Labour Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Examstrust Logo
examstrust mcafee
  1. Home
  2. ISC
  3. CISSP Concentrations
  4. CISSP-ISSMP - ISSMP®: Information Systems Security Management Professional

ISC CISSP-ISSMP ISSMP®: Information Systems Security Management Professional Exam Practice Test

Page: 1 / 22
Total 218 questions
Get CISSP-ISSMP Full Access Download CISSP-ISSMP PDF

ISSMP®: Information Systems Security Management Professional Questions and Answers

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$59.5  $169.99
Add to Cart

Testing Engine

  • Product Type: Testing Engine
$42  $119.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$36.75  $104.99
Add to Cart
Question 1

Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.

Options:

A.

Data downloading from the Internet

B.

File and object access

C.

Network logons and logoffs

D.

Printer access

Question 2

Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two.

Options:

A.

Assuring the integrity of organizational data

B.

Building Risk free systems

C.

Risk control

D.

Risk identification

Question 3

Which of the following test methods has the objective to test the IT system from the viewpoint of a threat-source and to identify potential failures in the IT system protection schemes?

Options:

A.

Penetration testing

B.

On-site interviews

C.

Security Test and Evaluation (ST&E)

D.

Automated vulnerability scanning tool

Question 4

Which of the following acts is a specialized privacy bill that affects any educational institution to accept any form of funding from the federal government?

Options:

A.

HIPAA

B.

COPPA

C.

FERPA

D.

GLBA

Question 5

You work as a Senior Marketing Manger for Umbrella Inc. You find out that some of the software applications on the systems were malfunctioning and also you were not able to access your remote desktop session. You suspected that some malicious attack was performed on the network of the company. You immediately called the incident response team to handle the situation who enquired the Network Administrator to acquire all relevant information regarding the malfunctioning. The Network Administrator informed the incident response team that he was reviewing the security of the network which caused all these problems. Incident response team announced that this was a controlled event not an incident. Which of the following steps of an incident handling process was performed by the incident response team?

Options:

A.

Containment

B.

Eradication

C.

Preparation

D.

Identification

Question 6

In which of the following alternative processing sites is the backup facility maintained in a constant order, with a full complement of servers, workstations, and communication links ready to assume the primary operations responsibility?

Options:

A.

Mobile Site

B.

Cold Site

C.

Warm Site

D.

Hot Site

Question 7

Which of the following statements are true about security risks? Each correct answer represents a complete solution. Choose three.

Options:

A.

They can be analyzed and measured by the risk analysis process.

B.

They can be removed completely by taking proper actions.

C.

They can be mitigated by reviewing and taking responsible actions based on possible risks.

D.

They are considered an indicator of threats coupled with vulnerability.

Question 8

Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the continuity strategy?

Options:

A.

Business continuity plan development

B.

Business impact assessment

C.

Scope and plan initiation

D.

Plan approval and implementation

Question 9

Which of the following are the levels of military data classification system? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Sensitive

B.

Top Secret

C.

Confidential

D.

Secret

E.

Unclassified

F.

Public

Question 10

Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?

Options:

A.

Data diddling

B.

Wiretapping

C.

Eavesdropping

D.

Spoofing

Question 11

How can you calculate the Annualized Loss Expectancy (ALE) that may occur due to a threat?

Options:

A.

Single Loss Expectancy (SLE)/ Exposure Factor (EF)

B.

Asset Value X Exposure Factor (EF)

C.

Exposure Factor (EF)/Single Loss Expectancy (SLE)

D.

Single Loss Expectancy (SLE) X Annualized Rate of Occurrence (ARO)

Question 12

Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?

Options:

A.

Non-repudiation

B.

Confidentiality

C.

Authentication

D.

Integrity

Question 13

Which of the following are the responsibilities of a custodian with regard to data in an information classification program? Each correct answer represents a complete solution. Choose three.

Options:

A.

Determining what level of classification the information requires

B.

Running regular backups and routinely testing the validity of the backup data

C.

Controlling access, adding and removing privileges for individual users

D.

Performing data restoration from the backups when necessary

Question 14

Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two.

Options:

A.

It uses TCP port 80 as the default port.

B.

It is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site.

C.

It uses TCP port 443 as the default port.

D.

It is a protocol used to provide security for a database server in an internal network.

