New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

ISSMP Information Systems Security Management Professional Questions and Answers

Questions 4

Which of the following types of cyber stalking damage the reputation of their victim and turn other people against them by setting up their own Websites, blogs or user pages for this purpose?

Options:

A.

Encouraging others to harass the victim

B.

False accusations

C.

Attempts to gather information about the victim

D.

False victimization

Buy Now
Questions 5

You work as the Network Administrator for a defense contractor. Your company works with sensitive materials and all IT personnel have at least a secret level clearance. You are still concerned that one individual could perhaps compromise the network (intentionally or unintentionally) by setting up improper or unauthorized remote access. What is the best way to avoid this problem?

Options:

A.

Implement separation of duties.

B.

Implement RBAC.

C.

Implement three way authentication.

D.

Implement least privileges.

Buy Now
Questions 6

Which of the following is a process of monitoring data packets that travel across a network?

Options:

A.

Password guessing

B.

Packet sniffing

C.

Shielding

D.

Packet filtering

Buy Now
Questions 7

Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Vulnerability Assessment and Penetration Testing

B.

Security Certification and Accreditation (C&A)

C.

Change and Configuration Control

D.

Risk Adjustments

Buy Now
Questions 8

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

Options:

A.

Disaster recovery plan

B.

Contingency plan

C.

Continuity of Operations Plan

D.

Business continuity plan

Buy Now
Questions 9

Which of the following characteristics are described by the DIAP Information Readiness Assessment function? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It performs vulnerability/threat analysis assessment.

B.

It identifies and generates IA requirements.

C.

It provides data needed to accurately assess IA readiness.

D.

It provides for entry and storage of individual system data.

Buy Now
Questions 10

Which of the following security models dictates that subjects can only access objects through applications?

Options:

A.

Biba-Clark model

B.

Bell-LaPadula

C.

Clark-Wilson

D.

Biba model

Buy Now
Questions 11

In which of the following SDLC phases is the system's security features configured and enabled, the system is tested and installed or fielded, and the system is authorized for processing?

Options:

A.

Initiation Phase

B.

Development/Acquisition Phase

C.

Implementation Phase

D.

Operation/Maintenance Phase

Buy Now
Questions 12

Which of the following statements best explains how encryption works on the Internet?

Options:

A.

Encryption encodes information using specific algorithms with a string of numbers known as a key.

B.

Encryption validates a username and passwordbefore sending information to the Web server.

C.

Encryption allows authorized users to access Web sites that offer online shopping.

D.

Encryption helps in transaction processing by e-commerce servers on the Internet.

Buy Now
Questions 13

You are the Network Administrator for a software company. Due to the nature of your company's business, you have a significant number of highly computer savvy users. However, you have still decided to limit each user access to only those resources required for their job, rather than give wider access to the technical users (such as tech support and software engineering personnel). What is this an example of?

Options:

A.

The principle of maximum control.

B.

The principle of least privileges.

C.

Proper use of an ACL.

D.

Poor resource management.

Buy Now
Questions 14

What is a stakeholder analysis chart?

Options:

A.

It is a matrix that documents stakeholders' threats, perceived threats, and communication needs.

B.

It is a matrix that identifies all of the stakeholders and to whom they must report to.

C.

It is a matrix that documents the stakeholders' requirements, when the requirements were created, and when the fulfillment of the requirements took place..

D.

It is a matrix that identifies who must communicate with whom.

Buy Now
Questions 15

Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.

Options:

A.

Administrative

B.

Automatic

C.

Physical

D.

Technical

Buy Now
Questions 16

Which of the following models uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another subject?

Options:

A.

Take-Grant Protection Model

B.

Bell-LaPadula Model

C.

Biba Integrity Model

D.

Access Matrix

Buy Now
Questions 17

Which of the following enables an inventor to legally enforce his right to exclude others from using his invention?

Options:

A.

Spam

B.

Patent

C.

Artistic license

D.

Phishing

Buy Now
Questions 18

Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?

Options:

A.

Disaster Recovery Plan

B.

Continuity of Operations Plan

C.

Contingency Plan

D.

