CISMP 2025/2026 Exam Questions and
Verified Answers | Already Graded A+
Why is a working group a good idea? - 🧠 ANSWER ✔✔You get perspective
from all stakeholders across the business
Confidentiality - 🧠 ANSWER ✔✔The property that information is not made
available or disclosed to unauthorised individuals, entities or processes
Integrity - 🧠 ANSWER ✔✔The property of accuracy and completeness
Availability - 🧠 ANSWER ✔✔The property of informatiuo being accessible
upon demand by an authorised entity
Asset - 🧠 ANSWER ✔✔Anything that has value to an organiation
What are the 3 main types of asset? - 🧠 ANSWER ✔✔1. Physical
2. Software
3. Pure information (in any format)
,What is the difference between data and information? - 🧠 ANSWER
✔✔Data is the basic facts and stats that can be analysed. Information is
the result of this analysis
Threat - 🧠 ANSWER ✔✔A potential cause of an unwanted incident that can
result in harm to an organisation
Vulnerability - 🧠 ANSWER ✔✔A weakness of an asset or control that can
be exploited by one or more threats
Risk - 🧠 ANSWER ✔✔The effect of uncertainty on objectives and the
combination of a threat and a vulnerability
Impact - 🧠 ANSWER ✔✔The result of an info security incident, caused by a
threat, which affects assets
True or False
The threat and vulnerability must be present for a risk to exist - 🧠 ANSWER
✔✔True
What is the purpose of a control? - 🧠 ANSWER ✔✔An activity that is taken
to manage an identified risk
,What are the three main types of strategic control? - 🧠 ANSWER
✔✔Eliminate (Risk avoidance)
Reduce
Transfer
Accept
What is risk avoidance? - 🧠 ANSWER ✔✔The informed decision not to be
involved in, or to withdraw from, an activity in order not to be exposed to a
particular risk
What is risk reduction? - 🧠 ANSWER ✔✔Action is taken to lessen the
probability, negative consequences associated with the risk
What is Risk Transfer? - 🧠 ANSWER ✔✔A form of risk treatment involving
the agreed distribution of risk with other parties
Why does risk transfer help? - 🧠 ANSWER ✔✔It moves accountability for a
risk to another organization that will take on future risk management. For
instance, insurance or writing contracts.
True or False?
COPYRIGHT©PROFFKERRYMARTIN 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE.
PRIVACY STATEMENT. ALL RIGHTS RESERVED
, Risk transfer will reduce accountability and impact - 🧠 ANSWER ✔✔False.
The impact will remain the same
Identity - 🧠 ANSWER ✔✔Info that distinguishes one entity from another
Authentication - 🧠 ANSWER ✔✔Provision of assurance of the claimed
identity of an entity
Authorization - 🧠 ANSWER ✔✔The right or permission that is granted to a
system entity to access a systemresource
Accountability - 🧠 ANSWER ✔✔The property that ensures that the actions
of an entity can be traced uniquely to the entity
Audit - 🧠 ANSWER ✔✔The review of a party's capacity to meet, or continue
to meet, the initial and ongoing approval agreements as a service provider
Compliance - 🧠 ANSWER ✔✔Meeting or exceeding all applicable
requirements or a standard or other published set of requirements
What is an Info Security Management System (ISMS)? - 🧠 ANSWER
✔✔Part of the overall management system, based on a business risk
approach, used to establish, implement, operate, monitor, review, maintain,
and improve info security
Verified Answers | Already Graded A+
Why is a working group a good idea? - 🧠 ANSWER ✔✔You get perspective
from all stakeholders across the business
Confidentiality - 🧠 ANSWER ✔✔The property that information is not made
available or disclosed to unauthorised individuals, entities or processes
Integrity - 🧠 ANSWER ✔✔The property of accuracy and completeness
Availability - 🧠 ANSWER ✔✔The property of informatiuo being accessible
upon demand by an authorised entity
Asset - 🧠 ANSWER ✔✔Anything that has value to an organiation
What are the 3 main types of asset? - 🧠 ANSWER ✔✔1. Physical
2. Software
3. Pure information (in any format)
,What is the difference between data and information? - 🧠 ANSWER
✔✔Data is the basic facts and stats that can be analysed. Information is
the result of this analysis
Threat - 🧠 ANSWER ✔✔A potential cause of an unwanted incident that can
result in harm to an organisation
Vulnerability - 🧠 ANSWER ✔✔A weakness of an asset or control that can
be exploited by one or more threats
Risk - 🧠 ANSWER ✔✔The effect of uncertainty on objectives and the
combination of a threat and a vulnerability
Impact - 🧠 ANSWER ✔✔The result of an info security incident, caused by a
threat, which affects assets
True or False
The threat and vulnerability must be present for a risk to exist - 🧠 ANSWER
✔✔True
What is the purpose of a control? - 🧠 ANSWER ✔✔An activity that is taken
to manage an identified risk
,What are the three main types of strategic control? - 🧠 ANSWER
✔✔Eliminate (Risk avoidance)
Reduce
Transfer
Accept
What is risk avoidance? - 🧠 ANSWER ✔✔The informed decision not to be
involved in, or to withdraw from, an activity in order not to be exposed to a
particular risk
What is risk reduction? - 🧠 ANSWER ✔✔Action is taken to lessen the
probability, negative consequences associated with the risk
What is Risk Transfer? - 🧠 ANSWER ✔✔A form of risk treatment involving
the agreed distribution of risk with other parties
Why does risk transfer help? - 🧠 ANSWER ✔✔It moves accountability for a
risk to another organization that will take on future risk management. For
instance, insurance or writing contracts.
True or False?
COPYRIGHT©PROFFKERRYMARTIN 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE.
PRIVACY STATEMENT. ALL RIGHTS RESERVED
, Risk transfer will reduce accountability and impact - 🧠 ANSWER ✔✔False.
The impact will remain the same
Identity - 🧠 ANSWER ✔✔Info that distinguishes one entity from another
Authentication - 🧠 ANSWER ✔✔Provision of assurance of the claimed
identity of an entity
Authorization - 🧠 ANSWER ✔✔The right or permission that is granted to a
system entity to access a systemresource
Accountability - 🧠 ANSWER ✔✔The property that ensures that the actions
of an entity can be traced uniquely to the entity
Audit - 🧠 ANSWER ✔✔The review of a party's capacity to meet, or continue
to meet, the initial and ongoing approval agreements as a service provider
Compliance - 🧠 ANSWER ✔✔Meeting or exceeding all applicable
requirements or a standard or other published set of requirements
What is an Info Security Management System (ISMS)? - 🧠 ANSWER
✔✔Part of the overall management system, based on a business risk
approach, used to establish, implement, operate, monitor, review, maintain,
and improve info security
