Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

CISSP-ISSMP Questions and Answers

Note! Following CISSP-ISSMP Exam is Retired now. Please select the alternative replacement for your Exam Certification.

CISSP-ISSMP Questions and Answers

Question # 6

You are the project manager for TTX project. You have to procure some electronics gadgets for the project. A relative of yours is in the retail business of those gadgets. He approaches you for your favor to get the order. This is the situation of ____.

A.

Conflict of interest

B.

Bribery

C.

Illegal practice

D.

Irresponsible practice

Full Access
Question # 7

Which of the following authentication protocols provides support for a wide range of authentication methods, such as smart cards and certificates?

A.

PAP

B.

EAP

C.

MS-CHAP v2

D.

CHAP

Full Access
Question # 8

Which of the following rated systems of the Orange book has mandatory protection of the TCB?

A.

B-rated

B.

C-rated

C.

D-rated

D.

A-rated

Full Access
Question # 9

How many change control systems are there in project management?

A.

3

B.

4

C.

2

D.

1

Full Access
Question # 10

You are responsible for network and information security at a metropolitan police station. The most important concern is that unauthorized parties are not able to access data. What is this called?

A.

Availability

B.

Encryption

C.

Integrity

D.

Confidentiality

Full Access
Question # 11

Mark is the project manager of the NHQ project in Spartech Inc. The project has an asset valued at $195,000 and is subjected to an exposure factor of 35 percent. What will be the Single Loss Expectancy of the project?

A.

$92,600

B.

$67,250

C.

$68,250

D.

$72,650

Full Access
Question # 12

Which of the following is used to back up forensic evidences or data folders from the network or locally attached hard disk drives?

A.

WinHex

B.

Vedit

C.

Device Seizure

D.

FAR system

Full Access
Question # 13

Tomas is the project manager of the QWS Project and is worried that the project stakeholders will want to change the project scope frequently. His fear is based on the many open issues in the project and how the resolution of the issues may lead to additional project changes. On what document are Tomas and the stakeholders working in this scenario?

A.

Communications management plan

B.

Change management plan

C.

Issue log

D.

Risk management plan

Full Access
Question # 14

Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.

A.

Administrative

B.

Automatic

C.

Physical

D.

Technical

Full Access
Question # 15

Which of the following access control models uses a predefined set of access privileges for an object of a system?

A.

Role-Based Access Control

B.

Mandatory Access Control

C.

Policy Access Control

D.

Discretionary Access Control

Full Access
Question # 16

Which of the following liabilities is a third-party liability in which an individual may be responsible for an action by another party?

A.

Relational liability

B.

Engaged liability

C.

Contributory liability

D.

Vicarious liability

Full Access
Question # 17

Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two.

A.

Assuring the integrity of organizational data

B.

Building Risk free systems

C.

Risk control

D.

Risk identification

Full Access
Question # 18

Which of the following statements best describes the consequences of the disaster recovery plan test?

A.

If no deficiencies were found during the test, then the test was probably flawed.

B.

The plan should not be changed no matter what the results of the test would be.

C.

The results of the test should be kept secret.

D.

If no deficiencies were found during the test, then the plan is probably perfect.

Full Access
Question # 19

Which of the following contract types is described in the statement below? "This contract type provides no incentive for the contractor to control costs and hence is rarely utilized."

A.

Cost Plus Fixed Fee

B.

Cost Plus Percentage of Cost

C.

Cost Plus Incentive Fee

D.

Cost Plus Award Fee

Full Access
Question # 20

Which of the following sites are similar to the hot site facilities, with the exception that they are completely dedicated, self-developed recovery facilities?

A.

Cold sites

B.

Orange sites

C.

Warm sites

D.

Duplicate processing facilities

Full Access
Question # 21

Which of the following statements are true about security risks? Each correct answer represents a complete solution. Choose three.

A.

They can be analyzed and measured by the risk analysis process.

B.

They can be removed completely by taking proper actions.

C.

They can be mitigated by reviewing and taking responsible actions based on possible risks.

D.

They are considered an indicator of threats coupled with vulnerability.

Full Access
Question # 22

Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

A.

Risk register

B.

Risk management plan

C.

Quality management plan

D.

Project charter

Full Access
Question # 23

You work as a Network Administrator for ABC Inc. The company uses a secure wireless network. John complains to you that his computer is not working properly. What type of security audit do you need to conduct to resolve the problem?

A.

Operational audit

B.

Dependent audit

C.

Non-operational audit

D.

Independent audit

Full Access
Question # 24

John works as a security manager for Soft Tech Inc. He is working with his team on the disaster recovery management plan. One of his team members has a doubt related to the most cost effective DRP testing plan. According to you, which of the following disaster recovery testing plans is the most cost-effective and efficient way to identify areas of overlap in the plan before conducting more demanding training exercises?

A.

Full-scale exercise

B.

Walk-through drill

C.

Evacuation drill

D.

Structured walk-through test

Full Access
Question # 25

Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation?

A.

Disaster Recovery Plan

B.

Contingency Plan

C.

Continuity Of Operations Plan

D.

Business Continuity Plan

Full Access
Question # 26

Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?

A.

Businesscontinuity plan

B.

Crisis communication plan

C.

Contingency plan

D.

Disaster recovery plan

Full Access
Question # 27

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

A.

Risk mitigation

B.

Risk transfer

C.

Risk acceptance

D.

Risk avoidance

Full Access
Question # 28

You work as a Product manager for Marioiss Inc. You have been tasked to start a project for securing the network of your company. You want to employ configuration management to efficiently manage the procedures of the project. What will be the benefits of employing configuration management for completing this project? Each correct answer represents a complete solution. Choose all that apply.

A.

It provides object, orient, decide and act strategy.

B.

It provides a live documentation of the project.

C.

It provides the risk analysis of project configurations.

D.

It provides the versions for network devices.

Full Access
Question # 29

You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agreement is an example of what risk response?

A.

Mitigation

B.

Sharing

C.

Acceptance

D.

Transference

Full Access
Question # 30

Software Development Life Cycle (SDLC) is a logical process used by programmers to develop software. Which of the following SDLC phases meets the audit objectives defined below: System and data are validated. System meets all user requirements. System meets all control requirements.

A.

Programming and training

B.

Evaluation and acceptance

C.

Definition

D.

Initiation

Full Access
Question # 31

Electronic communication technology refers to technology devices, such as computers and cell phones, used to facilitate communication. Which of the following is/are a type of electronic communication? Each correct answer represents a complete solution. Choose all that apply.

A.

Internet telephony

B.

Instant messaging

C.

Electronic mail

D.

Post-it note

E.

Blogs

F.

Internet teleconferencing

Full Access
Question # 32

What are the purposes of audit records on an information system? Each correct answer represents a complete solution. Choose two.

A.

Troubleshooting

B.

Investigation

C.

Upgradation

D.

Backup

Full Access