New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

ISC ISSMP ISSMP®: Information Systems Security Management Professional Exam Practice Test

Page: 1 / 22
Total 218 questions

ISSMP®: Information Systems Security Management Professional Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Which of the following attacks can be mitigated by providing proper training to the employees in an organization?

Options:

A.

Social engineering

B.

Smurf

C.

Denial-of-Service

D.

Man-in-the-middle

Question 2

Which of the following statements is related with the second law of OPSEC?

Options:

A.

If you are not protecting it (the critical and sensitive information), the adversary wins!

B.

If you don't know what to protect, how do you know you are protecting it?

C.

If you don't know about your security resources you could not protect your network.

D.

If you don't know the threat, how do you know what to protect?

Question 3

Rick is the project manager for TTM project. He is in the process of procuring services from vendors. He makes a contract with a vendor in which he precisely specify the services to be procured, and any changes to the procurement specification will increase the costs to the buyer. Which type of contract is this?

Options:

A.

Firm Fixed Price

B.

Fixed Price Incentive Fee

C.

Cost Plus Fixed Fee Contract

D.

Fixed Price with Economic Price Adjustment

Question 4

Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event?

Options:

A.

Earned value management

B.

Risk audit

C.

Technical performance measurement

D.

Correctiveaction

Question 5

In which of the following SDLC phases is the system's security features configured and enabled, the system is tested and installed or fielded, and the system is authorized for processing?

Options:

A.

Initiation Phase

B.

Development/Acquisition Phase

C.

Implementation Phase

D.

Operation/Maintenance Phase

Question 6

Which of the following sites are similar to the hot site facilities, with the exception that they are completely dedicated, self-developed recovery facilities?

Options:

A.

Cold sites

B.

Orange sites

C.

Warm sites

D.

Duplicate processing facilities

Question 7

Which of the following 'Code of Ethics Canons' of the '(ISC)2 Code of Ethics' states to act honorably, honestly, justly, responsibly and legally?

Options:

A.

Second Code of Ethics Canons

B.

Fourth Code of Ethics Canons

C.

First Code of Ethics Canons

D.

Third Code of Ethics Canons

Question 8

Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

Options:

A.

Safeguard

B.

Single Loss Expectancy (SLE)

C.

Exposure Factor (EF)

D.

Annualized Rate of Occurrence (ARO)

Question 9

Which of the following are the process steps of OPSEC? Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Analysis of Vulnerabilities

B.

Display of associated vulnerability components

C.

Assessment of Risk

D.

Identification of Critical Information

Question 10

Fill in the blank with an appropriate phrase.___________ is the process of using a strategy and plan of what patches should be applied to which systems at a specified time. Correct

Options:

A.

Patch management

Question 11

Which of the following is a process of monitoring data packets that travel across a network?

Options:

A.

Password guessing

B.

Packet sniffing

C.

Shielding

D.

Packet filtering

Question 12

Ned is the program manager for his organization and he's considering some new materials for his program. He and his team have never worked with these materials before and he wants to ask the vendor for some additional information, a demon, and even some samples. What type of a document should Ned send to the vendor?

Options:

A.

IFB

B.

RFQ

C.

RFP

D.

RFI

Question 13

You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agreement is an example of what risk response?

Options:

A.

Mitigation

B.

Sharing

C.

Acceptance

D.

Transference

Question 14

Fill in the blank with an appropriate word. _________ are used in information security to formalize security policies.

Options:

A.

Models.

Question 15

Which of the following Acts enacted in United States allows the FBI to issue National Security Letters (NSLs) to Internet service providers (ISPs) ordering them to disclose records about their customers?

Options:

A.

Electronic Communications Privacy Act of 1986

B.

Wiretap Act

C.

Computer Fraud and Abuse Act

D.

Economic Espionage Act of 1996

Question 16

Which of the following can be done over telephone lines, e-mail, instant messaging, and any other method of communication considered private.

Options:

A.

Shielding

B.

Spoofing

C.

Eavesdropping

D.

Packaging

Question 17

You are the project manager of the GHE Project. You have identified the following risks with the characteristics as shown in the following figure:

How much capital should the project set aside for the risk contingency reserve?

Options:

A.

$142,000

B.

$232,000

C.

$41,750

D.

$23,750

Question 18

Which of the following protocols are used to provide secure communication between a client and a server over the Internet? Each correct answer represents a part of the solution. Choose two.

Options:

A.

TLS

B.

HTTP

C.

SNMP

D.

SSL

Question 19

Which of the following plans provides procedures for recovering business operations immediately following a disaster?

Options:

A.

Disaster recovery plan

B.

Business continuity plan

C.

Continuity of operation plan

D.

Business recovery plan

Question 20

Which of the following test methods has the objective to test the IT system from the viewpoint of a threat-source and to identify potential failures in the IT system protection schemes?

Options:

A.

Penetration testing

B.

On-site interviews

C.

Security Test and Evaluation (ST&E)

D.

Automated vulnerability scanning tool

Question 21

Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP) ?

Options:

A.

UDP port 161

B.

TCP port 443

C.

TCP port 110

D.

UDP port 1701

Question 22

You work as a Forensic Investigator. Which of the following rules will you follow while working on a case? Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Preparea chain of custody and handle the evidence carefully.

B.

Examine original evidence and never rely on the duplicate evidence.

C.

Never exceed the knowledge base of the forensic investigation.

D.

Follow the rules of evidence and never temper with the evidence.

Question 23

Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

Options:

A.

Risk register

B.

Risk management plan

C.

Quality management plan

D.

Project charter

Question 24

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

Options:

A.

Business continuity plan

B.

Disaster recovery plan

C.

Continuity of Operations Plan

D.

Contingency plan

Question 25

What are the purposes of audit records on an information system? Each correct answer represents a complete solution. Choose two.

Options:

A.

Troubleshooting

B.

Investigation

C.

Upgradation

D.

Backup

Question 26

You are responsible for network and information security at a metropolitan police station. The most important concern is that unauthorized parties are not able to access data. What is this called?

Options:

A.

Availability

B.

Encryption

C.

Integrity

D.

Confidentiality

Question 27

Which of the following access control models uses a predefined set of access privileges for an object of a system?

Options:

A.

Role-Based Access Control

B.

Mandatory Access Control

C.

Policy Access Control

D.

Discretionary Access Control

Question 28

What course of action can be taken by a party if the current negotiations fail and an agreement cannot be reached?

Options:

A.

ZOPA

B.

PON

C.

Bias

D.

BATNA

Question 29

Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?

Options:

A.

Data diddling

B.

Wiretapping

C.

Eavesdropping

D.

Spoofing

Question 30

Which of the following is a name, symbol, or slogan with which a product is identified?

Options:

A.

Copyright

B.

Trademark

C.

Trade secret

D.

Patent

Question 31

You work as the Network Administrator for a defense contractor. Your company works with sensitive materials and all IT personnel have at least a secret level clearance. You are still concerned that one individual could perhaps compromise the network (intentionally or unintentionally) by setting up improper or unauthorized remote access. What is the best way to avoid this problem?

Options:

A.

Implement separation of duties.

B.

Implement RBAC.

C.

Implement three way authentication.

D.

Implement least privileges.

Question 32

Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.

Options:

A.

Data downloading from the Internet

B.

File and object access

C.

Network logons and logoffs

D.

Printer access

Page: 1 / 22
Total 218 questions