• support@dumpspool.com

SPECIAL LIMITED TIME DISCOUNT OFFER. USE DISCOUNT CODE TO GET 20% OFF DP2021

PDF Only

$35.00 Free Updates Upto 90 Days

  • ISSMP Dumps PDF
  • 535 Questions
  • Updated On July 22, 2024

PDF + Test Engine

$60.00 Free Updates Upto 90 Days

  • ISSMP Question Answers
  • 535 Questions
  • Updated On July 22, 2024

Test Engine

$50.00 Free Updates Upto 90 Days

  • ISSMP Practice Questions
  • 535 Questions
  • Updated On July 22, 2024
Check Our Free ISC2 ISSMP Online Test Engine Demo.

How to pass ISC2 ISSMP exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest ISC2 ISSMP Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know ISC2 ISSMP Dumps are Worth it?

Did we mention our latest ISSMP Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just ISC2 Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our CISSP Information Systems Security Management Professional Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using CISSP Information Systems Security Management Professional Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get ISSMP Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the ISSMP exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

Frequently Asked Questions

ISC2 ISSMP Sample Question Answers

Question # 1

Which of the following is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems? 

A. IDS  
B. OPSEC  
C. HIDS  
D. NIDS  

Question # 2

An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?

A. Network security policy  
B. Backup policy  
C. Privacy policy  
D. User password policy  

Question # 3

Which of the following is a name, symbol, or slogan with which a product is identified?  

A. Copyright  
B. Trademark  
C. Trade secret  
D. Patent  

Question # 4

Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis? 

A. The Configuration Manager  
B. The Supplier Manager  
C. The Service Catalogue Manager  
D. The IT Service Continuity Manager  

Question # 5

Which of the following sites are similar to the hot site facilities, with the exception that they are completely dedicated, self-developed recovery facilities?

A. Cold sites  
B. Orange sites  
C. Warm sites  
D. Duplicate processing facilities

Question # 6

Which of the following is a variant with regard to Configuration Management?  

A. A CI that has the same name as another CI but shares no relationship.  
B. A CI that particularly refers to a hardware specification.  
C. A CI that has the same essential functionality as another CI but a bit different in some small manner.
D. A CI that particularly refers to a software version.  

Question # 7

Mark works as a security manager for SoftTech Inc. He is performing a security awareness program. To be successful in performing the awareness program, he should take into account the needs and current levels of training and understanding of the employees and audience. There are five key ways, which Mark should keep in mind while performing this activity. Current level of computer usage What the audience really wants to learn How receptive the audience is to the security program How to gain acceptance Who might be a possible ally Which of the following activities is performed in this security awareness process? 

A. Separation of duties  
B. Stunned owl syndrome  
C. Audience participation  
D. Audience segmentation  

Question # 8

Sarah has created a site on which she publishes a copyrighted material. She is ignorant that she is infringing copyright. Is she guilty under copyright laws?

A. No  
B. Yes  

Question # 9

Which of the following types of evidence is considered as the best evidence?  

A. A copy of the original document  
B. Information gathered through the witness's senses  
C. The original document  
D. A computer-generated record

Question # 10

Which of the following subphases are defined in the maintenance phase of the life cycle models?

A. Change control  
B. Configuration control  
C. Request control  
D. Release control  

Question # 11

Which of the following relies on a physical characteristic of the user to verify his identity?  

A. Social Engineering  
B. Kerberos v5  
C. Biometrics  
D. CHAP  

Question # 12

Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?

A. Managed level  
B. Defined level  
C. Fundamental level  
D. Repeatable level  

Question # 13

Which of the following policies helps reduce the potential damage from the actions of one person? 

A. CSA  
B. Risk assessment  
C. Separation of duties  
D. Internal audit  

Question # 14

You are the Network Administrator for a college. You watch a large number of people (some not even students) going in and out of areas with campus computers (libraries, computer labs, etc.). You have had a problem with laptops being stolen. What is the most cost effective method to prevent this?

