Question 1

Mo works in the finance department of Bubble Bear Ltd and is responsible for paying invoices to
suppliers. He is conscious that the data he receives may include errors, omissions, and duplications.
He wants to use IT to check the integrity of the data, as manual tests are time-consuming.
What action should Mo take?

Accepted Answer

A

Explanation: Mo should run a script, which is an automated process that checks for errors such as duplicates, missing values, and anomalies in the data. This significantly speeds up data validation compared to manual checking.

Question 2

Zach is the Head of Procurement at a super secret military base. He does not want anyone outside of
the base to know what he is procuring or which suppliers he uses as this information could be critical
to national defence. He is aware that cyber criminals may be interested in stealing this information
so he has decided to disconnect critical machines and systems from the internet. What is this
approach to data security known as?

Accepted Answer

D

Explanation: This is air-gapping. Air-gapping is when you disconnect from an outside network such as the internet. P.171 Domain: 3.1

Question 3

Which of the following is a type of firewall?

Accepted Answer

A

Explanation: A proxy is a type of firewall. It works at the IT application level rather than on a whole network. A firewall is a security measure that prevents unauthorized access to a system. P.184 Domain: 3.2

Question 4

Francis bought a car 4 years ago and is unsure if the company has any data on her. What can Francis do?

Accepted Answer

A

Explanation: Francis can make a Subject Access Request. This is when you ask what data do you hold about me. The company must respond within 40 calendar days. A Freedom of Information request is different- this is when a member of the public asks the government to reveal information such as 'how much money have you spent on replacing toilet seats in Parliament?'. P.127 Domain: 2.3

Question 5

The storage of data by a third party is commonly known as what?

Accepted Answer

B

Explanation: This is The Cloud, which may also be called 'cloud computing' or 'cloud storage.' It is commonly used in mobile phones to store data externally rather than on the device itself.

Question 6

Joe is a Supply Chain Manager at Crunchy Lettuce Incorporated and is responsible for multiple sets of
data on aspects of the business, including suppliers, customers, and manufacturing processes. Joe is
aware that the integrity of his data is extremely important as, without accurate data, he is unable to
plan effectively for future orders and deliveries.
Which of the following are ways in which data integrity can be affected? Select THREE.

Accepted Answer

A, B, C

Explanation: Commission: Data is mistakenly created, such as duplicate records. Omission: Data is accidentally deleted or not recorded. Manipulation: Data is changed incorrectly, such as an extra zero added to a value. Corruption is not included because it refers to data being unreadable or damaged rather than integrity being affected by an internal process. Corrosion refers to metal deterioration and is unrelated to data.

Question 7

Data Processing includes which of the following steps?

Accepted Answer

A, B, D, E

Explanation: The Data Processing cycle is acquisition - processing - reporting- storing. Do learn this off by heart. The term processing means anything from using data, to altering it, to moving it or publishing it. Data controller is a person or organisation that determines how the data is processed, but it's rarely used as a verb (you don't say I'm 'controlling' the data'). P. 121 Domain: 2.3

Question 8

Which of the following approaches to cyber security takes a bottom-up approach to assessing vulnerabilities meticulously item by item?

Accepted Answer

D

Explanation: This is the component approach - it looks at each individual component (each part of the IT system) in turn to check its okay. When a component is not directly controlled by the organisation (e.g. something to do with a supplier) this is called a dependency. Component approach is a bottom-up approach and is the opposite of the top-down approach which is called the 'system driven approach'. P.179 Domain: 3.2

Question 9

Below are details of 5 companies that use Big Dat a. Each company has a different type of data and applies different quality checks to ensure its accuracy. Instructions: Drag and drop the correct Data Type and Quality Check into the table for each company. Some options may not be used. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/CIPS_L6M7/page_39_img_1.jpg

Accepted Answer

Answer available on page.

