Labour Day Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

 
Home > ISC > ISC certification > ISSMP

ISSMP Information Systems Security Management Professional Question and Answers

Note: This exam is available on Demand only. You can Pre-Order this Exam and we will arrange this for you.

Pre-Order Your "ISSMP - Information Systems Security Management Professional" Exam

You can pre-order your "Information Systems Security Management Professional" exam to us if you are in need this urgent. Dumpsmate.com Team will prepare your Exam Questions & Answers From Real Exam within next 2 to 3 Weeks Time only.

How to Make Pre-Order You Exams:

  1. 1. Click to "Add to Cart" Button.
  2. 2. Our Expert will arrange real Exam Questions within 2 to 3 weeks especially for you.
  3. 3. You will be notified within 2 to 3 Weeks' time once your Exam is ready with all Real Questions and Possible Answers with PDF + Testing Engine format.

Why to Choose DumpsMate?

In the unlikely event if we can't make this exam available to you then you will issue a full refund! So there is no risk.

READY TO MAKE YOUR "ISSMP" PRE-ORDER?

$850

 Add To Cart
Question # 4

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?

A.

NSA-IAM

B.

DITSCAP

C.

ASSET

D.

NIACAP

Full Access
Question # 5

Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?

A.

18 U.S.C. 1362

B.

18 U.S.C. 1030

C.

18 U.S.C. 1029

D.

18 U.S.C. 2701

E.

18 U.S.C. 2510

Full Access
Question # 6

Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

A.

Direct

B.

Circumstantial

C.

Incontrovertible

D.

Corroborating

Full Access
Question # 7

Management has asked you to perform a risk audit and report back on the results. Bonny, a project team member asks you what a risk audit is. What do you tell Bonny?

A.

A risk audit is a review of all the risks that have yet to occur and what their probability of happening are.

B.

A risk audit is a review of the effectiveness of the risk responses in dealing with identified risks and their root causes, as well as the effectiveness of the risk management process.

C.

A risk audit is a review of all the risk probability and impact for the risks, which are still present in the project but which have not yet occurred.

D.

A risk audit is an audit of all the risks that have occurred in the project and what their true impact on cost and time has been.

Full Access
Question # 8

Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?

A.

The Fair Credit Reporting Act (FCRA)

B.

The Privacy Act

C.

The Electronic Communications Privacy Act

D.

The Equal Credit Opportunity Act (ECOA)

Full Access
Question # 9

Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.

A.

Data downloading from the Internet

B.

File and object access

C.

Network logons and logoffs

D.

Printer access

Full Access
Question # 10

Which of the following architecturally related vulnerabilities is a hardware or software mechanism, which was installed to permit system maintenance and to bypass the system's security protections?

A.

Maintenance hook

B.

Lack of parameter checking

C.

Time of Check to Time of Use (TOC/TOU) attack

D.

Covert channel

Full Access
Question # 11

Which of the following security models focuses on data confidentiality and controlled access to classified information?

A.

Bell-La Padula model

B.

Take-Grant model

C.

Clark-Wilson model

D.

Biba model

Full Access
Question # 12

Which of the following terms describes a repudiation of a contract that occurs before the time when performance is due?

A.

Expected breach

B.

Actual breach

C.

Anticipatory breach

D.

Nonperforming breach

Full Access
Question # 13

You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. Which of the following ideas will you consider the best when conducting a security awareness campaign?

A.

Target system administrators and the help desk.

B.

Provide technical details on exploits.

C.

Provide customizedmessages for different groups.

D.

Target senior managers and business process owners.

Full Access
Question # 14

You work as the project manager for Bluewell Inc. You are working on NGQQ Project for your company. You have completed the risk analysis processes for the risk events. You and the project team have created risk responses for most of the identified project risks. Which of the following risk response planning techniques will you use to shift the impact of a threat to a third party, together with the responses?

A.

Risk mitigation

B.

Risk acceptance

C.

Risk avoidance

D.

Risk transference

Full Access
Question # 15

Which of the following liabilities is a third-party liability in which an individual may be responsible for an action by another party?

A.

Relational liability

B.

