Summer Sale- Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Activedumpsnet Logo
  1. Home
  2. ISC
  3. CISSP Concentrations
  4. CISSP-ISSMP - ISSMP®: Information Systems Security Management Professional

ISC CISSP-ISSMP ISSMP®: Information Systems Security Management Professional Exam Practice Test

Note! Following CISSP-ISSMP Exam is Retired now. Please select the alternative replacement for your Exam Certification.
Page: 1 / 22
Total 218 questions
Get CISSP-ISSMP Full Access Download CISSP-ISSMP PDF

ISSMP®: Information Systems Security Management Professional Questions and Answers

Question 1

Which of the following concepts represent the three fundamental principles of information security? Each correct answer represents a complete solution. Choose three.

Options:

A.

Confidentiality

B.

Integrity

C.

Availability

D.

Privacy

Question 2

Fill in the blank with an appropriate word. _________ are used in information security to formalize security policies.

Options:

A.

Models.

Question 3

Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric's organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric's organization liable to pay the ZAS Corporation for the work they have completed so far on the project?

Options:

A.

Yes, the ZAS Corporation did not choose to terminate the contract work.

B.

It depends on what the outcome of a lawsuit will determine.

C.

It dependson what the termination clause of the contract stipulates.

D.

No, the ZAS Corporation did not complete all of the work.

Question 4

Which of the following SDLC phases consists of the given security controls. Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases Generation

Options:

A.

Design

B.

Maintenance

C.

Deployment

D.

Requirements Gathering

Question 5

Which of the following enables an inventor to legally enforce his right to exclude others from using his invention?

Options:

A.

Spam

B.

Patent

C.

Artistic license

D.

Phishing

Question 6

Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

Options:

A.

Patent

B.

Utility model

C.

Snooping

D.

Copyright

Question 7

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

Options:

A.

Risk management plan

B.

Lessons learned documentation

C.

Risk register

D.

Stakeholder management strategy

Question 8

Mark works as a security manager for SofTech Inc. He is working in a partially equipped office space which contains some of the system hardware, software, telecommunications, and power sources. In which of the following types of office sites is he working?

Options:

A.

Mobile site

B.

Warm site

C.

Cold site

D.

Hot site

Question 9

Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.

Options:

A.

Assessing the impact of potential threats

B.

Identifying the accused

C.

Finding an economic balance between the impact of the risk and the cost of the countermeasure

D.

Identifying the risk

Question 10

Which of the following backup sites takes the longest recovery time?

Options:

A.

Cold site

B.

Hot site

C.

Warm site

D.

Mobile backup site

Question 11

Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster?

Options:

A.

Emergency-management team

B.

Damage-assessment team

C.

Off-site storage team

D.

Emergency action team

Question 12

Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?

Options:

A.

The Configuration Manager

B.

The Supplier Manager

C.

The Service Catalogue Manager

D.

The IT Service Continuity Manager

Question 13

Management has asked you to perform a risk audit and report back on the results. Bonny, a project team member asks you what a risk audit is. What do you tell Bonny?

Options:

A.

A risk audit is a review of all the risks that have yet to occur and what their probability of happening are.

B.

A risk audit is a review of the effectiveness of the risk responses in dealing with identified risks and their root causes, as well as the effectiveness of the risk management process.

C.

A risk audit is a review of all the risk probability and impact for the risks, which are still present in the project but which have not yet occurred.

D.

A risk audit is an audit of all the risks that have occurred in the project and what their true impact on cost and time has been.

Question 14

Which of the following are the responsibilities of a custodian with regard to data in an information classification program? Each correct answer represents a complete solution. Choose three.

Options:

A.

Determining what level of classification the information requires

B.

Running regular backups and routinely testing the validity of the backup data

C.

Controlling access, adding and removing privileges for individual users

D.

Performing data restoration from the backups when necessary

Question 15

You are the program manager for your project. You are working with the project managers regarding the procurement processes for their projects. You have ruled out one particular contract type because it is considered too risky for the program. Which one of the following contract types is usually considered to be the most dangerous for the buyer?

Options:

A.

Cost plus incentive fee

B.

Fixed fee

C.

Cost plus percentage of costs

D.

Time and materials

Question 16

Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?

Options:

A.

Initial analysis, request for service, data collection, data reporting, data analysis

B.

