVE, PUBLIC - Answers✔C
3
ALL RIGHTS RESERVED.
BCS CISMP Exam Questions With Verified
Answers
Which of the following doesn't apply to risk?
a) Risk is the effect of uncertainty on objectives
b) When assessing risk you should take into account the consequence and likelihood of security
incidents
c) Risk is the possibility that a threat actor will exploit a vulnerability to create a security
incident
d) In order to assess risk you will need an understanding of your organisation's assets and its
vulnerabilities, as well as the threats, both internal and external, that it faces - Answers✔C
Which of the following is true?
a) An unpatched web server is a threat
b) An unencrypted corporate wireless LAN is a threat
c) Both of the above
d) None of the above - Answers✔D
Which of the following is not a vulnerability?
a) A misconfigured firewall
b) A script kiddie
c) Both of the above
d) None of the above - Answers✔B
1
, ©BRIGHTSTARS EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
ISMS stands for...
a) Integrated Security Management System
b) Information System Managed Security
c) Information Security Management System
d) Integrated System for Managed Security - Answers✔C
When accessing an IT system, the order of events is...
a) Authentication, Identification, Authorisation
b) Identification, Authorisation, Authentication
c) Authorisation, Identification, Authentication
d) None of the above - Answers✔D
According to NIST definitions, which of the following is not an essential characteristic of cloud
computing?
a) Access through value-added networks using proprietary protocols
b) Rapid elasticity
c) Location-independent resource pooling
d) On-demand self-service - Answers✔A
A web service available to the public has been compromised. The hackers were able to copy
passwords and modify them. Which information security principles will have been violated by
the breach?
a) Confidentiality and integrity only
b) Integrity and availability only
c) Availability and confidentiality only
d) Confidentiality, integrity and availability - Answers✔D
2
, ©BRIGHTSTARS EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
When considering the deployment of a new information system, which of the following is
correct?
a) The system should be accredited before being certified
b) Certification is a formal assessment of the information system against information assurance
requirements, resulting in the acceptance of residual risk in the context of business requirements
and formal approval by management
c) Accreditation is a comprehensive assessment of the system's security controls to determine
whether they meet the security requirements of the system
d) The system should be certified before being accredited - Answers✔D
When valuing an asset, what should you take into consideration? Select the best answer.
a) Its replacement cost
b) Lost revenue while the asset is unavailable
c) Lost business owing to repetitional damage
d) All of the above - Answers✔D
Which of the following is a tangible asset?
a) Brand image
b) A data record stored on a hard drive
c) Reputation
d) None of the above - Answers✔B
Which of the following lists UK Government data classifications (in decreasing order of
sensitivity and criticality)?
a) TOP SECRET, SECRET, OFFICIAL, PUBLIC
b) SECRET, OFFICIAL-SENSITIVE, UNCLASSIFIED
c) TOP SECRET, SECRET, OFFICIAL
d) TOP SECRET, SECRET, OFFICIAL-SENSITIVE, PUBLIC - Answers✔C
3
