CISSP-ISSMP Practice Questions
223 real CISSP-ISSMP exam questions with expert-verified answers and explanations. Page 2 of 5.
- Question #51Security Leadership and Management
Which of the following Acts enacted in United States amends Civil Rights Act of 1964, providing technical changes affecting the length of time allowed to challenge unlawful seniori...
US LawsLegal ComplianceCivil Rights ActRegulatory Frameworks - Question #52Security Program Development
Which of the following policies helps reduce the potential damage from the actions of one person?
Separation of DutiesPreventative ControlsInternal ControlsFraud Prevention - Question #53Security Operations Management
The goal of Change Management is to ensure that standardized methods and procedures are used for efficient handling of all changes. Which of the following are Change Management ter...
Change ManagementITILSecurity OperationsIT Service Management - Question #54Security Operations Management
Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?
Digital ForensicsIncident ResponseSOP - Question #55Security Leadership and Management
Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agre...
Security RolesCIA TriadSLA ComplianceSecurity Management - Question #56Security Leadership and Management
James works as a security manager for SoftTech Inc. He has been working on the continuous process improvement and on the ordinal scale for measuring the maturity of the organizatio...
CMMProcess ImprovementOrganizational MaturitySoftware Process Maturity - Question #57Security Leadership and Management
Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?
Intellectual PropertyPatentsLegal FrameworksAsset Protection - Question #58Security Program Development
You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate l...
Disaster RecoveryBusiness ContinuityAlternate SitesBudget Management - Question #59Foundational Security Concepts
Which of the following is a process of monitoring data packets that travel across a network?
Packet sniffingNetwork monitoringNetwork security - Question #60Security Program Development
Policies are considered the first and highest level of documentation, from which the lower-level elements of standards, procedures, and guidelines flow. Drag and drop each policy s...
Security PoliciesDocumentation HierarchySecurity GovernanceProgram Structure - Question #61Security Program Development
Mark works as a security manager for SofTech Inc. He is working in a partially equipped office space which contains some of the system hardware, software, telecommunications, and p...
Disaster RecoveryBusiness ContinuityAlternate SitesWarm Site - Question #62Security Leadership and Management
You are documenting your organization's change control procedures for project management. What portion of the change control process oversees features and functions of the product...
Configuration ManagementChange ControlProject ManagementProduct Scope - Question #63Security Leadership and Management
Which of the following enables an inventor to legally enforce his right to exclude others from using his invention?
Intellectual PropertyPatentsLegal ProtectionAsset Protection - Question #64Security Leadership and Management
Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two.
Risk Management ProcessRisk IdentificationRisk ControlSecurity Management - Question #65Security Leadership and Management
Which of the following statements best describes the consequences of the disaster recovery plan test?
Disaster Recovery Planning (DRP)DRP TestingContinuous ImprovementTest Effectiveness - Question #66Foundational Security Concepts
Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP) ?
L2TPNetwork PortsUDPVPN Protocols - Question #67Security Leadership and Management
Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.
(ISC)2 Code of EthicsEthical CanonsProfessional ConductInformation Security Ethics - Question #68Security Operations Management
Which of the following issues are addressed by the change control phase in the maintenance phase of the life cycle models? Each correct answer represents a complete solution. Choos...
Change ManagementSystem Development Life Cycle (SDLC)MaintenanceQuality Control - Question #69Security Leadership and Management
Which of the following statements about Due Care policy is true?
Due CareInformation Security PolicyInformation ClassificationSecurity Management - Question #70Security Program Development
Andy works as a security manager for SoftTech Inc. He is involved in the BIA phase to create a document to be used to help understand what impact a disruptive event would have on t...
Business Impact Analysis (BIA)Business Continuity Planning (BCP)Disaster Recovery Planning (DRP)Risk Management - Question #71Security Leadership and Management
Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration managem...
Configuration ManagementChange ManagementProject Management ProcessesSecurity Management - Question #72Security Program Development
What are the steps related to the vulnerability management program? Each correct answer represents a complete solution. Choose all that apply.
Vulnerability ManagementSecurity Program DevelopmentPolicy DefinitionEnvironmental Baselines - Question #73Security Operations Management
Which of the following is a documentation of guidelines that are used to create archival copies of important data?
Backup PolicyData ArchivingData ProtectionSecurity Documentation - Question #74Security Leadership and Management
Which of the following deals is a binding agreement between two or more persons that is enforceable by law?
ContractsLegal agreementsBusiness law - Question #75Security Leadership and Management
Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?