A. Video surveillance on all areas with computers.  
B. Use laptop locks.  
C. Appoint a security guard.  
D. Smart card access to all areas with computers.  

Question # 15

Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one?

A. Configuration Verification and Auditing  
B. Configuration Item Costing  
C. Configuration Identification  
D. Configuration Status Accounting

Question # 16

Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?

A. Utility model  
B. Cookie  
C. Copyright  
D. Trade secret  

Question # 17

Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

A. Safeguard  
B. Single Loss Expectancy (SLE)  
C. Exposure Factor (EF)  
D. Annualized Rate of Occurrence (ARO)  

Question # 18

Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

A. Safeguard  
B. Single Loss Expectancy (SLE)  
C. Exposure Factor (EF)  
D. Annualized Rate of Occurrence (ARO)  

Question # 19

Which of the following statements about system hardening are true? Each correct answer represents a complete solution. Choose two. 

A. It can be achieved by installing service packs and security updates on a regular basis.  
B. It is used for securing the computer hardware.  
C. It can be achieved by locking the computer room.  
D. It is used for securing an operating system.  

Question # 20

Which of the following types of cyber stalking damage the reputation of their victim and turn other people against them by setting up their own Websites, blogs or user pages for this purpose?

A. Encouraging others to harass the victim
B. False accusations  
C. Attempts to gather information about the victim  
D. False victimization  

Question # 21

How can you calculate the Annualized Loss Expectancy (ALE) that may occur due to a threat?

A. Single Loss Expectancy (SLE)/ Exposure Factor (EF)  
B. Asset Value X Exposure Factor (EF)  
C. Exposure Factor (EF)/Single Loss Expectancy (SLE)  
D. Single Loss Expectancy (SLE) X Annualized Rate of Occurrence (ARO)  

Question # 22

Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project." 

A. Monitor and Control Risks  
B. Identify Risks  
C. Perform Qualitative Risk Analysis  
D. Perform Quantitative Risk Analysis  

Question # 23

Which of the following attacks can be mitigated by providing proper training to the employees in an organization? 

A. Social engineering  
B. Smurf  
C. Denial-of-Service  
D. Man-in-the-middle  

Question # 24

Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.

A. Administrative  
B. Automatic  
C. Physical  
D. Technical  

Question # 25

Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment within the work place. Peter started with the definition and types of sexual harassment. He then wants to convey that it is important that records of the sexual harassment incidents should be maintained, which helps in further legal prosecution. Which of the following data should be recorded in this documentation? Each correct answer represents a complete solution. Choose all that apply. 

A. Names of the victims  
B. Location of each incident  
C. Nature of harassment  
D. Date and time of incident  

Question # 26

John works as a security manager for Soft Tech Inc. He is working with his team on the disaster recovery management plan. One of his team members has a doubt related to the most cost effective DRP testing plan. According to you, which of the following disaster recovery testing plans is the most cost-effective and efficient way to identify areas of overlap in the plan before conducting more demanding training exercises?

A. Full-scale exercise  
B. Walk-through drill  
C. Evacuation drill  
D. Structured walk-through test

Question # 27

Which of the following statements are true about a hot site? Each correct answer  represents a complete solution. Choose all that apply.

A. It can be used within an hour for data recovery.  
B. It is cheaper than a cold site but more expensive than a worm site.  
C. It is the most inexpensive backup site.  
D. It is a duplicate of the original site of the organization, with full computer systems as well as near-complete backups of user data.

Question # 28

Which of the following penetration testing phases involves reconnaissance or data gathering? 

A. Attack phase  
B. Pre-attack phase  
C. Post-attack phase  
D. Out-attack phase  

Question # 29

Which of the following BCP teams provides clerical support to the other teams and serves as a message center for the user-recovery site?

A. Security team  
B. Data preparation and records team  
C. Administrative support team  
D. Emergency operations team  

Question # 30

Which of the following tools works by using standard set of MS-DOS commands and can create an MD5 hash of an entire drive, partition, or selected files?

