CISMP V9 Example Questions With
Complete Solutions | 2024/2025 | 100%
Pass
What is the primary goal of information security?
A) To eliminate all security risks
B) To manage and mitigate risks to an acceptable level
C) To ensure all employees follow security protocols
D) To prevent unauthorized access to the internet
✔✔ B) To manage and mitigate risks to an acceptable level
Which of the following is a key component of an effective security policy?
A) Complexity and length
B) Clarity and enforceability
C) Exclusivity for IT staff only
D) General guidelines without specifics
✔✔ B) Clarity and enforceability
What does the acronym "CIA" in information security stand for?
1
,A) Confidentiality, Integrity, Accessibility
B) Compliance, Integrity, Audit
C) Confidentiality, Integrity, Availability
D) Control, Integrity, Availability
✔✔ C) Confidentiality, Integrity, Availability
Which framework provides guidelines for establishing an Information Security Management
System (ISMS)?
A) COBIT
B) NIST
C) ISO/IEC 27001
D) ITIL
✔✔ C) ISO/IEC 27001
What is the purpose of a risk assessment in information security?
A) To identify assets
B) To evaluate the effectiveness of security policies
C) To identify and evaluate risks
2
,D) To develop incident response plans
✔✔ C) To identify and evaluate risks
Which of the following is an example of a physical security control?
A) Passwords
B) Firewalls
C) Security cameras
D) Data encryption
✔✔ C) Security cameras
What type of attack involves overwhelming a system to disrupt services?
A) Phishing
B) Denial of Service (DoS)
C) Man-in-the-Middle
D) Social Engineering
✔✔ B) Denial of Service (DoS)
What is the role of security awareness training for employees?
3
, A) To promote software use
B) To enhance knowledge of security threats
C) To teach coding skills
D) To reduce the need for IT staff
✔✔ B) To enhance knowledge of security threats
What is a security incident?
A) A planned audit of security protocols
B) Any event that compromises the integrity of information
C) Regular updates to security software
D) A security awareness seminar
✔✔ B) Any event that compromises the integrity of information
How often should security policies be reviewed?
A) Every five years
B) Only when a security breach occurs
C) Regularly, at least annually
D) Never, once created
4
Complete Solutions | 2024/2025 | 100%
Pass
What is the primary goal of information security?
A) To eliminate all security risks
B) To manage and mitigate risks to an acceptable level
C) To ensure all employees follow security protocols
D) To prevent unauthorized access to the internet
✔✔ B) To manage and mitigate risks to an acceptable level
Which of the following is a key component of an effective security policy?
A) Complexity and length
B) Clarity and enforceability
C) Exclusivity for IT staff only
D) General guidelines without specifics
✔✔ B) Clarity and enforceability
What does the acronym "CIA" in information security stand for?
1
,A) Confidentiality, Integrity, Accessibility
B) Compliance, Integrity, Audit
C) Confidentiality, Integrity, Availability
D) Control, Integrity, Availability
✔✔ C) Confidentiality, Integrity, Availability
Which framework provides guidelines for establishing an Information Security Management
System (ISMS)?
A) COBIT
B) NIST
C) ISO/IEC 27001
D) ITIL
✔✔ C) ISO/IEC 27001
What is the purpose of a risk assessment in information security?
A) To identify assets
B) To evaluate the effectiveness of security policies
C) To identify and evaluate risks
2
,D) To develop incident response plans
✔✔ C) To identify and evaluate risks
Which of the following is an example of a physical security control?
A) Passwords
B) Firewalls
C) Security cameras
D) Data encryption
✔✔ C) Security cameras
What type of attack involves overwhelming a system to disrupt services?
A) Phishing
B) Denial of Service (DoS)
C) Man-in-the-Middle
D) Social Engineering
✔✔ B) Denial of Service (DoS)
What is the role of security awareness training for employees?
3
, A) To promote software use
B) To enhance knowledge of security threats
C) To teach coding skills
D) To reduce the need for IT staff
✔✔ B) To enhance knowledge of security threats
What is a security incident?
A) A planned audit of security protocols
B) Any event that compromises the integrity of information
C) Regular updates to security software
D) A security awareness seminar
✔✔ B) Any event that compromises the integrity of information
How often should security policies be reviewed?
A) Every five years
B) Only when a security breach occurs
C) Regularly, at least annually
D) Never, once created
4