Question 15

Which of the following laws enacted in United States makes it illegal for an Internet Service Provider (ISP) to allow child pornography to exist on Web sites?

Options:

A.

Child Pornography Prevention Act (CPPA)

B.

USA PATRIOT Act

C.

Prosecutorial Remedies and Tools Against the Exploitation of Children Today Act (PROTECT Act)

D.

Sexual Predators Act

Question 16

In which of the following SDLC phases is the system's security features configured and enabled, the system is tested and installed or fielded, and the system is authorized for processing?

Options:

A.

Initiation Phase

B.

Development/Acquisition Phase

C.

Implementation Phase

D.

Operation/Maintenance Phase

Question 17

Mark works as a security manager for SoftTech Inc. He is involved in the BIA phase to create a document to be used to help understand what impact a disruptive event would have on the business. The impact might be financial or operational. Which of the following are the objectives related to the above phase in which Mark is involved? Each correct answer represents a part of the solution. Choose three.

Options:

A.

Resource requirements identification

B.

Criticality prioritization

C.

Down-time estimation

D.

Performing vulnerability assessment

Question 18

Which of the following concepts represent the three fundamental principles of information security? Each correct answer represents a complete solution. Choose three.

Options:

A.

Confidentiality

B.

Integrity

C.

Availability

D.

Privacy

Question 19

Which of the following can be done over telephone lines, e-mail, instant messaging, and any other method of communication considered private.

Options:

A.

Shielding

B.

Spoofing

C.

Eavesdropping

D.

Packaging

Question 20

Which of the following plans provides procedures for recovering business operations immediately following a disaster?

Options:

A.

Disaster recovery plan

B.

Business continuity plan

C.

Continuity of operation plan

D.

Business recovery plan

Question 21

Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?

Options:

A.

Businesscontinuity plan

B.

Crisis communication plan

C.

Contingency plan

D.

Disaster recovery plan

Question 22

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

Options:

A.

Risk mitigation

B.

Risk transfer

C.

Risk acceptance

D.

Risk avoidance

Question 23

Which of the following attacks can be mitigated by providing proper training to the employees in an organization?

Options:

A.

Social engineering

B.

Smurf

C.

Denial-of-Service

D.

Man-in-the-middle

Question 24

You are the Network Administrator for a college. You watch a large number of people (some not even students) going in and out of areas with campus computers (libraries, computer labs, etc.). You have had a problem with laptops being stolen. What is the most cost effective method to prevent this?

Options:

A.

Videosurveillance on all areas with computers.

B.

Use laptop locks.

C.

Appoint a security guard.

D.

Smart card access to all areas with computers.

Question 25

Which of the following are the common roles with regard to data in an information classification program? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Editor

B.

Custodian

C.

Owner

D.

Security auditor

E.

User

Question 26

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

Options:

A.

SSAA

B.

FITSAF

C.

FIPS

D.

TCSEC

Question 27

Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?

Options:

A.

Managed level

B.

Defined level

C.

Fundamental level

D.

Repeatable level

Question 28

Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?

Options:

A.

The Fair Credit Reporting Act (FCRA)

B.

The Privacy Act

C.

The Electronic Communications Privacy Act

D.

The Equal Credit Opportunity Act (ECOA)

Question 29

What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?

Options:

A.

Scope Verification

B.

Project Management Information System

C.

Integrated Change Control

D.

Configuration Management System

Question 30

Joseph works as a Software Developer for Web Tech Inc. He wants to protect the algorithms and the techniques of programming that he uses in developing an application. Which of the following laws are used to protect a part of software?

Options:

A.

Code Security law

B.

Trademark laws

C.

Copyright laws

D.

Patent laws

Question 31

Which of the following statements reflect the 'Code of Ethics Preamble' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Strict adherence to this Code is a condition of certification.

B.

Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.

C.

Advance and protect the profession.

D.

Provide diligent and competent service to principals.

Question 32

You have created a team of HR Managers and Project Managers for Blue Well Inc. The team will concentrate on hiring some new employees for the company and improving the organization's overall security by turning employees among numerous job positions. Which of the following steps will you perform to accomplish the task?

Options:

A.

Job rotation

B.

Job responsibility

C.

Screening candidates

D.

Separation of duties

Load More CISSP-ISSMP Questions
Page: 1 / 22
Total 218 questions
Get CISSP-ISSMP Full Access Download CISSP-ISSMP PDF