ISSMP®: Information Systems Security Management Professional v6.0 (CISSP-ISSMP)

Page:    1 / 15   
Total 218 questions

Which of the following refers to an information security document that is used in the United
States Department of Defense (DoD) to describe and accredit networks and systems?

  • A. SSAA
  • C. FIPS
  • D. TCSEC

Answer : A

Change Management is used to ensure that standardized methods and procedures are used for efficient handling of all changes. Who decides the category of a change?

  • A. The Problem Manager
  • B. The Process Manager
  • C. The Change Manager
  • D. The Service Desk
  • E. The Change Advisory Board

Answer : C

Which of the following refers to the ability to ensure that the data is not modified or tampered with?

  • A. Availability
  • B. Non-repudiation
  • C. Integrity
  • D. Confidentiality

Answer : C

Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?

  • A. 18 U.S.C. 1362
  • B. 18 U.S.C. 1030
  • C. 18 U.S.C. 1029
  • D. 18 U.S.C. 2701
  • E. 18 U.S.C. 2510

Answer : A

You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. Which of the following ideas will you consider the best when conducting a security awareness campaign?

  • A. Target system administrators and the help desk.
  • B. Provide technical details on exploits.
  • C. Provide customized messages for different groups.
  • D. Target senior managers and business process owners.

Answer : C

You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location.
However, budget is an issue. Which of the following is most appropriate for this client?

  • A. Cold site
  • B. Off site
  • C. Hot site
  • D. Warm site

Answer : A

You are the project manager of the GHE Project. You have identified the following risks with the characteristics as shown in the following figure:

How much capital should the project set aside for the risk contingency reserve?

  • A. $142,000
  • B. $232,000
  • C. $41,750
  • D. $23,750

Answer : D

Which of the following is a name, symbol, or slogan with which a product is identified?

  • A. Copyright
  • B. Trademark
  • C. Trade secret
  • D. Patent

Answer : B

Fill in the blank with an appropriate word. _________ are used in information security to formalize security policies.

  • A. Models.

Answer : A

Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event?

  • A. Earned value management
  • B. Risk audit
  • C. Technical performance measurement
  • D. Corrective action

Answer : D

Which of the following needs to be documented to preserve evidences for presentation in court?

  • A. Separation of duties
  • B. Account lockout policy
  • C. Incident response policy
  • D. Chain of custody

Answer : D

Which of the following laws is defined as the Law of Nations or the legal norms that has developed through the customary exchanges between states over time, whether based on diplomacy or aggression?

  • A. Customary
  • B. Tort
  • C. Criminal
  • D. Administrative

Answer : A

What are the purposes of audit records on an information system? Each correct answer represents a complete solution. Choose two.

  • A. Troubleshooting
  • B. Investigation
  • C. Upgradation
  • D. Backup

Answer : A,B

Which of the following methods can be helpful to eliminate social engineering threat? Each correct answer represents a complete solution. Choose three.

  • A. Password policies
  • B. Vulnerability assessments
  • C. Data encryption
  • D. Data classification

Answer : A,B,D

Which of the following characteristics are described by the DIAP Information Readiness
Assessment function? Each correct answer represents a complete solution. Choose all that apply.

  • A. It performs vulnerability/threat analysis assessment.
  • B. It identifies and generates IA requirements.
  • C. It provides data needed to accurately assess IA readiness.
  • D. It provides for entry and storage of individual system data.

Answer : A,B,C

Page:    1 / 15   
Total 218 questions