Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CIPS
  5. L6M7

CIPS L6M7 Exam Questions
Commercial Data Management (Page 7 )

Updated On: 16-Feb-2026
Page 3 of 18
PDF with 83 Questions

David works in the Accounts department of Touchdown Ltd. He has received an email from a sender he is unfamiliar with. The email asks him to look at an invoice which the sender believes includes an error. There is an attachment to the email. David has recently undergone Cyber Security training and is suspicious of the email.
What type of security threat does David think the email contains?

  1. Hacking
  2. Phishing
  3. Social engineering
  4. SQL injection

Answer(s): B

Explanation:

This is an example of a phishing email. Phishing is when a cybercriminal tries to do something malicious like steal data or put a virus on your computer by deceiving the user. In this case, they're pretending to be a supplier and want David to open an email attachment, which is probably not an invoice. See p.148
Domain: 3.1



In relation to cyber security, what would be the benefit of a public sector organisation joining a Group Purchasing Organisation (GPO)?

  1. The GPO can result in cost savings for the organisation due to aggregate spending
  2. The GPO is a third party who can host data on behalf of members, thus reducing the risk of hacking
  3. The GPO takes on the burden of checking suppliers' security policies and procedures
  4. The GPO provides training on cyber security to public sector organisations

Answer(s): C

Explanation:

A GPO is the same as a Buying Consortium--it's when multiple organisations pool resources and procure together. The GPO/Consortium does the legwork for procurement activities such as vetting suppliers. This is one advantage of using them--they have the expertise to weed out unsuitable suppliers. Option A is a true statement but doesn't relate to cyber security. P.167 Domain: 3.1



Zach is the Head of Procurement at a super secret military base. He does not want anyone outside of the base to know what he is procuring or which suppliers he uses as this information could be critical to national defence. He is aware that cyber criminals may be interested in stealing this information so he has decided to disconnect critical machines and systems from the internet.
What is this approach to data security known as?

  1. Unsyncing
  2. Non-repudiation
  3. Filtering
  4. Air-gapping

Answer(s): D

Explanation:

This is air-gapping. Air-gapping is when you disconnect from an outside network such as the internet.
P.171
Domain: 3.1



Wiggles Ltd works closely with a supplier called Waggles Incorporated. They are considering a merger but this is not yet public knowledge. The CEOs of each organisation have acknowledged the risk of cyber security in relation to the negotiation and have decided to restrict communications between the organisations on the matter to only a few select individuals.
What form of cyber threat does this reduce?

  1. Installation of malware on hardware devices
  2. Social engineering and phishing
  3. Spreading of rumours
  4. Denial of service

Answer(s): B

Explanation:

If most employees at Wiggles and Waggles don't know the information, they are pointless targets for social engineering. You can only get information from someone who knows something. Option C is incorrect--although restricting information will reduce rumours, this isn't a cyber threat. P.170 Domain: 3.1



Oliver has recently purchased some USB drives for his team. These are small portable storage devices that can hold dat

  1. He has sought assurances from the manufacturer that these are safe to use and do not contain viruses.
    Which of the following should he receive?
  2. A warranty
  3. A guarantee
  4. Evidence of quality assurance testing
  5. Evidence the packaging has not been tampered with

Answer(s): C

Explanation:

The manufacturer should provide evidence that the USB devices have been quality assured prior to purchase. Options A and B are incorrect because these relate to the items being fit for purpose for the next couple of years, rather than ensuring there isn't any virus on them now. Option D is also incorrect because it's possible for viruses to be installed on the device before it's packaged. P.177 Domain: 3.2






Post your Comments and Discuss CIPS L6M7 exam dumps with other Community members:

Join the L6M7 Discussion