Which of the following approaches to cyber security takes a bottom-up approach to assessing vulnerabilities meticulously item by item?
Answer(s): D
This is the component approach - it looks at each individual component (each part of the IT system) in turn to check its okay. When a component is not directly controlled by the organisation (e.g. something to do with a supplier) this is called a dependency. Component approach is a bottom-up approach and is the opposite of the top-down approach which is called the 'system driven approach'.P.179Domain: 3.2
Data Processing includes which of the following steps?
Answer(s): A,B,D,E
The Data Processing cycle is acquisition - processing - reporting- storing. Do learn this off by heart. The term processing means anything from using data, to altering it, to moving it or publishing it. Data controller is a person or organisation that determines how the data is processed, but it's rarely used as a verb (you don't say I'm 'controlling' the data'). P. 121 Domain: 2.3
Francis bought a car 4 years ago and is unsure if the company has any data on her. What can Francis do?
Answer(s): A
Francis can make a Subject Access Request. This is when you ask what data do you hold about me. The company must respond within 40 calendar days. A Freedom of Information request is different-this is when a member of the public asks the government to reveal information such as 'how much money have you spent on replacing toilet seats in Parliament?'. P.127 Domain: 2.3
In order to keep data secure, which three things should be considered?
This is the CIA triangle which is from p.143. The three aspects are the three corners of the triangle. Remember this one for the exam as I've heard it comes up frequently. Just remember data security = CIA = confidentiality, integrity and availability.Domain: 3.1
A person who enters into another person's computer via illegal means for personal gain, for example to steal data which will benefit them personally, is known as what?
This is a black hat hacker. The colour of hat the hacker wears describes their motivation. Black is bad, white is good and grey means they're hacking on behalf of a government. Black swan is about finding patterns in data that don't exist and came up in an earlier chapter. Black-hat hacking is from p.147. I don't think hackers are obliged to wear hats, it's probably just a metaphor, but I've never met one to ask.Domain: 3.1
David works in the Accounts department of Touchdown Ltd. He has received an email from a sender he is unfamiliar with. The email asks him to look at an invoice which the sender believes includes an error. There is an attachment to the email. David has recently undergone Cyber Security training and is suspicious of the email. What type of security threat does David think the email contains?
Answer(s): B
This is an example of a phishing email. Phishing is when a cybercriminal tries to do something malicious like steal data or put a virus on your computer by deceiving the user. In this case, they're pretending to be a supplier and want David to open an email attachment, which is probably not an invoice. See p.148Domain: 3.1
In relation to cyber security, what would be the benefit of a public sector organisation joining a Group Purchasing Organisation (GPO)?
Answer(s): C
A GPO is the same as a Buying Consortium--it's when multiple organisations pool resources and procure together. The GPO/Consortium does the legwork for procurement activities such as vetting suppliers. This is one advantage of using them--they have the expertise to weed out unsuitable suppliers. Option A is a true statement but doesn't relate to cyber security. P.167 Domain: 3.1
Zach is the Head of Procurement at a super secret military base. He does not want anyone outside of the base to know what he is procuring or which suppliers he uses as this information could be critical to national defence. He is aware that cyber criminals may be interested in stealing this information so he has decided to disconnect critical machines and systems from the internet. What is this approach to data security known as?
This is air-gapping. Air-gapping is when you disconnect from an outside network such as the internet.P.171Domain: 3.1
Share your comments for CIPS L6M7 exam with other users:
number 52 answer is d
just started preparing for my exam , and this site is so much help
question 35 is incorrect, the correct answer is c, it even states so: explanation: when a vm is infected with ransomware, you should not restore the vm to the infected vm. this is because the ransomware will still be present on the vm, and it will encrypt the files again. you should also not restore the vm to any vm within the companys subscription. this is because the ransomware could spread to other vms in the subscription. the best way to restore a vm that is infected with ransomware is to restore it to a new azure vm. this will ensure that the ransomware is not present on the new vm.
i would like to take psm1 exam.
cbd and pdb are key to the database
the purchase and download process is very much streamlined. the xengine application is very nice and user-friendly but there is always room for improvement.
please upload p_sapea_2023
anyone use this? the question dont seem to follow other formats and terminology i have been studying im getting worried
good questions
hello are these questions valid for ms-102
some questions are wrongly answered but its good nonetheless
how to get system serial number using intune
is it really helpful to pass the exam
#229 in incorrect - all the customers require an annual review
kindy upload
fantastic assessment on psm 1
56 question correct answer a,b
thank you for providing the q bank
true quesstions
i can´t believe ms asks things like this, seems to be only marketing material.
hi, could you please add the last update of ns0-527
question #3 refers to vnet4 and vnet5. however, there is no vnet5 listed in the case study (testlet 2).
sometimes it may be good some times it may be
qs 4 answer seems wrong- please check
very detailed explanation !
the interactive nature of the test engine application makes the preparation process less boring.
very useful.
complete question dump should be made available for practice.
i just passed my first exam. i got 2 exam dumps as part of the 50% sale. my second exam is under work. once i write that exam i report my result. but so far i am confident.
nice create dewey stefen
i just wrote this exam and it is still valid. the questions are exactly the same but there are about 4 or 5 questions that are answered incorrectly. so watch out for those. best of luck with your exam.
passed my exam today. this is a good start to 2023.
great sharing
very helpful