CISMP FINAL EXAM REVIEW
QUESTIONS (SOLVED)
Which of the following doesn't apply to risk?
a) Risk is the effect of uncertainty on objectives
b) When assessing risk you should take into account the consequence and likelihood of security
incidents
c) Risk is the possibility that a threat actor will exploit a vulnerability to create a security incident
d) In order to assess risk you will need an understanding of your organisation's assets and its
vulnerabilities, as well as the threats, both internal and external, that it faces - C
Which of the following is true?
a) An unpatched web server is a threat
b) An unencrypted corporate wireless LAN is a threat
c) Both of the above
d) None of the above - D
Which of the following is not a vulnerability?
a) A misconfigured firewall
b) A script kiddie
c) Both of the above
d) None of the above - B
ISMS stands for...
a) Integrated Security Management System
b) Information System Managed Security
c) Information Security Management System
d) Integrated System for Managed Security - C
When accessing an IT system, the order of events is...
a) Authentication, Identification, Authorisation
b) Identification, Authorisation, Authentication
c) Authorisation, Identification, Authentication
d) None of the above - D
, According to NIST definitions, which of the following is not an essential characteristic of cloud
computing?
a) Access through value-added networks using proprietary protocols
b) Rapid elasticity
c) Location-independent resource pooling
d) On-demand self-service - A
A web service available to the public has been compromised. The hackers were able to copy
passwords and modify them. Which information security principles will have been violated by
the breach?
a) Confidentiality and integrity only
b) Integrity and availability only
c) Availability and confidentiality only
d) Confidentiality, integrity and availability - D
When considering the deployment of a new information system, which of the following is
correct?
a) The system should be accredited before being certified
b) Certification is a formal assessment of the information system against information assurance
requirements, resulting in the acceptance of residual risk in the context of business
requirements and formal approval by management
c) Accreditation is a comprehensive assessment of the system's security controls to determine
whether they meet the security requirements of the system
d) The system should be certified before being accredited - D
When valuing an asset, what should you take into consideration? Select the best answer.
a) Its replacement cost
b) Lost revenue while the asset is unavailable
c) Lost business owing to repetitional damage
d) All of the above - D
Which of the following is a tangible asset?
a) Brand image
b) A data record stored on a hard drive
c) Reputation
d) None of the above - B
Which of the following lists UK Government data classifications (in decreasing order of
sensitivity and criticality)?
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper Knowledgekings. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €4,48. Je zit daarna nergens aan vast.
