CISSP-ISSMP Exam - Information Systems Security Management Professional

NEW QUESTION 1
Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two.

• A. It uses TCP port 80 as the default port.
• B. It is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site.
• C. It uses TCP port 443 as the default port.
• D. It is a protocol used to provide security for a database server in an internal networ

Answer: BC

NEW QUESTION 2
Fill in the blank with an appropriate phrase. is used to provide security mechanisms for the storage, processing, and transfer of data.

• A. Data classification

Answer: A

NEW QUESTION 3
You work as the Network Administrator for a defense contractor. Your company works with sensitive materials and all IT personnel have at least a secret level clearance. You are still concerned that one individual could perhaps compromise the network (intentionally or unintentionally) by setting up improper or unauthorized remote access. What is the best way to avoid this problem?

• A. Implement separation of duties.
• B. Implement RBAC.
• C. Implement three way authentication.
• D. Implement least privilege

Answer: A

NEW QUESTION 4
Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?

• A. Data diddling
• B. Wiretapping
• C. Eavesdropping
• D. Spoofing

Answer: A

NEW QUESTION 5
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event?

• A. Earned value management
• B. Risk audit
• C. Technical performance measurement
• D. Correctiveaction

Answer: D

NEW QUESTION 6
Which of the following SDLC phases consists of the given security controls. Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases Generation

• A. Design
• B. Maintenance
• C. Deployment
• D. Requirements Gathering

Answer: A

NEW QUESTION 7
Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three.

• A. Ifyou don't know the threat, how do you know what to protect?
• B. If you don't know what to protect, how do you know you are protecting it?
• C. If you are not protecting it (the critical and sensitive information), the adversary wins!
• D. If you don't knowabout your security resources you cannot protect your networ

Answer: ABC

NEW QUESTION 8
You work as a Product manager for Marioiss Inc. You have been tasked to start a project for securing the network of your company. You want to employ configuration management to efficiently manage the procedures of the project. What will be the benefits of employing configuration management for completing this project? Each correct answer represents a complete solution. Choose all that apply.

• A. It provides object, orient, decide and act strategy.
• B. It provides a live documentation of the project.
• C. It provides the risk analysis of project configurations.
• D. It provides the versions for network device

Answer: BD

NEW QUESTION 9
Which of the following anti-child pornography organizations helps local communities to create programs and develop strategies to investigate child exploitation?

• A. Internet Crimes Against Children (ICAC)
• B. Project Safe Childhood (PSC)
• C. Anti-Child Porn.org
• D. Innocent Images National Imitative (IINI)

Answer: B

NEW QUESTION 10
Which of the following methods for identifying appropriate BIA interviewees' includes examining the organizational chart of the enterprise to understand the functional positions?

• A. Organizational chart reviews
• B. Executive management interviews
• C. Overlaying system technology
• D. Organizational process models

Answer: A

NEW QUESTION 11
Which of the following statements is related with the first law of OPSEC?

• A. If you are not protecting it (the critical and sensitive information), the adversary wins!
• B. If you don't know what to protect, how do you know you are protecting it?
• C. If you don't know about your security resources you could not protect your network.
• D. If you don't know the threat, how do you know what toprotect?

Answer: D

NEW QUESTION 12
Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution. Choose three.

• A. It ensures that unauthorized modifications are not made to data by authorized personnel orprocesses.
• B. It determines the actions and behaviors of a single individual within a system
• C. It ensures that modifications are not made to data by unauthorized personnel or processes.
• D. It ensures that internal information is consistent among all subentities and also consistent with the real-world, external situation.

Answer: ACD

NEW QUESTION 13
Sarah has created a site on which she publishes a copyrighted material. She is ignorant that she is infringing copyright. Is she guilty under copyright laws?

• A. No
• B. Yes

Answer: B

NEW QUESTION 14
An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?

• A. Network security policy
• B. Backup policy
• C. Privacy policy
• D. User password policy

Answer: C

NEW QUESTION 15
Which of the following security models deal only with integrity? Each correct answer represents a complete solution. Choose two.

• A. Biba-Wilson
• B. Clark-Wilson
• C. Bell-LaPadula
• D. Biba

Answer: BD

NEW QUESTION 16
Which of the following is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems?

• A. IDS
• B. OPSEC
• C. HIDS
• D. NIDS

Answer: B

NEW QUESTION 17
Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?

• A. Disaster Recovery Plan
• B. Continuity of Operations Plan
• C. Contingency Plan
• D. Business Continuity Plan

Answer: D

NEW QUESTION 18
Which of the following are the levels of public or commercial data classification system? Each correct answer represents a complete solution. Choose all that apply.

• A. Secret
• B. Sensitive
• C. Unclassified
• D. Private
• E. Confidential
• F. Public

Answer: BDEF

NEW QUESTION 19
Which of the following options is an approach to restricting system access to authorized users?

• A. DAC
• B. MIC
• C. RBAC
• D. MAC

Answer: C

NEW QUESTION 20
Which of the following statements is true about auditing?

• A. It is used to protect the network against virus attacks.
• B. It is used to track user accounts for file and object access, logon attempts, etc.
• C. It is used to secure the network or the computers on the network.
• D. It is used to prevent unauthorized access to network resource

Answer: B

NEW QUESTION 21
Which of the following access control models are used in the commercial sector? Each correct answer represents a complete solution. Choose two.

• A. Clark-Biba model
• B. Clark-Wilson model
• C. Bell-LaPadula model
• D. Biba model

Answer: BD

NEW QUESTION 22
Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but
management wants you to do more. They'd like for you to create some type of a chart that identified the risk
probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

• A. Quantitative analysis
• B. Contingency reserve
• C. Risk response
• D. Risk response plan

Answer: B

NEW QUESTION 23
Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

• A. Business continuity plan
• B. Disaster recovery plan
• C. Continuity of Operations Plan
• D. Contingency plan

Answer: D

NEW QUESTION 24
Which of the following access control models uses a predefined set of access privileges for an object of a system?

• A. Role-Based Access Control
• B. Mandatory Access Control
• C. Policy Access Control
• D. Discretionary Access Control

Answer: B

NEW QUESTION 25
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

• A. SSAA
• B. FITSAF
• C. FIPS
• D. TCSEC

Answer: A

NEW QUESTION 26
In which of the following mechanisms does an authority, within limitations, specify what objects can be accessed by a subject?

• A. Role-Based Access Control
• B. Discretionary Access Control
• C. Task-based Access Control
• D. Mandatory Access Control

Answer: B

NEW QUESTION 27
You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. Which of the following ideas will you consider the best when
conducting a security awareness campaign?

• A. Target system administrators and the help desk.
• B. Provide technical details on exploits.
• C. Provide customizedmessages for different groups.
• D. Target senior managers and business process owner

Answer: C

NEW QUESTION 28
James works as a security manager for SoftTech Inc. He has been working on the continuous process improvement and on the ordinal scale for measuring the maturity of the organization involved in the software processes. According to James, which of the following maturity levels of software CMM focuses on the continuous process improvement?

• A. Repeatable level
• B. Defined level
• C. Initiating level
• D. Optimizing level

Answer: D

NEW QUESTION 29
......