ISC CISSP-ISSMP ISSMP®: Information Systems Security Management Professional Exam Practice Test

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

Which of the following statements about the availability concept of Information security management is true?

Fill in the blank with an appropriate phrase.________ An is an intensive application of the OPSEC process to an existing operation or activity by a multidiscipline team of experts.

Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event?

Which of the following are the examples of administrative controls? Each correct answer represents a complete solution. Choose all that apply.

Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?

What is a stakeholder analysis chart?

Which of the following rate systems of the Orange book has no security controls?

The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typical areas for improvement? Each correct answer represents a complete solution. Choose all that apply.

What are the purposes of audit records on an information system? Each correct answer represents a complete solution. Choose two.

Which of the following SDLC phases consists of the given security controls. Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases Generation

Which of the following issues are addressed by the change control phase in the maintenance phase of the life cycle models? Each correct answer represents a complete solution. Choose all that apply.

Rachael is the project manager for a large project in her organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they've already completed the project work they were contracted to do. What can Rachael do in this instance?

Which of the following statements about system hardening are true? Each correct answer represents a complete solution. Choose two.

Which of the following relies on a physical characteristic of the user to verify his identity?

Which of the following contract types is described in the statement below? "This contract type provides no incentive for the contractor to control costs and hence is rarely utilized."

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

Which of the following deals is a binding agreement between two or more persons that is enforceable by law?

Which of the following tools works by using standard set of MS-DOS commands and can create an MD5 hash of an entire drive, partition, or selected files?

Against which of the following does SSH provide protection? Each correct answer represents a complete solution. Choose two.

Which of the following Acts enacted in United States allows the FBI to issue National Security Letters (NSLs) to Internet service providers (ISPs) ordering them to disclose records about their customers?

Which of the following authentication protocols provides support for a wide range of authentication methods, such as smart cards and certificates?

Which of the following statements best explains how encryption works on the Internet?

You work as the project manager for Bluewell Inc. You are working on NGQQ Project for your company. You have completed the risk analysis processes for the risk events. You and the project team have created risk responses for most of the identified project risks. Which of the following risk response planning techniques will you use to shift the impact of a threat to a third party, together with the responses?

Which of the following statements about Due Care policy is true?

Which of the following are the levels of public or commercial data classification system? Each correct answer represents a complete solution. Choose all that apply.

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?

You company suspects an employee of sending unauthorized emails to competitors. These emails are alleged to contain confidential company dat a. Which of the following is the most important step for you to take in preserving the chain of custody?

Fill in the blank with an appropriate phrase.___________ is the process of using a strategy and plan of what patches should be applied to which systems at a specified time. Correct

Which of the following is a variant with regard to Configuration Management?

What are the steps related to the vulnerability management program? Each correct answer represents a complete solution. Choose all that apply.

Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.