Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
All Vendors
  2. Home
  3. Exams
  4. CIPS
  5. L6M7

Free CIPS L6M7 Exam Questions (page: 5)

Page 2 of 12
PDF with 83 Questions

Which of the following approaches to cyber security takes a bottom-up approach to assessing vulnerabilities meticulously item by item?

  1. system approach
  2. technology approach
  3. elementary approach
  4. component approach

Answer(s): D

Explanation:

This is the component approach - it looks at each individual component (each part of the IT system) in turn to check its okay.
When a component is not directly controlled by the organisation (e.g. something to do with a supplier) this is called a dependency. Component approach is a bottom-up approach and is the opposite of the top-down approach which is called the 'system driven approach'.
P.179
Domain: 3.2



Data Processing includes which of the following steps?

  1. Acquisition
  2. Reporting
  3. Controlling
  4. Processing
  5. Storing

Answer(s): A,B,D,E

Explanation:

The Data Processing cycle is acquisition - processing - reporting- storing. Do learn this off by heart. The term processing means anything from using data, to altering it, to moving it or publishing it. Data controller is a person or organisation that determines how the data is processed, but it's rarely used as a verb (you don't say I'm 'controlling' the data'). P. 121 Domain: 2.3



Francis bought a car 4 years ago and is unsure if the company has any data on her.
What can Francis do?

  1. Make a Subject Access Request
  2. Make a Freedom of Information Request
  3. Nothing - the car company will not have data on her as this was 4 years ago
  4. Nothing - the car company does not need to reveal what information it holds about customers

Answer(s): A

Explanation:

Francis can make a Subject Access Request. This is when you ask what data do you hold about me. The company must respond within 40 calendar days. A Freedom of Information request is different-this is when a member of the public asks the government to reveal information such as 'how much money have you spent on replacing toilet seats in Parliament?'. P.127 Domain: 2.3



In order to keep data secure, which three things should be considered?

  1. Access, accuracy, confidentiality
  2. Location, availability, access
  3. Integrity, location, format
  4. Confidentiality, availability, integrity

Answer(s): D

Explanation:

This is the CIA triangle which is from p.143. The three aspects are the three corners of the triangle. Remember this one for the exam as I've heard it comes up frequently. Just remember data security = CIA = confidentiality, integrity and availability.
Domain: 3.1



A person who enters into another person's computer via illegal means for personal gain, for example to steal data which will benefit them personally, is known as what?

  1. Black-hat hacker
  2. White-hat hacker
  3. Black swan
  4. White swan

Answer(s): A

Explanation:

This is a black hat hacker. The colour of hat the hacker wears describes their motivation. Black is bad, white is good and grey means they're hacking on behalf of a government. Black swan is about finding patterns in data that don't exist and came up in an earlier chapter. Black-hat hacking is from p.147. I don't think hackers are obliged to wear hats, it's probably just a metaphor, but I've never met one to ask.
Domain: 3.1



David works in the Accounts department of Touchdown Ltd. He has received an email from a sender he is unfamiliar with. The email asks him to look at an invoice which the sender believes includes an error. There is an attachment to the email. David has recently undergone Cyber Security training and is suspicious of the email.
What type of security threat does David think the email contains?

  1. Hacking
  2. Phishing
  3. Social engineering
  4. SQL injection

Answer(s): B

Explanation:

This is an example of a phishing email. Phishing is when a cybercriminal tries to do something malicious like steal data or put a virus on your computer by deceiving the user. In this case, they're pretending to be a supplier and want David to open an email attachment, which is probably not an invoice. See p.148
Domain: 3.1



In relation to cyber security, what would be the benefit of a public sector organisation joining a Group Purchasing Organisation (GPO)?

  1. The GPO can result in cost savings for the organisation due to aggregate spending
  2. The GPO is a third party who can host data on behalf of members, thus reducing the risk of hacking
  3. The GPO takes on the burden of checking suppliers' security policies and procedures
  4. The GPO provides training on cyber security to public sector organisations

Answer(s): C

Explanation:

A GPO is the same as a Buying Consortium--it's when multiple organisations pool resources and procure together. The GPO/Consortium does the legwork for procurement activities such as vetting suppliers. This is one advantage of using them--they have the expertise to weed out unsuitable suppliers. Option A is a true statement but doesn't relate to cyber security. P.167 Domain: 3.1



Zach is the Head of Procurement at a super secret military base. He does not want anyone outside of the base to know what he is procuring or which suppliers he uses as this information could be critical to national defence. He is aware that cyber criminals may be interested in stealing this information so he has decided to disconnect critical machines and systems from the internet.
What is this approach to data security known as?

  1. Unsyncing
  2. Non-repudiation
  3. Filtering
  4. Air-gapping

Answer(s): D

Explanation:

This is air-gapping. Air-gapping is when you disconnect from an outside network such as the internet.
P.171
Domain: 3.1



Viewing page 5 of 12



Post your Comments and Discuss CIPS L6M7 exam prep with other Community members:

L6M7 Exam Discussions & Posts