Business Continuity Plan

Buy Now
Questions 19

Which of the following are the levels of public or commercial data classification system? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Secret

B.

Sensitive

C.

Unclassified

D.

Private

E.

Confidential

F.

Public

Buy Now
Questions 20

How can you calculate the Annualized Loss Expectancy (ALE) that may occur due to a threat?

Options:

A.

Single Loss Expectancy (SLE)/ Exposure Factor (EF)

B.

Asset Value X Exposure Factor (EF)

C.

Exposure Factor (EF)/Single Loss Expectancy (SLE)

D.

Single Loss Expectancy (SLE) X Annualized Rate of Occurrence (ARO)

Buy Now
Questions 21

Which of the following liabilities is a third-party liability in which an individual may be responsible for an action by another party?

Options:

A.

Relational liability

B.

Engaged liability

C.

Contributory liability

D.

Vicarious liability

Buy Now
Questions 22

Which of the following laws or acts, formed in Australia, enforces prohibition against cyber stalking?

Options:

A.

Malicious Communications Act (1998)

B.

Anti-Cyber-Stalking law (1999)

C.

Stalking Amendment Act(1999)

D.

Stalking by Electronic Communications Act (2001)

Buy Now
Questions 23

Which of the following relies on a physical characteristic of the user to verify his identity?

Options:

A.

Social Engineering

B.

Kerberos v5

C.

Biometrics

D.

CHAP

Buy Now
Questions 24

The goal of Change Management is to ensure that standardized methods and procedures are used for efficient handling of all changes. Which of the following are Change Management terminologies? Each correct answer represents a part of the solution. Choose three.

Options:

A.

Request for Change

B.

Service Request Management

C.

Change

D.

Forward Schedule of Changes

Buy Now
Questions 25

In which of the following mechanisms does an authority, within limitations, specify what objects can be accessed by a subject?

Options:

A.

Role-Based Access Control

B.

Discretionary Access Control

C.

Task-based Access Control

D.

Mandatory Access Control

Buy Now
Questions 26

Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one?

Options:

A.

Configuration Verification and Auditing

B.

Configuration Item Costing

C.

Configuration Identification

D.

Configuration Status Accounting

Buy Now
Questions 27

You work as a Forensic Investigator. Which of the following rules will you follow while working on a case? Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Preparea chain of custody and handle the evidence carefully.

B.

Examine original evidence and never rely on the duplicate evidence.

C.

Never exceed the knowledge base of the forensic investigation.

D.

Follow the rules of evidence and never temper with the evidence.

Buy Now
Questions 28

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

Options:

A.

SSAA

B.

FITSAF

C.

FIPS

D.

TCSEC

Buy Now
Questions 29

You are the program manager for your project. You are working with the project managers regarding the procurement processes for their projects. You have ruled out one particular contract type because it is considered too risky for the program. Which one of the following contract types is usually considered to be the most dangerous for the buyer?

Options:

A.

Cost plus incentive fee

B.

Fixed fee

C.

Cost plus percentage of costs

D.

Time and materials

Buy Now
Questions 30

John is a black hat hacker. FBI arrested him while performing some email scams. Under which of the following US laws will john be charged?

Options:

A.

18 U.S.C. 1362

B.

18 U.S.C. 1030

C.

18 U.S.C. 2701

D.

18 U.S.C. 2510

Buy Now
Questions 31

What are the purposes of audit records on an information system? Each correct answer represents a complete solution. Choose two.

Options:

A.

Troubleshooting

B.

Investigation

C.

Upgradation

D.

Backup

Buy Now
Questions 32

Which of the following steps are generally followed in computer forensic examinations? Each correct answer represents a complete solution. Choose three.

Options:

A.

Acquire

B.

Analyze

C.

Authenticate

D.

Encrypt

Buy Now
Exam Code: ISSMP
Exam Name: Information Systems Security Management Professional
Last Update: Dec 26, 2024
Questions: 0
ISSMP pdf

ISSMP PDF

$25.5  $84.99
ISSMP Engine

ISSMP Testing Engine

$30  $99.99
ISSMP PDF + Engine

ISSMP PDF + Testing Engine

$255  $850