Summer Sale- Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Activedumpsnet Logo
  1. Home
  2. ISC
  3. CISSP Concentrations
  4. ISSMP
  5. ISSMP - ISSMP®: Information Systems Security Management Professional

ISC ISSMP ISSMP®: Information Systems Security Management Professional Exam Practice Test

Page: 1 / 22
Total 218 questions
Get ISSMP Full Access Download ISSMP PDF

ISSMP®: Information Systems Security Management Professional Questions and Answers

Question 1

Fill in the blank with the appropriate phrase. ____________ is the ability to record and report on the configuration baselines associated with each configuration item at any moment of time.

Options:

A.

Configuration status accounting

Question 2

How many change control systems are there in project management?

Options:

A.

3

B.

4

C.

2

D.

1

Question 3

Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?

Options:

A.

18 U.S.C. 1362

B.

18 U.S.C. 1030

C.

18 U.S.C. 1029

D.

18 U.S.C. 2701

E.

18 U.S.C. 2510

Question 4

Mark works as a security manager for SofTech Inc. He is working in a partially equipped office space which contains some of the system hardware, software, telecommunications, and power sources. In which of the following types of office sites is he working?

Options:

A.

Mobile site

B.

Warm site

C.

Cold site

D.

Hot site

Question 5

Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event?

Options:

A.

Earned value management

B.

Risk audit

C.

Technical performance measurement

D.

Correctiveaction

Question 6

Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three.

Options:

A.

Ifyou don't know the threat, how do you know what to protect?

B.

If you don't know what to protect, how do you know you are protecting it?

C.

If you are not protecting it (the critical and sensitive information), the adversary wins!

D.

If you don't knowabout your security resources you cannot protect your network.

Question 7

Which of the following liabilities is a third-party liability in which an individual may be responsible for an action by another party?

Options:

A.

Relational liability

B.

Engaged liability

C.

Contributory liability

D.

Vicarious liability

Question 8

The goal of Change Management is to ensure that standardized methods and procedures are used for efficient handling of all changes. Which of the following are Change Management terminologies? Each correct answer represents a part of the solution. Choose three.

Options:

A.

Request for Change

B.

Service Request Management

C.

Change

D.

Forward Schedule of Changes

Question 9

Which of the following statements are true about a hot site? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It can be used within an hour for data recovery.

B.

It is cheaper than a cold site but more expensive than a worm site.

C.

It is the most inexpensive backup site.

D.

It is a duplicate of the original site of the organization, with full computer systems as well as near-complete backups of user data.

Question 10

In which of the following alternative processing sites is the backup facility maintained in a constant order, with a full complement of servers, workstations, and communication links ready to assume the primary operations responsibility?

Options:

A.

Mobile Site

B.

Cold Site

C.

Warm Site

D.

Hot Site

Question 11

Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

Options:

A.

Monitor and Control Risks

B.

Identify Risks

C.

Perform Qualitative Risk Analysis

D.

Perform Quantitative Risk Analysis

Question 12

Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?

Options:

A.

Utility model

B.

Cookie

C.

Copyright

D.

Trade secret

Question 13

Which of the following are examples of physical controls used to prevent unauthorized access to sensitive materials?

Options:

A.

Thermal alarm systems

B.

Closed circuit cameras

C.

Encryption

D.

Security Guards

Question 14

Mark works as a security manager for SoftTech Inc. He is involved in the BIA phase to create a document to be used to help understand what impact a disruptive event would have on the business. The impact might be financial or operational. Which of the following are the objectives related to the above phase in which Mark is involved? Each correct answer represents a part of the solution. Choose three.

Options:

A.

Resource requirements identification

B.

Criticality prioritization

C.

Down-time estimation

D.

Performing vulnerability assessment

Question 15

Which of the following access control models uses a predefined set of access privileges for an object of a system?

Options:

A.

Role-Based Access Control

B.

Mandatory Access Control

C.

Policy Access Control

D.

Discretionary Access Control

Question 16

Which of the following statements about the availability concept of Information security management is true?

Options:

A.

It determines actions and behaviors of a single individual within a system.

B.

It ensures reliable and timely access to resources.

C.

It ensures that unauthorized modifications are not made to data byauthorized personnel or processes.

D.

It ensures that modifications are not made to data by unauthorized personnel or processes.