A. Device Seizure  
B. Ontrack  
C. DriveSpy  
D. Forensic Sorter  

Question # 31

Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric's organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric's organization liable to pay the ZAS Corporation for the work they have completed so far on the project? 

A. Yes, the ZAS Corporation did not choose to terminate the contract work.  
B. It depends on what the outcome of a lawsuit will determine.  
C. It depends on what the termination clause of the contract stipulates.  
D. No, the ZAS Corporation did not complete all of the work.  

Question # 32

Which of the following statements is true about auditing?  

A. It is used to protect the network against virus attacks.  
B. It is used to track user accounts for file and object access, logon attempts, etc.  
C. It is used to secure the network or the computers on the network.  
D. It is used to prevent unauthorized access to network resources.  

Question # 33

In which of the following SDLC phases is the system's security features configured and enabled, the system is tested and installed or fielded, and the system is authorized for processing?

A. Initiation Phase  
B. Development/Acquisition Phase  
C. Implementation Phase  
D. Operation/Maintenance Phase

Question # 34

A. FTP  

B. IPX/SPX  
C. IPSec  
D. EAP  

Question # 35

Which of the following contract types is described in the statement below? "This contract type provides no incentive for the contractor to control costs and hence is rarely utilized."

A. Cost Plus Fixed Fee  
B. Cost Plus Percentage of Cost  
C. Cost Plus Incentive Fee  
D. Cost Plus Award Fee  

Question # 36

Which of the following steps are generally followed in computer forensic examinations? Each correct answer represents a complete solution. Choose three. 

A. Acquire  
B. Analyze  
C. Authenticate  
D. Encrypt  

Question # 37

Which of the following steps is the initial step in developing an information security strategy?

A. Perform a technical vulnerabilities assessment.  
B. Assess the current levels of security awareness.  
C. Perform a business impact analysis.  
D. Analyze the current business strategy.  

Question # 38

You are the program manager for your project. You are working with the project managers regarding the procurement processes for their projects. You have ruled out one particular contract type because it is considered too risky for the program. Which one of the following contract types is usually considered to be the most dangerous for the buyer? 

A. Cost plus incentive fee  
B. Fixed fee  
C. Cost plus percentage of costs  
D. Time and materials  

Question # 39

Which of the following SDLC phases consists of the given security controls. Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases Generation

A. Design  
B. Maintenance  
C. Deployment  
D. Requirements Gathering  

Question # 40

Which of the following processes is used by remote users to make a secure connection to internal resources after establishing an Internet connection?

A. Packet filtering  
B. Tunneling  
C. Packet sniffing  
D. Spoofing  

Question # 41

Which of the following fields of management focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?

A. Configuration management  
B. Risk management  
C. Procurement management  
D. Change management  

Question # 42

What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope? 

A. Scope Verification  
B. Project Management Information System  
C. Integrated Change Control  
D. Configuraton Management System

Question # 43

In which of the following mechanisms does an authority, within limitations, specify what objects can be accessed by a subject?

A. Role-Based Access Control  
B. Discretionary Access Control  
C. Task-based Access Control  
D. Mandatory Access Control  

Question # 44

What are the purposes of audit records on an information system? Each correct answer represents a complete solution. Choose two. 

A. Troubleshooting  
B. Investigation  
C. Upgradation  
D. Backup  

Question # 45

Which of the following is a documentation of guidelines that are used to create archival copies of important data?

A. User policy  
B. Security policy  
C. Audit policy  
D. Backup policy  

Question # 46

Mark works as a security manager for SoftTech Inc. He is involved in the BIA phase to create a document to be used to help understand what impact a disruptive event would have on the business. The impact might be financial or operational. Which of the following are the objectives related to the above phase in which Mark is involved? Each correct answer represents a part of the solution. Choose three. 

