Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CIPS
  5. L6M7

CIPS L6M7 Exam Questions
Commercial Data Management (Page 2 )

Updated On: 16-Feb-2026
Page 2 of 18
PDF with 83 Questions

Which of the following approaches to cyber security takes a bottom-up approach to assessing vulnerabilities meticulously item by item?

  1. system approach
  2. technology approach
  3. elementary approach
  4. component approach

Answer(s): D

Explanation:

This is the component approach - it looks at each individual component (each part of the IT system) in turn to check its okay.
When a component is not directly controlled by the organisation (e.g. something to do with a supplier) this is called a dependency. Component approach is a bottom-up approach and is the opposite of the top-down approach which is called the 'system driven approach'.
P.179
Domain: 3.2



Data Processing includes which of the following steps?

  1. Acquisition
  2. Reporting
  3. Controlling
  4. Processing
  5. Storing

Answer(s): A,B,D,E

Explanation:

The Data Processing cycle is acquisition - processing - reporting- storing. Do learn this off by heart. The term processing means anything from using data, to altering it, to moving it or publishing it. Data controller is a person or organisation that determines how the data is processed, but it's rarely used as a verb (you don't say I'm 'controlling' the data'). P. 121 Domain: 2.3



Francis bought a car 4 years ago and is unsure if the company has any data on her.
What can Francis do?

  1. Make a Subject Access Request
  2. Make a Freedom of Information Request
  3. Nothing - the car company will not have data on her as this was 4 years ago
  4. Nothing - the car company does not need to reveal what information it holds about customers

Answer(s): A

Explanation:

Francis can make a Subject Access Request. This is when you ask what data do you hold about me. The company must respond within 40 calendar days. A Freedom of Information request is different-this is when a member of the public asks the government to reveal information such as 'how much money have you spent on replacing toilet seats in Parliament?'. P.127 Domain: 2.3



In order to keep data secure, which three things should be considered?

  1. Access, accuracy, confidentiality
  2. Location, availability, access
  3. Integrity, location, format
  4. Confidentiality, availability, integrity

Answer(s): D

Explanation:

This is the CIA triangle which is from p.143. The three aspects are the three corners of the triangle. Remember this one for the exam as I've heard it comes up frequently. Just remember data security = CIA = confidentiality, integrity and availability.
Domain: 3.1



A person who enters into another person's computer via illegal means for personal gain, for example to steal data which will benefit them personally, is known as what?

  1. Black-hat hacker
  2. White-hat hacker
  3. Black swan
  4. White swan

Answer(s): A

Explanation:

This is a black hat hacker. The colour of hat the hacker wears describes their motivation. Black is bad, white is good and grey means they're hacking on behalf of a government. Black swan is about finding patterns in data that don't exist and came up in an earlier chapter. Black-hat hacking is from p.147. I don't think hackers are obliged to wear hats, it's probably just a metaphor, but I've never met one to ask.
Domain: 3.1






Post your Comments and Discuss CIPS L6M7 exam dumps with other Community members:

Join the L6M7 Discussion