Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Hot Vendors
Note! The CISSP-ISSMP Exam is no longer available.

CISSP-ISSMP ISSMP®: Information Systems Security Management Professional Questions and Answers

Questions 4

You work as a security manager for SoftTech Inc. You along with your team are doing the disaster recovery for your project. Which of the following steps are performed by you for secure recovery based on the extent of the disaster and the organization's recovery ability? Each correct answer represents a part of the solution. Choose three.

Options:

A.

Recover to an alternate site for critical functions

B.

Restore full system at an alternate operating site

C.

Restore full system after a catastrophic loss

D.

Recover at the primary operating site

Buy Now
Questions 5

Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

Options:

A.

Project contractual relationship with the vendor

B.

Project management plan

C.

Project communications plan

D.

Project scope statement

Buy Now
Questions 6

You work as a Network Administrator for ABC Inc. The company uses a secure wireless network. John complains to you that his computer is not working properly. What type of security audit do you need to conduct to resolve the problem?

Options:

A.

Operational audit

B.

Dependent audit

C.

Non-operational audit

D.

Independent audit

Buy Now
Questions 7

Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

Options:

A.

Availability

B.

Confidentiality

C.

Integrity

D.

Authenticity

Buy Now
Questions 8

Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Provide diligent and competent service to principals.

B.

Protect society, the commonwealth, and the infrastructure.

C.

Give guidance for resolving good versus good and bad versus bad dilemmas.

D.

Act honorably, honestly, justly, responsibly, and legally.

Buy Now
Questions 9

You are the project manager of the GHE Project. You have identified the following risks with the characteristics as shown in the following figure:

CISSP-ISSMP Question 9

How much capital should the project set aside for the risk contingency reserve?

Options:

A.

$142,000

B.

$232,000

C.

$41,750

D.

$23,750

Buy Now
Questions 10

Which of the following protocols are used to provide secure communication between a client and a server over the Internet? Each correct answer represents a part of the solution. Choose two.

Options:

A.

TLS

B.

HTTP

C.

SNMP

D.

SSL

Buy Now
Questions 11

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

Options:

A.

Risk mitigation

B.

Risk transfer

C.

Risk acceptance

D.

Risk avoidance

Buy Now
Questions 12

You work as the Network Administrator for a defense contractor. Your company works with sensitive materials and all IT personnel have at least a secret level clearance. You are still concerned that one individual could perhaps compromise the network (intentionally or unintentionally) by setting up improper or unauthorized remote access. What is the best way to avoid this problem?

Options:

A.

Implement separation of duties.

B.

Implement RBAC.

C.

Implement three way authentication.

D.

Implement least privileges.

Buy Now
Questions 13

Which of the following are the common roles with regard to data in an information classification program? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Editor

B.

Custodian

C.

Owner

D.

Security auditor

E.

User

Buy Now
Questions 14

Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

Options:

A.

Monitor and Control Risks

B.

Identify Risks

C.

Perform Qualitative Risk Analysis

D.

Perform Quantitative Risk Analysis

Buy Now
Questions 15

Which of the following measurements of an enterprise's security state is the process whereby an organization establishes the parameters within which programs, investments, and acquisitions reach the desired results?

Options:

A.

Information sharing

B.

Ethics

C.

Performance measurement

D.

Risk management

Buy Now
Questions 16

Which of the following is a process of monitoring data packets that travel across a network?

Options:

A.

Password guessing

B.

Packet sniffing

C.

Shielding

D.

Packet filtering

Buy Now
Questions 17

Joseph works as a Software Developer for Web Tech Inc. He wants to protect the algorithms and the techniques of programming that he uses in developing an application. Which of the following laws are used to protect a part of software?

Options:

A.

Code Security law

B.

Trademark laws

C.

Copyright laws

D.

Patent laws

Buy Now
Questions 18

Which of the following attacks can be mitigated by providing proper training to the employees in an organization?

Options:

A.

Social engineering

B.

Smurf

C.

Denial-of-Service

D.

Man-in-the-middle

Buy Now
Questions 19

A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?

Options:

A.

Copyright law

B.

Trademark law

C.

Privacy law

D.

Security law

Buy Now
Questions 20

Which of the following SDLC phases consists of the given security controls. Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases Generation

Options:

A.

Design

B.

Maintenance

C.

Deployment

D.

Requirements Gathering

Buy Now
Questions 21

Which of the following security issues does the Bell-La Padula model focus on?

Options:

A.

Authentication

B.

Confidentiality

C.

Integrity

D.

Authorization

Buy Now
Questions 22

Rachael is the project manager for a large project in her organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they've already completed the project work they were contracted to do. What can Rachael do in this instance?

Options:

A.

Threaten to sue the vendor if they don't complete the work.

B.

Fire the vendor for failing to complete the contractual obligation.

C.

Withhold the vendor's payments for the work they've completed.

D.

Refer to the contract agreement for direction.

Buy Now
Questions 23

Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster?

Options:

A.

Emergency-management team

B.

Damage-assessment team

C.

Off-site storage team

D.

Emergency action team

Buy Now
Questions 24

Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.

Options:

A.

Administrative

B.

Automatic

C.

Physical

D.

Technical

Buy Now
Questions 25

Which of the following is a documentation of guidelines that are used to create archival copies of important data?

Options:

A.

User policy

B.

Security policy

C.

Audit policy

D.

Backup policy

Buy Now
Questions 26

Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

Options:

A.

Risk register

B.

Risk management plan

C.

Quality management plan

D.

Project charter

Buy Now
Questions 27

Which of the following options is an approach to restricting system access to authorized users?

Options:

A.

DAC

B.

MIC

C.

RBAC

D.

MAC

Buy Now
Questions 28

Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation?

Options:

A.

Disaster Recovery Plan

B.

Contingency Plan

C.

Continuity Of Operations Plan

D.

Business Continuity Plan

Buy Now
Questions 29

Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?

Options:

A.

Data diddling

B.

Wiretapping

C.

Eavesdropping

D.

Spoofing

Buy Now
Questions 30

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?

Options:

A.

NSA-IAM

B.

DITSCAP

C.

ASSET

D.

NIACAP

Buy Now
Questions 31

Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three.

Options:

A.

Ifyou don't know the threat, how do you know what to protect?

B.

If you don't know what to protect, how do you know you are protecting it?

C.

If you are not protecting it (the critical and sensitive information), the adversary wins!

D.

If you don't knowabout your security resources you cannot protect your network.

Buy Now
Questions 32

What are the steps related to the vulnerability management program? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Maintain and Monitor

B.

Organization Vulnerability

C.

Define Policy

D.

Baseline the Environment

Buy Now
Exam Code: CISSP-ISSMP
Exam Name: ISSMP®: Information Systems Security Management Professional
Last Update: Nov 27, 2023
Questions: 218
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 21 Nov 2024