A. Resource requirements identification  
B. Criticality prioritization  
C. Down-time estimation  
D. Performing vulnerability assessment  

Question # 47

Which of the following is a process of monitoring data packets that travel across a network? 

A. Password guessing  
B. Packet sniffing  
C. Shielding  
D. Packet filtering  

Question # 48

You work as a Product manager for Marioiss Inc. You have been tasked to start a project for securing the network of your company. You want to employ configuration management to efficiently manage the procedures of the project. What will be the benefits of employing configuration management for completing this project? Each correct answer represents a complete solution. Choose all that apply. 

A. It provides object, orient, decide and act strategy.  
B. It provides a live documentation of the project.  
C. It provides the risk analysis of project configurations.  
D. It provides the versions for network devices.  

Question # 49

Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply. 

A. Provide diligent and competent service to principals.  
B. Protect society, the commonwealth, and the infrastructure.  
C. Give guidance for resolving good versus good and bad versus bad dilemmas.  
D. Act honorably, honestly, justly, responsibly, and legally.  

Question # 50

DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply. 

A. System Definition  
B. Accreditation  
C. Verification  
D. Re-Accreditation  
E. Validation  
F. Identification  

Question # 51

Which of the following statements about Due Care policy is true?

A. It is a method used to authenticate users on a network.  
B. It is a method for securing database servers.  
C. It identifies the level of confidentiality of information.  
D. It provides information about new viruses.  

Question # 52

You work as the Network Administrator for a defense contractor. Your company works with sensitive materials and all IT personnel have at least a secret level clearance. You are still concerned that one individual could perhaps compromise the network (intentionally or unintentionally) by setting up improper or unauthorized remote access. What is the best way to avoid this problem? 

A. Implement separation of duties.  
B. Implement RBAC.  
C. Implement three way authentication.  
D. Implement least privileges.

Question # 53

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks? 

A. Risk management plan  
B. Lessons learned documentation  
C. Risk register  
D. Stakeholder management strategy

Question # 54

Fill in the blank with an appropriate phrase. _______is a branch of forensic science pertaining to legal evidence found in computers and digital storage media.

A. Computer forensics  

Question # 55

Which of the following is the default port for Secure Shell (SSH)?  

A. UDP port 161  
B. TCP port 22  
C. UDP port 138  
D. TCP port 443  

Question # 56

Which of the following laws enacted in United States makes it illegal for an Internet Service Provider (ISP) to allow child pornography to exist on Web sites? 

A. Child Pornography Prevention Act (CPPA)  
B. USA PATRIOT Act  
C. Prosecutorial Remedies and Tools Against the Exploitation of Children Today Act (PROTECT Act) 
D. Sexual Predators Act  

Question # 57

Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution. Choose three.

A. It ensures that unauthorized modifications are not made to data by authorized personnel or processes. 
B. It determines the actions and behaviors of a single individual within a system
C. It ensures that modifications are not made to data by unauthorized personnel or processes.
D. It ensures that internal information is consistent among all subentities and also consistent with the real-world, external situation.

Question # 58

Which of the following administrative policy controls is usually associated with government classifications of materials and the clearances of individuals to access those materials? 

A. Separation of Duties  
B. Due Care  
C. Acceptable Use  
D. Need to Know  

Question # 59

What are the steps related to the vulnerability management program? Each correct answer represents a complete solution. Choose all that apply. 

A. Maintain and Monitor  
B. Organization Vulnerability  
C. Define Policy  
D. Baseline the Environment  

Question # 60

Electronic communication technology refers to technology devices, such as computers and cell phones, used to facilitate communication. Which of the following is/are a type of electronic communication? Each correct answer represents a complete solution. Choose all that apply. 

A. Internet telephony  
B. Instant messaging  
C. Electronic mail  
D. Post-it note  
E. Blogs  
F. Internet teleconferencing  

Question # 61

Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three.

