CISSP-ISSMP Practice Questions
223 real CISSP-ISSMP exam questions with expert-verified answers and explanations. Page 1 of 5.
- Question #1Security Operations Management
Which of the following subphases are defined in the maintenance phase of the life cycle models?
Maintenance PhaseChange ControlRelease ControlRequest Control - Question #2Foundational Security Concepts
Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?
Non-repudiationSecurity principlesInformation security concepts - Question #3Security Leadership and Management
Which of the following characteristics are described by the DIAP Information Readiness Assessment function? Each correct answer represents a complete solution. Choose all that appl...
DIAPInformation Readiness AssessmentInformation AssuranceVulnerability Analysis - Question #4Security Leadership and Management
Joseph works as a Software Developer for Web Tech Inc. He wants to protect the algorithms and the techniques of programming that he uses in developing an application. Which of the...
Intellectual PropertyPatent LawSoftware ProtectionLegal Frameworks - Question #5Security Operations Management
Which of the following is the best method to stop vulnerability attacks on a Web server?
Vulnerability ManagementPatch ManagementWeb Server SecuritySystem Hardening - Question #6Security Leadership and Management
Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?
Capability Maturity Model (CMM)Software Process ImprovementMaturity ModelsProcess Management - Question #7Security Operations Management
Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster?
BCP TeamsEmergency ResponseDisaster RecoveryCrisis Management - Question #8Foundational Security Concepts
Which of the following security models dictates that subjects can only access objects through applications?
Security ModelsClark-Wilson ModelIntegrity ModelsAccess Control - Question #9Foundational Security Concepts
Which of the following relies on a physical characteristic of the user to verify his identity?
BiometricsAuthenticationIdentity Verification - Question #10Security Audit Management
Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.
Security AuditingEvent LoggingAccess Control Monitoring - Question #11Security Audit Management
You work as a Network Administrator for ABC Inc. The company uses a secure wireless network. John complains to you that his computer is not working properly. What type of security...
Security AuditsIndependent AuditsAudit Types - Question #12Foundational Security Concepts
Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems?
Legal and Regulatory ComplianceComputer Crime LawsMalicious CodeComputer Fraud and Abuse Act (CFAA) - Question #13Security Operations Management
Drag and drop the Response management plans to match up with their respective purposes. Answer:
Response management plansIncident responseDisaster recoveryBusiness continuity - Question #14Security Program Development
Fill in the blank with an appropriate phrase.________ models address specifications, requirements, and design, verification and validation, and maintenance activities. Answer: Life...
Life cycle modelsSystem development life cycleProject managementSecurity program development - Question #15Security Leadership and Management
You are the project manager of the GHE Project. You have identified the following risks with the characteristics as shown in the following figure: How much capital should the proje...
Risk ManagementContingency ReserveQuantitative Risk AnalysisProject Risk Management - Question #16Security Operations Management
Which of the following statements about system hardening are true? Each correct answer represents a complete solution. Choose two.
System HardeningPatch ManagementOperating System SecurityVulnerability Management - Question #17Security Leadership and Management
Which of the following are the common roles with regard to data in an information classification program? Each correct answer represents a complete solution. Choose all that apply.
Data rolesInformation classificationData governance - Question #18Security Leadership and Management
Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, i...
Risk ManagementRisk MonitoringRisk ControlProject Management - Question #19Security Leadership and Management
Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts...
Risk ManagementProject Management PlanRisk Response PlanningProject Updates - Question #20Security Leadership and Management
You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should...
Risk ManagementProject ManagementRisk RegisterRisk Response Planning - Question #21Security Leadership and Management
Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all...
Secure SDLCDeployment SecuritySecurity ControlsRisk Management - Question #22Security Leadership and Management
Which of the following can be prevented by an organization using job rotation and separation of duties policies?
Job rotationSeparation of dutiesInsider threat mitigationCollusion prevention - Question #23Foundational Security Concepts
Which of the following statements are true about security risks? Each correct answer represents a complete solution. Choose three.
Risk ManagementRisk AnalysisRisk MitigationSecurity Concepts - Question #24Security Operations Management
Which of the following types of evidence is considered as the best evidence?
Evidence typesBest evidence ruleLegal aspectsInvestigations - Question #25Security Audit Management
What are the purposes of audit records on an information system? Each correct answer represents a complete solution. Choose two.
