Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CIPS
  3. L6M7

CIPS L6M7 Exam (page: 1)
CIPS Commercial Data Management
Updated on: 12-Feb-2026

Viewing Page 1 of 12
L6M7 PDF 83 Questions

Which of the following approaches to cyber security takes a bottom-up approach to assessing vulnerabilities meticulously item by item?

  1. system approach
  2. technology approach
  3. elementary approach
  4. component approach

Answer(s): D

Explanation:

This is the component approach - it looks at each individual component (each part of the IT system) in turn to check its okay.
When a component is not directly controlled by the organisation (e.g. something to do with a supplier) this is called a dependency. Component approach is a bottom-up approach and is the opposite of the top-down approach which is called the 'system driven approach'.
P.179
Domain: 3.2



Data Processing includes which of the following steps?

  1. Acquisition
  2. Reporting
  3. Controlling
  4. Processing
  5. Storing

Answer(s): A,B,D,E

Explanation:

The Data Processing cycle is acquisition - processing - reporting- storing. Do learn this off by heart. The term processing means anything from using data, to altering it, to moving it or publishing it. Data controller is a person or organisation that determines how the data is processed, but it's rarely used as a verb (you don't say I'm 'controlling' the data'). P. 121 Domain: 2.3



Francis bought a car 4 years ago and is unsure if the company has any data on her.
What can Francis do?

  1. Make a Subject Access Request
  2. Make a Freedom of Information Request
  3. Nothing - the car company will not have data on her as this was 4 years ago
  4. Nothing - the car company does not need to reveal what information it holds about customers

Answer(s): A

Explanation:

Francis can make a Subject Access Request. This is when you ask what data do you hold about me. The company must respond within 40 calendar days. A Freedom of Information request is different-this is when a member of the public asks the government to reveal information such as 'how much money have you spent on replacing toilet seats in Parliament?'. P.127 Domain: 2.3



In order to keep data secure, which three things should be considered?

  1. Access, accuracy, confidentiality
  2. Location, availability, access
  3. Integrity, location, format
  4. Confidentiality, availability, integrity

Answer(s): D

Explanation:

This is the CIA triangle which is from p.143. The three aspects are the three corners of the triangle. Remember this one for the exam as I've heard it comes up frequently. Just remember data security = CIA = confidentiality, integrity and availability.
Domain: 3.1



A person who enters into another person's computer via illegal means for personal gain, for example to steal data which will benefit them personally, is known as what?

  1. Black-hat hacker
  2. White-hat hacker
  3. Black swan
  4. White swan

Answer(s): A

Explanation:

This is a black hat hacker. The colour of hat the hacker wears describes their motivation. Black is bad, white is good and grey means they're hacking on behalf of a government. Black swan is about finding patterns in data that don't exist and came up in an earlier chapter. Black-hat hacking is from p.147. I don't think hackers are obliged to wear hats, it's probably just a metaphor, but I've never met one to ask.
Domain: 3.1



David works in the Accounts department of Touchdown Ltd. He has received an email from a sender he is unfamiliar with. The email asks him to look at an invoice which the sender believes includes an error. There is an attachment to the email. David has recently undergone Cyber Security training and is suspicious of the email.
What type of security threat does David think the email contains?

  1. Hacking
  2. Phishing
  3. Social engineering
  4. SQL injection

Answer(s): B

Explanation:

This is an example of a phishing email. Phishing is when a cybercriminal tries to do something malicious like steal data or put a virus on your computer by deceiving the user. In this case, they're pretending to be a supplier and want David to open an email attachment, which is probably not an invoice. See p.148
Domain: 3.1



In relation to cyber security, what would be the benefit of a public sector organisation joining a Group Purchasing Organisation (GPO)?

  1. The GPO can result in cost savings for the organisation due to aggregate spending
  2. The GPO is a third party who can host data on behalf of members, thus reducing the risk of hacking
  3. The GPO takes on the burden of checking suppliers' security policies and procedures
  4. The GPO provides training on cyber security to public sector organisations

Answer(s): C

Explanation:

A GPO is the same as a Buying Consortium--it's when multiple organisations pool resources and procure together. The GPO/Consortium does the legwork for procurement activities such as vetting suppliers. This is one advantage of using them--they have the expertise to weed out unsuitable suppliers. Option A is a true statement but doesn't relate to cyber security. P.167 Domain: 3.1



Zach is the Head of Procurement at a super secret military base. He does not want anyone outside of the base to know what he is procuring or which suppliers he uses as this information could be critical to national defence. He is aware that cyber criminals may be interested in stealing this information so he has decided to disconnect critical machines and systems from the internet.
What is this approach to data security known as?

