CISMP EXAM QUESTIONS AND ANSWERS WITH COMPLETE SOLUTIONS VERIFIED BY EXPERT 2024/2025
6 views 0 purchase
Course
CISMP
Institution
CISMP
CISMP EXAM QUESTIONS AND ANSWERS WITH COMPLETE SOLUTIONS VERIFIED BY EXPERT 2024/2025
Confidentiality
Information not disclosed to unauthorised people, entities or processes
What should be included in an IA policy?
How IA would be managed, how it should be communicated to users, statement of ...
cismp exam questions and answers with complete sol
Written for
CISMP
All documents for this subject (43)
Seller
Follow
NurseAdvocate
Reviews received
Content preview
CISMP EXAM QUESTIONS AND ANSWERS WITH COMPLETE
SOLUTIONS VERIFIED BY EXPERT 2024/2025
Confidentiality
Information not disclosed to unauthorised people, entities or processes
What should be included in an IA policy?
How IA would be managed, how it should be communicated to users, statement of
support from senior management, protection of IA assets and how they will comply with
legal and regulatory obligations, consequences of non compliance.
Integrity
Accuracy and completeness
Availability
Property of information being accessible to individuals with the authority
Non-repudiation
Assurance that information validity cannot be denied (having sent or created etc.). Proof
of origin and integrity of data
Cyber Security
The protection of privacy, integrity and accessibility of information
Asset
Anything of value to an organisation (information, physical or software)
How are assets valued and what five aspects are considered?
,This is done using a Business Impact Assessment that will consider:
1. Cost of loss/unavailability (time)
2. Cost of recovery (back to BAU)
3. Value to a competitor (how much they would pay to get this asset)
4. Impact on brand reputation and customer loyalty
5. Cost of damage to other operations
Threat
Cause of an unwanted incident that may result in harm (can be subjective)
Vulnerability
Weakness in an asset/control that can be exploited by a threat/Risk
Risks arise when a threat and vulnerability are present - they are the effect of
uncertainty on acheiving an objective.
Impact
Result of an incident caused by a threat - this drives the controls put into place
What is an information security policy and what should it contain?
This is a policy for information assets and should contain statements acknowledging risk
exists, it's seriousness and that it has been considered by persons of correct authority
What are controls? And what four types of controls are there?
,Controls are activities that manage risk.
1. Reduce: lesson the probability of occurrence or lower the impact (risk = likelihood X
impact)
2. Eliminate: completely avoid activity that results in risk
3. Transfer: make another organisation responsible through contracts or insurance (only
covers financial).
4. Accept: Tolerate when impacts/likelihood are too small to justify the cost of mitigation.
What is defence in a. depth and b. breadth?
Depth: interconnection so attacks need to consider more than one system when
targeting a single system.
Breadth: layers of security increasing in complexity with more critical assets
Identity
Information that distinguishes one entity (can be people or information assets) from
another in a given domain without ambiguity
What is the AAA Framework and what does it include?
Way to understand the access ability of individuals within an organisation.
1.Authentication: assurance of the claimed identity of the entity to a level of appropriate
, confidence (what they know, who they are, what they have)
2. Authorisation: correct permissions granted to a system entity for access to a
resource.
3. Accounting: usage monitoring using SIEM to understand what they are accessing or
attempting to access.
Accountability
Property of a process that ensures the actions of an entity can be traced back to a
unique identity. Every action in a system must have someone accountable.
Audit
Review of a party's capacity to meet approval agreements, check records that actions
have been carried out correctly, no misuse of the system and identify gaps in system
functionality.
Compliance
Meeting all application requirements outlined in a standard/published set of
requirements
Information security professionalism and ethics?
Trust is most highly valued as security professionals get access to very important
information
What is an Information Security Management System? (ISMS)
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller NurseAdvocate. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.
