CIPS L6M7 Exam Practice Test Instant Access

Question 1

Zach is the Head of Procurement at a super secret military base. He does not want anyone outside of the base to know what he is procuring or which suppliers he uses as this information could be critical to national defence. He is aware that cyber criminals may be interested in stealing this information so he has decided to disconnect critical machines and systems from the internet. What is this approach to data security known as?

AUnsyncing

BNon-repudiation

CFiltering

DAir-gapping

Answer : D

This is air-gapping. Air-gapping is when you disconnect from an outside network such as the internet. P.171

Domain: 3.1

Question 2

Henry is the Head of IT at Purple Rain Ltd and is presenting a case to the Senior Leadership Team to ask for more investment in the company's IT strategy. Henry believes the company has an issue with data resilience and is asking for more money to be invested in this. He has completed a Business Impact Assessment (BIA) to better understand what data the company holds. Jon is the Head of Procurement and has listened intently to Henry's presentation. He has decided to go back to his department and complete a thorough risk assessment, as he is aware his team holds a lot of data on suppliers and contracts. The CEO of Purple Rain, Roger Nelson, has asked Henry about next steps in order to protect the company from further risks associated with the IT strategy. Data is currently stored on servers located at Purple Rain's Headquarters. The server room is locked at all times of the day and is only accessible to staff members who have a key. The building itself is extremely secure with CCTV systems located both inside the server room and outside it. However, the server room is prone to overheating.

What is the biggest risk to the data?

ASupply chain issues

BEquipment failure or malfunction

CWorkforce issues

DPhysical break-ins or hacking

Answer : B

The most significant risk in this scenario is equipment failure or malfunction due to the overheating server room. If the servers overheat and fail, it could lead to data loss or system downtime. (P.106)

Question 3

Fluffy Pillows Ltd has recently expanded its operations and has hired more staff. These staff will work remotely, and because of this, Fluffy Pillows Ltd is in need of buying and upgrading their IT systems. The CEO of Fluffy Pillows is examining the security of currently held data in preparation for the expansion and has recently completed a document that looks into what data is stored where and what the consequences would be if this data were to be stolen or corrupted. In his research, he has found multiple data entries for the same information, which he believes could lead to inaccuracies in data reporting. He is also concerned that the data isn't being stored securely and is unsure whether he should retain some of the confidential personal details on employees who have left the business. He has decided that along with the introduction of new systems, it is important that all members of staff at Fluffy Pillows are aware of the responsibilities of storing data correctly and the risks of cyber attacks.

How can Fluffy Pillows ensure data is accessible for the new staff members who work from home?

ACloud storage

BUSB devices

CPortable laptops

DNetwork Attached Storage

Answer : A

Cloud storage is the answer. All the new people will be working in different places, so there needs to be a central place for them to access documents. Physical storage options such as USBs, laptops, and network-attached storage devices wouldn't work.

Domain: Scenario

Question 4

Data Processing includes which of the following steps?

AAcquisition

BReporting

CControlling

DProcessing

EStoring

Answer : A, B, D, E

The Data Processing cycle is acquisition - processing - reporting- storing. Do learn this off by heart. The term processing means anything from using data, to altering it, to moving it or publishing it. Data controller is a person or organisation that determines how the data is processed, but it's rarely used as a verb (you don't say I'm 'controlling' the data'). P. 121

Domain: 2.3

Question 5

In relation to cyber security, what would be the benefit of a public sector organisation joining a Group Purchasing Organisation (GPO)?

AThe GPO can result in cost savings for the organisation due to aggregate spending

BThe GPO is a third party who can host data on behalf of members, thus reducing the risk of hacking

CThe GPO takes on the burden of checking suppliers' security policies and procedures

DThe GPO provides training on cyber security to public sector organisations

Answer : C

A GPO is the same as a Buying Consortium---it's when multiple organisations pool resources and procure together. The GPO/Consortium does the legwork for procurement activities such as vetting suppliers. This is one advantage of using them---they have the expertise to weed out unsuitable suppliers. Option A is a true statement but doesn't relate to cyber security. P.167

Domain: 3.1

Question 6

What are the three size characteristics of 'Big Data'? Select THREE.

AVolume

BVariety

CVeracity

DVelocity

EVerity

Answer : A, B, D

The Three Vs of Big Data are:

Volume = Large size

Variety = Different data types (text, images, etc.)

Velocity = The speed at which data is generated

Question 7

A person who enters into another person's computer via illegal means for personal gain, for example to steal data which will benefit them personally, is known as what?

ABlack-hat hacker

BWhite-hat hacker

CBlack swan

DWhite swan

Answer : A

This is a black hat hacker. The colour of hat the hacker wears describes their motivation. Black is bad, white is good and grey means they're hacking on behalf of a government. Black swan is about finding patterns in data that don't exist and came up in an earlier chapter. Black-hat hacking is from p.147. I don't think hackers are obliged to wear hats, it's probably just a metaphor, but I've never met one to ask.

Domain: 3.1

CIPS Commercial Data Management L6M7 Exam Practice Test