Risk ManagementQuantitative Risk AnalysisAnnualized Rate of Occurrence (ARO)Threat Frequency - Question #76Security Leadership and Management
Which of the following types of agreement creates a confidential relationship between the parties to protect any type of confidential and proprietary information or a trade secret?
Non-Disclosure AgreementLegal AgreementsConfidentialityInformation Protection - Question #77Security Program Development
Which of the following sections come under the ISO/IEC 27002 standard?
ISO 27002Information Security ControlsInformation Security Management System (ISMS)Risk Management - Question #78Security Leadership and Management
Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?
U.S. Federal LawsComputer CrimeTelecommunicationsLegal Compliance - Question #79Foundational Security Concepts
Which of the following access control models uses a predefined set of access privileges for an object of a system?
Access Control ModelsMandatory Access ControlSecurity Principles - Question #80Foundational Security Concepts
Which of the following statements about the availability concept of Information security management is true?
AvailabilityCIA TriadInformation Security ConceptsSecurity Management - Question #81Security Operations Management
Which of the following is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems?
Operations SecurityInformation ProtectionAdversary IntelligenceCritical Information - Question #82Foundational Security Concepts
Which of the following administrative policy controls is usually associated with government classifications of materials and the clearances of individuals to access those materials...
Access ControlAdministrative ControlsNeed to KnowInformation Classification - Question #83Security Operations Management
Which of the following processes will you involve to perform the active analysis of the system for any potential vulnerabilities that may result from poor or improper system config...
Penetration TestingVulnerability AssessmentSecurity TestingSecurity Operations - Question #84Foundational Security Concepts
Which of the following are the levels of military data classification system? Each correct answer represents a complete solution. Choose all that apply.
Data ClassificationMilitary ClassificationGovernment DataInformation Security - Question #85Security Operations Management
Which of the following tools works by using standard set of MS-DOS commands and can create an MD5 hash of an entire drive, partition, or selected files?
Forensic ToolsDigital ForensicsHashingDisk Imaging - Question #86Security Operations Management
Which of the following needs to be documented to preserve evidences for presentation in court?
Chain of custodyEvidence preservationDigital forensicsLegal admissibility - Question #87Foundational Security Concepts
Which of the following statements best explains how encryption works on the Internet?
EncryptionCryptography BasicsSecurity Mechanisms - Question #88Security Leadership and Management
Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?
Equal Credit Opportunity ActCredit DiscriminationRegulatory ComplianceNon-Discrimination Laws - Question #89Foundational Security Concepts
Which of the following security models deal only with integrity? Each correct answer represents a complete solution. Choose two.
Security ModelsIntegrity ModelsBibaClark-Wilson - Question #90Security Leadership and Management
Rick is the project manager for TTM project. He is in the process of procuring services from vendors. He makes a contract with a vendor in which he precisely specify the services t...
Contract typesProcurementProject managementFirm Fixed Price - Question #91Security Operations Management
You are an Incident manager in Orangesect.Inc. You have been tasked to set up a new extension of your enterprise. The networking, to be done in the new extension, requires differen...
Incident ManagementIncident Response PreparationNetwork Security PolicySecurity Operations - Question #92Foundational Security Concepts
Which of the following security models focuses on data confidentiality and controlled access to classified information?
Security ModelsConfidentialityBell-La Padula ModelAccess Control - Question #93Security Operations Management
Fill in the blank with the appropriate phrase. ____________ is the ability to record and report on the configuration baselines associated with each configuration item at any moment...
Configuration ManagementConfiguration Status AccountingBaselinesReporting - Question #94Security Operations Management
Fill in the blank with an appropriate phrase.___________ is the process of using a strategy and plan of what patches should be applied to which systems at a specified time. Answer:...
Patch managementVulnerability managementSystem maintenanceSecurity operations - Question #95Security Operations Management
Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency,...
Contingency PlanningRecovery PlansBusiness ContinuityDisaster Recovery - Question #96Security Leadership and Management
Which of the following BCP teams handles financial arrangement, public relations, and media inquiries in the time of disaster recovery?
BCP TeamsEmergency ManagementDisaster RecoveryCrisis Communication - Question #97Security Leadership and Management
Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric's organization. Due to a change request the ZAS Corpo...
Contract ManagementTermination ClausesVendor ManagementLegal Liability - Question #98Security Leadership and Management
Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.
Risk Management GoalsRisk IdentificationRisk AssessmentEconomic Risk Analysis - Question #99Security Leadership and Management
You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activ...
Risk ManagementProject ManagementRisk Monitoring and ControlProcess Outputs - Question #100Security Operations Management
Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She...
Disaster Recovery Plan (DRP)Business ContinuityOperational ResilienceRisk Mitigation