Initial analysis, request for service, data collection, data analysis, data reporting

C.

Request for service, initial analysis, data collection, data analysis, data reporting

D.

Request for service, initial analysis, data collection, data reporting, data analysis

Question 17

Software Development Life Cycle (SDLC) is a logical process used by programmers to develop software. Which of the following SDLC phases meets the audit objectives defined below: System and data are validated. System meets all user requirements. System meets all control requirements.

Options:

A.

Programming and training

B.

Evaluation and acceptance

C.

Definition

D.

Initiation

Question 18

Which of the following relies on a physical characteristic of the user to verify his identity?

Options:

A.

Social Engineering

B.

Kerberos v5

C.

Biometrics

D.

CHAP

Question 19

Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT Service Management (ITSM) process. Configuration Management is used for which of the following? 1.To account for all IT assets 2.To provide precise information support to other ITIL disciplines 3.To provide a solid base only for Incident and Problem Management 4.To verify configuration records and correct any exceptions

Options:

A.

1, 3, and 4 only

B.

2 and 4 only

C.

1, 2, and 4 only

D.

2, 3, and 4 only

Question 20

Which of the following processes is a structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state?

Options:

A.

Risk management

B.

Configuration management

C.

Change management

D.

Procurement management

Question 21

Which of the following are the process steps of OPSEC? Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Analysis of Vulnerabilities

B.

Display of associated vulnerability components

C.

Assessment of Risk

D.

Identification of Critical Information

Question 22

Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Provide diligent and competent service to principals.

B.

Protect society, the commonwealth, and the infrastructure.

C.

Give guidance for resolving good versus good and bad versus bad dilemmas.

D.

Act honorably, honestly, justly, responsibly, and legally.

Question 23

Rick is the project manager for TTM project. He is in the process of procuring services from vendors. He makes a contract with a vendor in which he precisely specify the services to be procured, and any changes to the procurement specification will increase the costs to the buyer. Which type of contract is this?

Options:

A.

Firm Fixed Price

B.

Fixed Price Incentive Fee

C.

Cost Plus Fixed Fee Contract

D.

Fixed Price with Economic Price Adjustment

Question 24

Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?

Options:

A.

Data diddling

B.

Wiretapping

C.

Eavesdropping

D.

Spoofing

Question 25

Which of the following Acts enacted in United States allows the FBI to issue National Security Letters (NSLs) to Internet service providers (ISPs) ordering them to disclose records about their customers?

Options:

A.

Electronic Communications Privacy Act of 1986

B.

Wiretap Act

C.

Computer Fraud and Abuse Act

D.

Economic Espionage Act of 1996

Question 26

Which of the following terms describes a repudiation of a contract that occurs before the time when performance is due?

Options:

A.

Expected breach

B.

Actual breach

C.

Anticipatory breach

D.

Nonperforming breach

Question 27

Which of the following security models focuses on data confidentiality and controlled access to classified information?

Options:

A.

Bell-La Padula model

B.

Take-Grant model

C.

Clark-Wilson model

D.

Biba model

Question 28

What are the steps related to the vulnerability management program? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Maintain and Monitor

B.

Organization Vulnerability

C.

Define Policy

D.

Baseline the Environment

Question 29

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

Options:

A.

Business continuity plan

B.

Disaster recovery plan

C.

Continuity of Operations Plan

D.

Contingency plan

Question 30

Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?

Options:

A.

Businesscontinuity plan

B.

Crisis communication plan

C.

Contingency plan

D.

Disaster recovery plan

Question 31

You company suspects an employee of sending unauthorized emails to competitors. These emails are alleged to contain confidential company dat a. Which of the following is the most important step for you to take in preserving the chain of custody?

Options:

A.

Preserve the email server including all logs.

B.

Seize the employee's PC.

C.

Make copies of that employee's email.

D.

Place spyware on the employee's PC to confirm these activities.

Question 32

Which of the following authentication protocols provides support for a wide range of authentication methods, such as smart cards and certificates?

Options:

A.

PAP

B.

EAP

C.

MS-CHAP v2

D.

CHAP

Load More CISSP-ISSMP Questions 
Page: 1 / 22
Total 218 questions
Get CISSP-ISSMP Full Access Download CISSP-ISSMP PDF