A. If you don't know the threat, how do you know what to protect?  
B. If you don't know what to protect, how do you know you are protecting it?  
C. If you are not protecting it (the critical and sensitive information), the adversary wins!  
D. If you don't know about your security resources you cannot protect your network.  

Question # 62

Which of the following rate systems of the Orange book has no security controls?  

A. D-rated  
B. C-rated  
C. E-rated  
D. A-rated  

Question # 63

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

A. Quantitative risk analysis  
B. Qualitative risk analysis  
C. Requested changes  
D. Risk audits  

Question # 64

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

A. Quantitative risk analysis  
B. Qualitative risk analysis  
C. Requested changes  
D. Risk audits  

Question # 65

You work as a Forensic Investigator. Which of the following rules will you follow while working on a case? Each correct answer represents a part of the solution. Choose all that apply.

A. Prepare a chain of custody and handle the evidence carefully.  
B. Examine original evidence and never rely on the duplicate evidence.  
C. Never exceed the knowledge base of the forensic investigation.  
D. Follow the rules of evidence and never temper with the evidence.  

Question # 66

Which of the following is generally practiced by the police or any other recognized governmental authority?

A. Phishing  
B. Wiretapping  
C. SMB signing  
D. Spoofing  

Question # 67

Which of the following is generally practiced by the police or any other recognized governmental authority?

A. Phishing  
B. Wiretapping  
C. SMB signing  
D. Spoofing  

Question # 68

In which of the following contract types, the seller is reimbursed for all allowable costs for performing the contract work and receives a fixed fee payment which is calculated as a percentage of the initial estimated project costs? 

A. Firm Fixed Price Contracts  
B. Cost Plus Fixed Fee Contracts  
C. Fixed Price Incentive Fee Contracts  
D. Cost Plus Incentive Fee Contracts  

Question # 69

Which of the following options is an approach to restricting system access to authorized users?

A. DAC  
B. MIC  
C. RBAC  
D. MAC  

Question # 70

You are a project manager of a large construction project. Within the project you are working with several vendors to complete different phases of the construction. Your client has asked that you arrange for some of the materials a vendor is to install next week in the project to be changed. According to the change management plan what subsystem will need to manage this change request?

A. Cost  
B. Resources  
C. Contract  
D. Schedule  

Question # 71

You are the Network Administrator for a software company. Due to the nature of your company's business, you have a significant number of highly computer savvy users. However, you have still decided to limit each user access to only those resources required for their job, rather than give wider access to the technical users (such as tech support and software engineering personnel). What is this an example of? 

A. The principle of maximum control.
B. The principle of least privileges.
C. Proper use of an ACL.
D. Poor resource management.

Question # 72

Which of the following governance bodies provides management, operational and technicalcontrols to satisfy security requirements?

A. Senior Management
B. Business Unit Manager
C. Information Security Steering Committee
D. Chief Information Security Officer

Question # 73

Which of the following are the process steps of OPSEC? Each correct answer represents a part of the solution. Choose all that apply. 

A. Analysis of Vulnerabilities
B. Display of associated vulnerability components
C. Assessment of Risk
D. Identification of Critical Information

Question # 74

Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two. 

A. Assuring the integrity of organizational data 
B. Building Risk free systems
C. Risk control
D. Risk identification

Question # 75

Which of the following is a documentation of guidelines that computer forensics experts use to handle evidences? 

A. Evidence access policy
B. Incident response policy
C. Chain of custody
D. Chain of evidence

Question # 76

You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location. However, budget is an issue. Which of the following is most appropriate for this client? 

A. Cold site
B. Off site
C. Hot site
D. Warm site

Question # 77

You company suspects an employee of sending unauthorized emails to competitors. These emails are alleged to contain confidential company dat a. Which of the following is the most important step for you to take in preserving the chain of custody? 

A. Preserve the email server including all logs. 
B. Seize the employee's PC. 
C. Make copies of that employee's email.
D. Place spyware on the employee's PC to confirm these activities.