Question 17

Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major goal of a disaster recovery plan is to provide an organized way to make decisions if a disruptive event occurs and asks for the other objectives of the DRP. If you are among some of the newly recruited personnel in SoftTech Inc, what will be your answer for her question? Each correct answer represents a part of the solution. Choose three.

Options:

A.

Protect an organization from major computer services failure.

B.

Minimizethe risk to the organization from delays in providing services.

C.

Guarantee the reliability of standby systems through testing and simulation.

D.

Maximize the decision-making required by personnel during a disaster.

Question 18

Which of the following is a variant with regard to Configuration Management?

Options:

A.

A CI thathas the same name as another CI but shares no relationship.

B.

A CI that particularly refers to a hardware specification.

C.

A CI that has the same essential functionality as another CI but a bit different in some small manner.

D.

A CI that particularly refers to a software version.

Question 19

Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

Options:

A.

Safeguard

B.

Single Loss Expectancy (SLE)

C.

Exposure Factor (EF)

D.

Annualized Rate of Occurrence (ARO)

Question 20

Which of the following Acts enacted in United States amends Civil Rights Act of 1964, providing technical changes affecting the length of time allowed to challenge unlawful seniority provisions, to sue the federal government for discrimination and to bring age discrimination claims?

Options:

A.

PROTECT Act

B.

Sexual Predators Act

C.

Civil Rights Act of 1991

D.

The USA Patriot Act of 2001

Question 21

Fill in the blank with an appropriate phrase. _______is a branch of forensic science pertaining to legal evidence found in computers and digital storage media.

Options:

A.

Computer forensics

Question 22

Which of the following signatures watches for the connection attempts to well-known, frequently attacked ports?

Options:

A.

Port signatures

B.

Digital signatures

C.

Header condition signatures

D.

String signatures

Question 23

Which of the following are the ways of sending secure e-mail messages over the Internet? Each correct answer represents a complete solution. Choose two.

Options:

A.

TLS

B.

PGP

C.

S/MIME

D.

IPSec

Question 24

Which of the following statements is related with the first law of OPSEC?

Options:

A.

If you are not protecting it (the critical and sensitive information), the adversary wins!

B.

If you don't know what to protect, how do you know you are protecting it?

C.

If you don't know about your security resources you could not protect your network.

D.

If you don't know the threat, how do you know what toprotect?

Question 25

Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?

Options:

A.

Initial analysis, request for service, data collection, data reporting, data analysis

B.

Initial analysis, request for service, data collection, data analysis, data reporting

C.

Request for service, initial analysis, data collection, data analysis, data reporting

D.

Request for service, initial analysis, data collection, data reporting, data analysis

Question 26

Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT Service Management (ITSM) process. Configuration Management is used for which of the following? 1.To account for all IT assets 2.To provide precise information support to other ITIL disciplines 3.To provide a solid base only for Incident and Problem Management 4.To verify configuration records and correct any exceptions

Options:

A.

1, 3, and 4 only

B.

2 and 4 only

C.

1, 2, and 4 only

D.

2, 3, and 4 only

Question 27

Which of the following rate systems of the Orange book has no security controls?

Options:

A.

D-rated

B.

C-rated

C.

E-rated

D.

A-rated

Question 28

Which of the following acts is a specialized privacy bill that affects any educational institution to accept any form of funding from the federal government?

Options:

A.

HIPAA

B.

COPPA

C.

FERPA

D.

GLBA

Question 29

Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

Options:

A.

Risk register

B.

Risk management plan

C.

Quality management plan

D.

Project charter

Question 30

You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. One of the employees of your organization asks you the purpose of the security awareness, training and education program. What will be your answer?

Options:

A.

It improves the possibility for career advancement of the IT staff.

B.

It improves the security of vendor relations.

C.

It improves the performance of a company's intranet.

D.

It improves awareness of the need to protect system resources.

Question 31

You work as the project manager for Bluewell Inc. You are working on NGQQ Project for your company. You have completed the risk analysis processes for the risk events. You and the project team have created risk responses for most of the identified project risks. Which of the following risk response planning techniques will you use to shift the impact of a threat to a third party, together with the responses?

Options:

A.

Risk mitigation

B.

Risk acceptance

C.

Risk avoidance

D.

Risk transference

Question 32

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

Options:

A.

SSAA

B.

FITSAF

C.

FIPS

D.

TCSEC

Load More ISSMP Questions 
Page: 1 / 22
Total 218 questions
Get ISSMP Full Access Download ISSMP PDF