Question 10

Below are details of five companies that have security issues related to their IT network or data storage. Each company is proposing a remedy to resolve the issue. Instructions: Drag and drop the correct Security Issue and Remedy into the table for each company. Some options may not be used. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/CIPS_L6M7/page_40_img_1.jpg

Accepted Answer

Answer available on page.

Question 11

Below are details of five companies that use smart sensors in their operations. Each sensor has a different purpose and a different way of transmitting data. Instructions: Drag and drop the correct Type of Sensor and Way of Transmitting Data into the appropriate boxes for each company. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/CIPS_L6M7/page_21_img_1.jpg

Accepted Answer

Answer available on page.

Question 12

Which of the following is a human risk in cybersecurity? Select ALL that apply.

Accepted Answer

B, D

Explanation: Human errors, such as using weak passwords and opening insecure attachments, are major risks in cybersecurity. Educating users on best security practices can help mitigate these threats. The other options relate to technical or system risks rather than human behavior. (P.173)

Question 13

Henry is the Head of IT at Purple Rain Ltd and is presenting a case to the Senior Leadership Team to
ask for more investment in the company's IT strategy. Henry believes the company has an issue with
data resilience and is asking for more money to be invested in this. He has completed a Business
Impact Assessment (BIA) to better understand what data the company holds. Jon is the Head of
Procurement and has listened intently to Henry's presentation. He has decided to go back to his
department and complete a thorough risk assessment, as he is aware his team holds a lot of data on
suppliers and contracts. The CEO of Purple Rain, Roger Nelson, has asked Henry about next steps in
order to protect the company from further risks associated with the IT strategy. Data is currently
stored on servers located at Purple Rain's Headquarters. The server room is locked at all times of the
day and is only accessible to staff members who have a key. The building itself is extremely secure
with CCTV systems located both inside the server room and outside it. However, the server room is
prone to overheating.
What would Procurement's main concern be?

Accepted Answer

A

Explanation: Procurement's primary concern is contractual penalties, as the case study focuses on suppliers and contracts. While delays, lost sales, and customer dissatisfaction are all potential impacts of data disruption, the most immediate risk for procurement is failing to meet contractual obligations. (P.104)

Question 14

Henry is the Head of IT at Purple Rain Ltd and is presenting a case to the Senior Leadership Team to
ask for more investment in the company's IT strategy. Henry believes the company has an issue with
data resilience and is asking for more money to be invested in this. He has completed a Business
Impact Assessment (BIA) to better understand what data the company holds. Jon is the Head of
Procurement and has listened intently to Henry's presentation. He has decided to go back to his
department and complete a thorough risk assessment, as he is aware his team holds a lot of data on
suppliers and contracts. The CEO of Purple Rain, Roger Nelson, has asked Henry about next steps in
order to protect the company from further risks associated with the IT strategy. Data is currently
stored on servers located at Purple Rain's Headquarters. The server room is locked at all times of the
day and is only accessible to staff members who have a key. The building itself is extremely secure
with CCTV systems located both inside the server room and outside it. However, the server room is
prone to overheating.
What should Henry's next steps be?

Accepted Answer

D

Explanation: Given Henry's focus on data resilience, the next logical step is to complete a Priority Assessment and define Recovery Objectives. This will help identify which data and systems are most at risk and require immediate attention in the Data Resilience Plan. (P.105)

Question 15

Jumping Cucumbers Ltd is a food manufacturing organisation that uses Internet of Things (IoT)
devices in production processes. Mohammed is the head of IT at the company and is considering
ways of reducing the risks of technology security breaches. Which of the following would reduce the
risks for his devices?

Accepted Answer

B

Explanation: Encryption software enhances the security of IoT devices by protecting data from unauthorized access. While secure passwords (Option A) and backups (Option C) are good cybersecurity practices, they do not specifically address IoT device security. A physical security guard (Option D) would not prevent remote cyber attacks. (P.176)

Free CIPS L6M7 Actual Exam Questions