CIPS L6M7 Exam Questions Instant Access - No Installation Required

Question 1

Henry is the Head of IT at Purple Rain Ltd and is presenting a case to the Senior Leadership Team to ask for more investment in the company's IT strategy. Henry believes the company has an issue with data resilience and is asking for more money to be invested in this. He has completed a Business Impact Assessment (BIA) to better understand what data the company holds. Jon is the Head of Procurement and has listened intently to Henry's presentation. He has decided to go back to his department and complete a thorough risk assessment, as he is aware his team holds a lot of data on suppliers and contracts. The CEO of Purple Rain, Roger Nelson, has asked Henry about next steps in order to protect the company from further risks associated with the IT strategy. Data is currently stored on servers located at Purple Rain's Headquarters. The server room is locked at all times of the day and is only accessible to staff members who have a key. The building itself is extremely secure with CCTV systems located both inside the server room and outside it. However, the server room is prone to overheating.

What is Henry's primary concern?

AThe accuracy of the data is questionable

BThere is a lack of data to inform business requirements

CThe company may not be able to recover quickly from disruption

DThe data has gone missing

Answer : C

Data resilience refers to a company's ability to recover quickly from disruption, such as power outages or physical damage (e.g., flooding of IT equipment). Henry's concern is that the current setup lacks resilience in case of an incident. (P.102)

Question 2

What are the three size characteristics of 'Big Data'? Select THREE.

AVolume

BVariety

CVeracity

DVelocity

EVerity

Answer : A, B, D

The Three Vs of Big Data are:

Volume = Large size

Variety = Different data types (text, images, etc.)

Velocity = The speed at which data is generated

Question 3

Data Processing includes which of the following steps?

AAcquisition

BReporting

CControlling

DProcessing

EStoring

Answer : A, B, D, E

The Data Processing cycle is acquisition - processing - reporting- storing. Do learn this off by heart. The term processing means anything from using data, to altering it, to moving it or publishing it. Data controller is a person or organisation that determines how the data is processed, but it's rarely used as a verb (you don't say I'm 'controlling' the data'). P. 121

Domain: 2.3

Question 4

Zach is the Head of Procurement at a super secret military base. He does not want anyone outside of the base to know what he is procuring or which suppliers he uses as this information could be critical to national defence. He is aware that cyber criminals may be interested in stealing this information so he has decided to disconnect critical machines and systems from the internet. What is this approach to data security known as?

AUnsyncing

BNon-repudiation

CFiltering

DAir-gapping

Answer : D

This is air-gapping. Air-gapping is when you disconnect from an outside network such as the internet. P.171

Domain: 3.1

Question 5

Wiggles Ltd works closely with a supplier called Waggles Incorporated. They are considering a merger but this is not yet public knowledge. The CEOs of each organisation have acknowledged the risk of cyber security in relation to the negotiation and have decided to restrict communications between the organisations on the matter to only a few select individuals. What form of cyber threat does this reduce?

AInstallation of malware on hardware devices

BSocial engineering and phishing

CSpreading of rumours

DDenial of service

Answer : B

If most employees at Wiggles and Waggles don't know the information, they are pointless targets for social engineering. You can only get information from someone who knows something. Option C is incorrect---although restricting information will reduce rumours, this isn't a cyber threat. P.170

Domain: 3.1

Question 6

What should Henry's next steps be?

ASubmit a budget request to increase the IT Security budget

BTrain all members of staff in the importance of password-protecting their work and the dangers of phishing

CContract a third-party cloud storage provider to manage the data on behalf of Purple Rain Ltd

DComplete a Priority Assessment and Recovery Objectives

Answer : D

Given Henry's focus on data resilience, the next logical step is to complete a Priority Assessment and define Recovery Objectives. This will help identify which data and systems are most at risk and require immediate attention in the Data Resilience Plan. (P.105)

Question 7

In relation to cyber security, what would be the benefit of a public sector organisation joining a Group Purchasing Organisation (GPO)?

AThe GPO can result in cost savings for the organisation due to aggregate spending

BThe GPO is a third party who can host data on behalf of members, thus reducing the risk of hacking

CThe GPO takes on the burden of checking suppliers' security policies and procedures

DThe GPO provides training on cyber security to public sector organisations

Answer : C

A GPO is the same as a Buying Consortium---it's when multiple organisations pool resources and procure together. The GPO/Consortium does the legwork for procurement activities such as vetting suppliers. This is one advantage of using them---they have the expertise to weed out unsuitable suppliers. Option A is a true statement but doesn't relate to cyber security. P.167

Domain: 3.1

CIPS Commercial Data Management L6M7 Exam Questions