Engaged liability

C.

Contributory liability

D.

Vicarious liability

Full Access
Question # 16

An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?

A.

Network security policy

B.

Backup policy

C.

Privacy policy

D.

User password policy

Full Access
Question # 17

Which of the following relies on a physical characteristic of the user to verify his identity?

A.

Social Engineering

B.

Kerberos v5

C.

Biometrics

D.

CHAP

Full Access
Question # 18

Which of the following rate systems of the Orange book has no security controls?

A.

D-rated

B.

C-rated

C.

E-rated

D.

A-rated

Full Access
Question # 19

Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?

A.

The Configuration Manager

B.

The Supplier Manager

C.

The Service Catalogue Manager

D.

The IT Service Continuity Manager

Full Access
Question # 20

You are the project manager of the NGQQ Project for your company. To help you communicate project status to your stakeholders, you are going to create a stakeholder register. All of the following information should be included in the stakeholder register except for which one?

A.

Identification information for each stakeholder

B.

Assessment information of the stakeholders' major requirements, expectations, and potential influence

C.

Stakeholder classification of their role in the project

D.

Stakeholder management strategy

Full Access
Question # 21

Mark works as a security manager for SofTech Inc. He is working in a partially equipped office space which contains some of the system hardware, software, telecommunications, and power sources. In which of the following types of office sites is he working?

A.

Mobile site

B.

Warm site

C.

Cold site

D.

Hot site

Full Access
Question # 22

You are the Network Administrator for a college. You watch a large number of people (some not even students) going in and out of areas with campus computers (libraries, computer labs, etc.). You have had a problem with laptops being stolen. What is the most cost effective method to prevent this?

A.

Videosurveillance on all areas with computers.

B.

Use laptop locks.

C.

Appoint a security guard.

D.

Smart card access to all areas with computers.

Full Access
Question # 23

The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typical areas for improvement? Each correct answer represents a complete solution. Choose all that apply.

A.

Information dissemination policy

B.

Electronic monitoring statement

C.

Additional personnel security controls

D.

Incident response plan

Full Access
Question # 24

You are documenting your organization's change control procedures for project management. What portion of the change control process oversees features and functions of the product scope?

A.

Configuration management

B.

Product scope management is outside the concerns of the project.

C.

Scope changecontrol system

D.

Project integration management

Full Access
Question # 25

Which of the following is the best method to stop vulnerability attacks on a Web server?

A.

Using strong passwords

B.

Configuring a firewall

C.

Implementing the latest virus scanner

D.

Installing service packs and updates

Full Access
Question # 26

Which of the following are the levels of military data classification system? Each correct answer represents a complete solution. Choose all that apply.

A.

Sensitive

B.

Top Secret

C.

Confidential

D.

Secret

E.

Unclassified

F.

Public

Full Access
Question # 27

Which of the following needs to be documented to preserve evidences for presentation in court?

A.

Separation of duties

B.

Account lockout policy

C.

Incident response policy

D.

Chain of custody

Full Access
Question # 28

Which of the following statements best describes the consequences of the disaster recovery plan test?

A.

If no deficiencies were found during the test, then the test was probably flawed.

B.

The plan should not be changed no matter what the results of the test would be.

C.

The results of the test should be kept secret.

D.

If no deficiencies were found during the test, then the plan is probably perfect.

Full Access
Question # 29

Which of the following is the default port for Secure Shell (SSH)?

A.

UDP port 161

B.

TCP port 22

C.

UDP port 138

D.

TCP port 443

Full Access
Question # 30

Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?

A.

Businesscontinuity plan

B.

Crisis communication plan

C.

Contingency plan

D.

Disaster recovery plan

Full Access
Question # 31

Which of the following is used to back up forensic evidences or data folders from the network or locally attached hard disk drives?

A.

WinHex

B.

Vedit

C.

Device Seizure

D.

FAR system

Full Access
Question # 32

Which of the following enables an inventor to legally enforce his right to exclude others from using his invention?

A.

Spam

B.

Patent

C.

Artistic license

D.

Phishing

Full Access
Copyright myexamcollection.com. All Right Reserved.