Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

CISSP-ISSMP Questions and Answers

Question # 6

Fill in the blank with an appropriate word. _________ are used in information security to formalize security policies.

A.

Models.

Full Access
Question # 7

You are the Network Administrator for a software company. Due to the nature of your company's business, you have a significant number of highly computer savvy users. However, you have still decided to limit each user access to only those resources required for their job, rather than give wider access to the technical users (such as tech support and software engineering personnel). What is this an example of?

A.

The principle of maximum control.

B.

The principle of least privileges.

C.

Proper use of an ACL.

D.

Poor resource management.

Full Access
Question # 8

Which of the following steps are generally followed in computer forensic examinations? Each correct answer represents a complete solution. Choose three.

A.

Acquire

B.

Analyze

C.

Authenticate

D.

Encrypt

Full Access
Question # 9

Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric's organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric's organization liable to pay the ZAS Corporation for the work they have completed so far on the project?

A.

Yes, the ZAS Corporation did not choose to terminate the contract work.

B.

It depends on what the outcome of a lawsuit will determine.

C.

It dependson what the termination clause of the contract stipulates.

D.

No, the ZAS Corporation did not complete all of the work.

Full Access
Question # 10

You work as a Senior Marketing Manger for Umbrella Inc. You find out that some of the software applications on the systems were malfunctioning and also you were not able to access your remote desktop session. You suspected that some malicious attack was performed on the network of the company. You immediately called the incident response team to handle the situation who enquired the Network Administrator to acquire all relevant information regarding the malfunctioning. The Network Administrator informed the incident response team that he was reviewing the security of the network which caused all these problems. Incident response team announced that this was a controlled event not an incident. Which of the following steps of an incident handling process was performed by the incident response team?

A.

Containment

B.

Eradication

C.

Preparation

D.

Identification

Full Access
Question # 11

You work as a project manager for SoftTech Inc. A threat with a dollar value of $150,000 is expected to happen in your project and the frequency of threat occurrence per year is 0.001. What will be the annualized loss expectancy in your project?

A.

$180.25

B.

$150

C.

$100

D.

$120

Full Access
Question # 12

Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.

A.

Assessing the impact of potential threats

B.

Identifying the accused

C.

Finding an economic balance between the impact of the risk and the cost of the countermeasure

D.

Identifying the risk

Full Access
Question # 13

Which of the following is a documentation of guidelines that are used to create archival copies of important data?

A.

User policy

B.

Security policy

C.

Audit policy

D.

Backup policy

Full Access
Question # 14

Fill in the blank with an appropriate phrase.______________ is used to provide security mechanisms for the storage, processing, and transfer of data.

A.

Data classification

Full Access
Question # 15

Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?

A.

Legalrepresentative

B.

Technical representative

C.

Lead investigator

D.

Information security representative

Full Access
Question # 16

Which of the following is the process performed between organizations that have unique hardware or software that cannot be maintained at a hot or warm site?

A.

Cold sites arrangement

B.

Business impact analysis

C.

Duplicate processing facilities

D.

Reciprocal agreements

Full Access
Question # 17

You have created a team of HR Managers and Project Managers for Blue Well Inc. The team will concentrate on hiring some new employees for the company and improving the organization's overall security by turning employees among numerous job positions. Which of the following steps will you perform to accomplish the task?

A.

Job rotation

B.

Job responsibility

C.

Screening candidates

D.

Separation of duties

Full Access
Question # 18

Which of the following statements about Due Care policy is true?

A.

It is a method used to authenticate users on a network.

B.

It is a method for securing database servers.

C.

It identifies the level of confidentiality of information.

D.

It provides information about new viruses.

Full Access
Question # 19

Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three.

A.

Ifyou don't know the threat, how do you know what to protect?

B.

If you don't know what to protect, how do you know you are protecting it?

C.

If you are not protecting it (the critical and sensitive information), the adversary wins!

D.

If you don't knowabout your security resources you cannot protect your network.

Full Access
Question # 20

Which of the following steps is the initial step in developing an information security strategy?

A.

Perform a technical vulnerabilities assessment.

B.

Assess the current levels of security awareness.

C.

Perform a business impact analysis.

D.

Analyze the current business strategy.

Full Access
Question # 21

Which of the following statements is related with the second law of OPSEC?

A.

If you are not protecting it (the critical and sensitive information), the adversary wins!

B.

If you don't know what to protect, how do you know you are protecting it?

C.

If you don't know about your security resources you could not protect your network.

D.

If you don't know the threat, how do you know what to protect?

Full Access
Question # 22

Which of the following divisions of the Trusted Computer System Evaluation Criteria (TCSEC) is based on the Mandatory Access Control (MAC) policy?

A.

Division A

B.

Division D

C.

Division B

D.

Division C

Full Access
Question # 23

Which of the following are examples of administrative controls that involve all levels of employees within an organization and determine which users have access to what resources and information? Each correct answer represents a complete solution. Choose three.

A.

Employee registration and accounting

B.

Disaster preparedness and recovery plans

C.

Network authentication

D.

Training and awareness

E.

Encryption

Full Access
Question # 24

Which of the following security models dictates that subjects can only access objects through applications?

A.

Biba-Clark model

B.

Bell-LaPadula

C.

Clark-Wilson

D.

Biba model

Full Access
Question # 25

Which of the following are the examples of administrative controls? Each correct answer represents a complete solution. Choose all that apply.

A.

Security awareness training

B.

Security policy

C.

Data Backup

D.

Auditing

Full Access
Question # 26

Which of the following statements best describes the consequences of the disaster recovery plan test?

A.

If no deficiencies were found during the test, then the test was probably flawed.

B.

The plan should not be changed no matter what the results of the test would be.

C.

The results of the test should be kept secret.

D.

If no deficiencies were found during the test, then the plan is probably perfect.

Full Access
Question # 27

Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?

A.

Businesscontinuity plan

B.

Crisis communication plan

C.

Contingency plan

D.

Disaster recovery plan

Full Access
Question # 28

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

A.

Risk management plan

B.

Lessons learned documentation

C.

Risk register

D.

Stakeholder management strategy

Full Access
Question # 29

Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one?

A.

Configuration Verification and Auditing

B.

Configuration Item Costing

C.

Configuration Identification

D.

Configuration Status Accounting

Full Access
Question # 30

DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.

A.

System Definition

B.

Accreditation

C.

Verification

D.

Re-Accreditation

E.

Validation

F.

Identification

Full Access
Question # 31

Which of the following response teams aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large?

A.

CSIRT

B.

CERT

C.

FIRST

D.

FedCIRC

Full Access
Question # 32

Which of the following statements about the availability concept of Information security management is true?

A.

It determines actions and behaviors of a single individual within a system.

B.

It ensures reliable and timely access to resources.

C.

It ensures that unauthorized modifications are not made to data byauthorized personnel or processes.

D.

It ensures that modifications are not made to data by unauthorized personnel or processes.

Full Access