Audit logsSystem loggingIncident investigationTroubleshooting - Question #26Security Leadership and Management
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
System AccreditationDoD SecurityInformation Security DocumentsAuthorization Processes - Question #27Security Leadership and Management
Which of the following analysis provides a foundation for measuring investment of time, money and human resources required to achieve a particular outcome?
Gap analysisResource planningStrategic planningInvestment measurement - Question #28Security Leadership and Management
A contract cannot have provisions for which one of the following?
Contract lawLegal and regulatory complianceContractual agreementsSecurity governance - Question #29Security Leadership and Management
Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacki...
Risk ManagementRisk TransferInsuranceCybersecurity Risks - Question #30Security Leadership and Management
You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. One of the employees of your organization asks you the purpose...
Security AwarenessSecurity TrainingProgram ObjectivesEmployee Security - Question #31Foundational Security Concepts
You are responsible for network and information security at a metropolitan police station. The most important concern is that unauthorized parties are not able to access data. What...
ConfidentialityCIA TriadInformation Security Principles - Question #32Security Leadership and Management
What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?
Configuration ManagementChange ManagementProject ScopeSystem Management - Question #33Foundational Security Concepts
Electronic communication technology refers to technology devices, such as computers and cell phones, used to facilitate communication. Which of the following is/are a type of elect...
Electronic CommunicationCommunication TechnologiesCollaboration ToolsInternet Services - Question #34Security Leadership and Management
You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agr...
Risk ManagementRisk Response StrategiesTeaming AgreementsProject Risk - Question #35Security Leadership and Management
Which of the following acts is a specialized privacy bill that affects any educational institution to accept any form of funding from the federal government?
Privacy lawsRegulatory complianceData protectionEducational institutions - Question #36Security Program Development
Which of the following steps is the initial step in developing an information security strategy?
Information Security StrategyStrategic PlanningBusiness AlignmentProgram Development Lifecycle - Question #37Foundational Security Concepts
Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution. Choose three.
Information IntegrityCIA TriadSecurity PrinciplesData Security - Question #38Security Leadership and Management
Which of the following contract types is described in the statement below? "This contract type provides no incentive for the contractor to control costs and hence is rarely utilize...
Contract TypesCost Plus ContractsProcurement ManagementVendor Management - Question #39Security Leadership and Management
Ned is the program manager for his organization and he's considering some new materials for his program. He and his team have never worked with these materials before and he wants...
RFIProcurementVendor ManagementProgram Management - Question #40Foundational Security Concepts
Against which of the following does SSH provide protection? Each correct answer represents a complete solution. Choose two.
SSHEncryptionNetwork SecurityAuthentication - Question #41Security Leadership and Management
What is a stakeholder analysis chart?
Stakeholder AnalysisRisk ManagementSecurity ManagementCommunication Planning - Question #42Security Leadership and Management
Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?
Business Continuity PlanningOrganizational ResilienceStrategic PlanningDisaster Recovery - Question #43Security Leadership and Management
You are a project manager of a large construction project. Within the project you are working with several vendors to complete different phases of the construction. Your client has...
Change ManagementVendor ManagementContract ManagementProcurement - Question #44Security Leadership and Management
Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?
Supplier ManagementContract ManagementRisk AnalysisRoles and Responsibilities - Question #45Security Leadership and Management
In which of the following SDLC phases is the system's security features configured and enabled, the system is tested and installed or fielded, and the system is authorized for proc...
SDLCSystem ImplementationSecurity ConfigurationAuthorization to Operate (ATO) - Question #46Security Leadership and Management
Which of the following laws or acts, formed in Australia, enforces prohibition against cyber stalking?
Cybercrime LawAustralian LegislationLegal ComplianceCyberstalking - Question #47Security Leadership and Management
Which of the following response teams aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing...
Incident Response TeamsInformation SharingSecurity CooperationFIRST - Question #48Security Leadership and Management
Which of the following statements is related with the first law of OPSEC?
OPSECThreat IdentificationInformation Protection - Question #49Security Operations Management
Change Management is used to ensure that standardized methods and procedures are used for efficient handling of all changes. Who decides the category of a change?
Change ManagementIT Service Management (ITSM)Roles and ResponsibilitiesChange Manager - Question #50Security Operations Management
Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?
Evidence typesCircumstantial evidenceIncident investigation