Question # 78

You work as a Web Administrator for Perfect World Inc. The company is planning to host an E-commerce Web site. You are required to design a security plan for it. Client computers with different operating systems will access the Web server. How will you configure the Web server so that it is secure and only authenticated users are able to access it? Each correct answer represents a part of the solution. Choose two. 

A. Use encrypted authentication.
B. Use the SSL protocol.
C. Use the EAP protocol.
D. Use Basic authentication.

Question # 79

Which of the following liabilities is a third-party liability in which an individual may be responsible for an action by another party? 

A. Relational liability
B. Engaged liability
C. Contributory liability
D. Vicarious liability

Question # 80

Which of the following laws or acts, formed in Australia, enforces prohibition against cyber stalking?

A. Malicious Communications Act (1998)
B. Anti-Cyber-Stalking law (1999)
C. Stalking Amendment Act (1999)
D. Stalking by Electronic Communications Act (2001) 

Question # 81

Ned is the program manager for his organization and he's considering some new materialsfor his program. He and his team have never worked with these materials before and hewants to ask the vendor for some additional information, a demon, and even somesamples. What type of a document should Ned send to the vendor? 

A. IFB
B. RFQ
C. RFP
D. RFI

Question # 82

Which of the following BCP teams handles financial arrangement, public relations, and media inquiries in the time of disaster recovery? 

A. Software team
B. Off-site storage team
C. Applications team
D. Emergency-management team

Question # 83

Which of the following plans provides procedures for recovering business operations immediately following a disaster? 

A. Disaster recovery plan
B. Business continuity plan
C. Continuity of operation plan
D. Business recovery plan

Question # 84

Which of the following statements about the availability concept of Information security management is true? 

A. It determines actions and behaviors of a single individual within a system.
B. It ensures reliable and timely access to resources.
C. It ensures that unauthorized modifications are not made to data by authorized personnelor processes.
D. It ensures that modifications are not made to data by unauthorized personnel orprocesses.

Question # 85

Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)? 

A. Initial analysis, request for service, data collection, data reporting, data analysis
B. Initial analysis, request for service, data collection, data analysis, data reporting
C. Request for service, initial analysis, data collection, data analysis, data reporting
D. Request for service, initial analysis, data collection, data reporting, data analysis

Question # 86

Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two. 

A. It uses TCP port 80 as the default port.
B. It is a protocol used in the Universal Resource Locater (URL) address line to connect toa secure site.
C. It uses TCP port 443 as the default port.
D. It is a protocol used to provide security for a database server in an internal network.

Question # 87

Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud? 

A. Data diddling
B. Wiretapping
C. Eavesdropping
D. Spoofing

Question # 88

Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event? 

A. Earned value management
B. Risk audit
C. Technical performance measurement
D. Corrective action

Question # 89

Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major goal of a disaster recovery plan is to provide an organized way to make decisions if a disruptive event occurs and asks for the other objectives of the DRP. If you are among some of the newly recruited personnel in SoftTech Inc, what will be your answer for her question? Each correct answer represents a part of the solution. Choose three. 

A. Protect an organization from major computer services failure.
B. Minimize the risk to the organization from delays in providing services.
C. Guarantee the reliability of standby systems through testing and simulation.
D. Maximize the decision-making required by personnel during a disaster.

Question # 90

You work as the Senior Project manager in Dotcoiss Inc. Your company has started asoftware project using configuration management and has completed 70% of it. You needto ensure that the network infrastructure devices and networking standards used in thisproject are installed in accordance with the requirements of its detailed project designdocumentation. Which of the following procedures will you employ to accomplish the task? 

A. Configuration identification
B. Physical configuration audit
C. Configuration control
D. Functional configuration audit

Question # 91

Which of the following processes will you involve to perform the active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures? 

A. Penetration testing  
B. Risk analysis  
C. Baselining 
D. Compliance checking 

Question # 92

Which of the following divisions of the Trusted Computer System Evaluation Criteria (TCSEC) is based on the Mandatory Access Control (MAC) policy? 