  1. Unsyncing
  2. Non-repudiation
  3. Filtering
  4. Air-gapping

Answer(s): D

Explanation:

This is air-gapping. Air-gapping is when you disconnect from an outside network such as the internet.
P.171
Domain: 3.1



Viewing Page 1 of 12



Share your comments for CIPS L6M7 exam with other users:

Mayur Shermale 11/23/2023 12:22:00 AM

its intresting, i would like to learn more abouth this
JAPAN


JM 12/19/2023 2:23:00 PM

q252: dns poisoning is the correct answer, not locator redirection. beaconing is detected from a host. this indicates that the system has been infected with malware, which could be the source of local dns poisoning. location redirection works by either embedding the redirection in the original websites code or having a user click on a url that has an embedded redirect. since users at a different office are not getting redirected, it isnt an embedded redirection on the original website and since the user is manually typing in the url and not clicking a link, it isnt a modified link.
UNITED STATES


Freddie 12/12/2023 12:37:00 PM

helpful dump questions
SOUTH AFRICA


Da Costa 8/25/2023 7:30:00 AM

question 423 eigrp uses metric
Anonymous


Bsmaind 8/20/2023 9:22:00 AM

hello nice dumps
Anonymous


beau 1/12/2024 4:53:00 PM

good resource for learning
UNITED STATES


Sandeep 12/29/2023 4:07:00 AM

very useful
Anonymous


kevin 9/29/2023 8:04:00 AM

physical tempering techniques
Anonymous


Blessious Phiri 8/15/2023 4:08:00 PM

its giving best technical knowledge
Anonymous


Testbear 6/13/2023 11:15:00 AM

please upload
ITALY


shime 10/24/2023 4:23:00 AM

great question with explanation thanks!!
ETHIOPIA


Thembelani 5/30/2023 2:40:00 AM

does this exam have lab sections?
Anonymous


Shin 9/8/2023 5:31:00 AM

please upload
PHILIPPINES


priti kagwade 7/22/2023 5:17:00 AM

please upload the braindump for .net
UNITED STATES


Robe 9/27/2023 8:15:00 PM

i need this exam 1z0-1107-2. please.
Anonymous


Chiranthaka 9/20/2023 11:22:00 AM

very useful!
Anonymous


Not Miguel 11/26/2023 9:43:00 PM

for this question - "which three type of basic patient or member information is displayed on the patient info component? (choose three.)", list of conditions is not displayed (it is displayed in patient card, not patient info). so should be thumbnail of chatter photo
Anonymous


Andrus 12/17/2023 12:09:00 PM

q52 should be d. vm storage controller bandwidth represents the amount of data (in terms of bandwidth) that a vms storage controller is using to read and write data to the storage fabric.
Anonymous


Raj 5/25/2023 8:43:00 AM

nice questions
UNITED STATES


max 12/22/2023 3:45:00 PM

very useful
Anonymous


Muhammad Rawish Siddiqui 12/8/2023 6:12:00 PM

question # 208: failure logs is not an example of operational metadata.
SAUDI ARABIA


Sachin Bedi 1/5/2024 4:47:00 AM

good questions
Anonymous


Kenneth 12/8/2023 7:34:00 AM

thank you for the test materials!
KOREA REPUBLIC OF


Harjinder Singh 8/9/2023 4:16:00 AM

its very helpful
HONG KONG


SD 7/13/2023 12:56:00 AM

good questions
UNITED STATES


kanjoe 7/2/2023 11:40:00 AM

good questons
UNITED STATES


Mahmoud 7/6/2023 4:24:00 AM

i need the dumb of the hcip security v4.0 exam
EGYPT


Wei 8/3/2023 4:18:00 AM

upload the dump please
HONG KONG


Stephen 10/3/2023 6:24:00 PM

yes, iam looking this
AUSTRALIA


Stephen 8/4/2023 9:08:00 PM

please upload cima e2 managing performance dumps
Anonymous


hp 6/16/2023 12:44:00 AM

wonderful questions
Anonymous


Priyo 11/14/2023 2:23:00 AM

i used this site since 2000, still great to support my career
INDONESIA


Jude 8/29/2023 1:56:00 PM

why is the answer to "which of the following is required by scrum?" all of the following stated below since most of them are not mandatory? sprint retrospective. members must be stand up at the daily scrum. sprint burndown chart. release planning.
UNITED STATES


Marc blue 9/15/2023 4:11:00 AM

great job. hope this helps out.
UNITED STATES