Massive Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ISC CISSP-ISSMP ISSMP®: Information Systems Security Management Professional Exam Practice Test

Demo: 32 questions
Total 218 questions

ISSMP®: Information Systems Security Management Professional Questions and Answers

Question 1

You are responsible for network and information security at a metropolitan police station. The most important concern is that unauthorized parties are not able to access data. What is this called?

Options:

A.

Availability

B.

Encryption

C.

Integrity

D.

Confidentiality

Question 2

Which of the following are the ways of sending secure e-mail messages over the Internet? Each correct answer represents a complete solution. Choose two.

Options:

A.

TLS

B.

PGP

C.

S/MIME

D.

IPSec

Question 3

You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. Which of the following ideas will you consider the best when conducting a security awareness campaign?

Options:

A.

Target system administrators and the help desk.

B.

Provide technical details on exploits.

C.

Provide customizedmessages for different groups.

D.

Target senior managers and business process owners.

Question 4

How many change control systems are there in project management?

Options:

A.

3

B.

4

C.

2

D.

1

Question 5

Fill in the blank with an appropriate phrase.________ models address specifications, requirements, and design, verification and validation, and maintenance activities.

Options:

A.

Life cycle

Question 6

Which of the following relies on a physical characteristic of the user to verify his identity?

Options:

A.

Social Engineering

B.

Kerberos v5

C.

Biometrics

D.

CHAP

Question 7

Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?

Options:

A.

Businesscontinuity plan

B.

Crisis communication plan

C.

Contingency plan

D.

Disaster recovery plan

Question 8

Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP) ?

Options:

A.

UDP port 161

B.

TCP port 443

C.

TCP port 110

D.

UDP port 1701

Question 9

You are the Network Administrator for a software company. Due to the nature of your company's business, you have a significant number of highly computer savvy users. However, you have still decided to limit each user access to only those resources required for their job, rather than give wider access to the technical users (such as tech support and software engineering personnel). What is this an example of?

Options:

A.

The principle of maximum control.

B.

The principle of least privileges.

C.

Proper use of an ACL.

D.

Poor resource management.

Question 10

Which of the following is the best method to stop vulnerability attacks on a Web server?

Options:

A.

Using strong passwords

B.

Configuring a firewall

C.

Implementing the latest virus scanner

D.

Installing service packs and updates

Question 11

You work as the Network Administrator for a defense contractor. Your company works with sensitive materials and all IT personnel have at least a secret level clearance. You are still concerned that one individual could perhaps compromise the network (intentionally or unintentionally) by setting up improper or unauthorized remote access. What is the best way to avoid this problem?

Options:

A.

Implement separation of duties.

B.

Implement RBAC.

C.

Implement three way authentication.

D.

Implement least privileges.

Question 12

Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?

Options:

A.

Utility model

B.

Cookie

C.

Copyright

D.

Trade secret

Question 13

Ned is the program manager for his organization and he's considering some new materials for his program. He and his team have never worked with these materials before and he wants to ask the vendor for some additional information, a demon, and even some samples. What type of a document should Ned send to the vendor?

Options:

A.

IFB

B.

RFQ

C.

RFP

D.

RFI

Question 14

What are the steps related to the vulnerability management program? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Maintain and Monitor

B.

Organization Vulnerability

C.

Define Policy

D.

Baseline the Environment

Question 15

Which of the following terms describes a repudiation of a contract that occurs before the time when performance is due?

Options:

A.

Expected breach

B.

Actual breach

C.

Anticipatory breach

D.

Nonperforming breach

Question 16

Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

Options:

A.

Monitor and Control Risks

B.

Identify Risks

C.

Perform Qualitative Risk Analysis

D.

Perform Quantitative Risk Analysis

Question 17

Which of the following backup sites takes the longest recovery time?

Options:

A.

Cold site

B.

Hot site

C.

Warm site

D.

Mobile backup site

Question 18

You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agreement is an example of what risk response?

Options:

A.

Mitigation

B.

Sharing

C.

Acceptance

D.

Transference

Question 19

You have created a team of HR Managers and Project Managers for Blue Well Inc. The team will concentrate on hiring some new employees for the company and improving the organization's overall security by turning employees among numerous job positions. Which of the following steps will you perform to accomplish the task?

Options:

A.

Job rotation

B.

Job responsibility

C.

Screening candidates

D.

Separation of duties

Question 20

Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution. Choose three.

Options:

A.

It ensures that unauthorized modifications are not made to data by authorized personnel orprocesses.

B.

It determines the actions and behaviors of a single individual within a system

C.

It ensures that modifications are not made to data by unauthorized personnel or processes.

D.

It ensures that internal information is consistent among all subentities and also consistent with the real-world, external situation.

Question 21

Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric's organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric's organization liable to pay the ZAS Corporation for the work they have completed so far on the project?

Options:

A.

Yes, the ZAS Corporation did not choose to terminate the contract work.

B.

It depends on what the outcome of a lawsuit will determine.

C.

It dependson what the termination clause of the contract stipulates.

D.

No, the ZAS Corporation did not complete all of the work.

Question 22

Which of the following types of cyber stalking damage the reputation of their victim and turn other people against them by setting up their own Websites, blogs or user pages for this purpose?

Options:

A.

Encouraging others to harass the victim

B.

False accusations

C.

Attempts to gather information about the victim

D.

False victimization

Question 23

Which of the following liabilities is a third-party liability in which an individual may be responsible for an action by another party?

Options:

A.

Relational liability

B.

Engaged liability

C.

Contributory liability

D.

Vicarious liability

Question 24

The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typical areas for improvement? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Information dissemination policy

B.

Electronic monitoring statement

C.

Additional personnel security controls

D.

Incident response plan

Question 25

Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

Options:

A.

Risk register

B.

Risk management plan

C.

Quality management plan

D.

Project charter

Question 26

Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

Options:

A.

Quantitative analysis

B.

Contingency reserve

C.

Risk response

D.

Risk response plan

Question 27

Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?

Options:

A.

Data custodian

B.

Auditor

C.

User

D.

Data owner

Question 28

Which of the following is generally practiced by the police or any other recognized governmental authority?

Options:

A.

Phishing

B.

Wiretapping

C.

SMB signing

D.

Spoofing

Question 29

Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?

Options:

A.

Legalrepresentative

B.

Technical representative

C.

Lead investigator

D.

Information security representative

Question 30

Which of the following processes is a structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state?

Options:

A.

Risk management

B.

Configuration management

C.

Change management

D.

Procurement management

Question 31

Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.

Options:

A.

Assessing the impact of potential threats

B.

Identifying the accused

C.

Finding an economic balance between the impact of the risk and the cost of the countermeasure

D.

Identifying the risk

Question 32

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

Options:

A.

Business continuity plan

B.

Disaster recovery plan

C.

Continuity of Operations Plan

D.

Contingency plan

Demo: 32 questions
Total 218 questions