A. Division A
B. Division D
C. Division B
D. Division C

Question # 93

Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning." 

A. Risk register
B. Risk management plan
C. Quality management plan
D. Project charter

Question # 94

The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typical areas for improvement? Each correct answer represents a complete solution. Choose all that apply.

A. Information dissemination policy
B. Electronic monitoring statement
C. Additional personnel security controls 
D. Incident response plan

Question # 95

You work as a security manager for SoftTech Inc. You are conducting a securityawareness campaign for your employees. One of the employees of your organization asksyou the purpose of the security awareness, training and education program. What will beyour answer? 

A. It improves the possibility for career advancement of the IT staff.
B. It improves the security of vendor relations.
C. It improves the performance of a company's intranet.
D. It improves awareness of the need to protect system resources.

Question # 96

Which of the following deals is a binding agreement between two or more persons that is enforceable by law?

A. Outsource
B. Proposal
C. Contract
D. Service level agreement

Question # 97

You are the project manager for TTX project. You have to procure some electronics gadgets for the project. A relative of yours is in the retail business of those gadgets. He approaches you for your favor to get the order. This is the situation of ____.

A. Conflict of interest
B. Bribery
C. Illegal practice
D. Irresponsible practice

Question # 98

Which of the following types of activities can be audited for security? Each correct answerrepresents a complete solution. Choose three.

A. Data downloading from the Internet
B. File and object access
C. Network logons and logoffs
D. Printer access

Question # 99

Shoulder surfing is a type of in-person attack in which the attacker gathers informationabout the premises of an organization. This attack is often performed by lookingsurreptitiously at the keyboard of an employee's computer while he is typing in hispassword at any access point such as a terminal/Web site. Which of the following isviolated in a shoulder surfing attack? 

A. Availability
B. Confidentiality
C. Integrity
D. Authenticity

Question # 100

Walter is the project manager of a large construction project. He'll be working with severalvendors on the project. Vendors will be providing materials and labor for several parts ofthe project. Some of the works in the project are very dangerous so Walter hasimplemented safety requirements for all of the vendors and his own project team.Stakeholders for the project have added new requirements, which have caused new risksin the project. A vendor has identified a new risk that could affect the project if it comes intofruition. Walter agrees with the vendor and has updated the risk register and createdpotential risk responses to mitigate the risk. What should Walter also update in thisscenario considering the risk event?

A. Project contractual relationship with the vendor
B. Project management plan
C. Project communications plan
D. Project scope statement

Question # 101

Which of the following rated systems of the Orange book has mandatory protection of the TCB?

A. B-rated
B. C-rated
C. D-rated
D. A-rated

Question # 102

Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems? 

A. Gramm-Leach-Bliley Act
B. Computer Fraud and Abuse Act
C. Computer Security Act
D. Digital Millennium Copyright Act

Question # 103

Which of the following security models dictates that subjects can only access objectsthrough applications?

A. Biba-Clark model
B. Bell-LaPadula
C. Clark-Wilson
D. Biba model

Question # 104

A contract cannot have provisions for which one of the following?  

A. Subcontracting the work
B. Penalties and fines for disclosure of intellectual rights
C. A deadline for the completion of the work
D. Illegal activities

Question # 105

Which of the following sections come under the ISO/IEC 27002 standard?  

A. Financial assessment
B. Asset management
C. Security policy
D. Risk assessment

Question # 106

Which of the following terms describes a repudiation of a contract that occurs before the time when performance is due? 

A. Expected breach
B. Actual breach
C. Anticipatory breach
D. Nonperforming breach

Question # 107

Which of the following refers to the ability to ensure that the data is not modified or tampered with? 

A. Availability
B. Non-repudiation
C. Integrity
D. Confidentiality

What our clients say about ISSMP Study Resources

Leave a comment

Your email address will not be published. Required fields are marked *

Rating / Feedback About This Exam