CISSP-ISSMP Practice Questions
223 real CISSP-ISSMP exam questions with expert-verified answers and explanations. Page 3 of 5.
- Question #102Security Audit Management
Software Development Life Cycle (SDLC) is a logical process used by programmers to develop software. Which of the following SDLC phases meets the audit objectives defined below: Sy...
SDLC phasesSystem validationRequirements verificationAudit objectives - Question #103Security Leadership and Management
You are the project manager of the NGQQ Project for your company. To help you communicate project status to your stakeholders, you are going to create a stakeholder register. All o...
Project ManagementStakeholder ManagementProject DocumentationStakeholder Register - Question #104Foundational Security Concepts
Which of the following are examples of physical controls used to prevent unauthorized access to sensitive materials?
Physical SecurityAccess ControlSecurity Controls - Question #105Foundational Security Concepts
Which of the following security issues does the Bell-La Padula model focus on?
Bell-La PadulaSecurity ModelsConfidentiality - Question #106Foundational Security Concepts
Which of the following are the examples of administrative controls? Each correct answer represents a complete solution. Choose all that apply.
Administrative controlsSecurity controlsSecurity policySecurity awareness training - Question #107Foundational Security Concepts
Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.
Access ControlsAdministrative ControlsPhysical ControlsTechnical Controls - Question #108Security Leadership and Management
Which of the following laws enacted in United States makes it illegal for an Internet Service Provider (ISP) to allow child pornography to exist on Web sites?
Legal ComplianceISP ResponsibilitiesCybercrime LawsChild Protection Laws - Question #109Security Operations Management
Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?
Incident ResponseForensic Data CollectionIncident Response Team RolesData Preservation - Question #110Foundational Security Concepts
A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal de...
Data PrivacyPIIPrivacy LawsInformation Sharing - Question #111Security Program Development
You work as a Web Administrator for Perfect World Inc. The company is planning to host an E- commerce Web site. You are required to design a security plan for it. Client computers...
Web SecurityAuthenticationSSL/TLSEncryption - Question #112Security Leadership and Management
Which of the following statements are true about security risks? Each correct answer represents a complete solution. Choose three.
Risk ManagementRisk AnalysisRisk MitigationThreats and Vulnerabilities - Question #113Security Leadership and Management
Which of the following methods for identifying appropriate BIA interviewees' includes examining the organizational chart of the enterprise to understand the functional positions?
BIA (Business Impact Analysis)Organizational ChartsInterviewee IdentificationBusiness Continuity Planning - Question #114Security Program Development
Which of the following BCP teams provides clerical support to the other teams and serves as a message center for the user-recovery site?
Business Continuity PlanningBCP teamsAdministrative supportDisaster recovery - Question #115Security Program Development
Drag and drop the various SSE-CMM levels at the appropriate places. Answer:
SSE-CMMMaturity ModelsSecurity Program ManagementSecurity Engineering - Question #116Foundational Security Concepts
Which of the following architecturally related vulnerabilities is a hardware or software mechanism, which was installed to permit system maintenance and to bypass the system's secu...
Maintenance HooksSystem VulnerabilitiesBackdoorsArchitectural Vulnerabilities - Question #117Security Leadership and Management
You have created a team of HR Managers and Project Managers for Blue Well Inc. The team will concentrate on hiring some new employees for the company and improving the organization...
Job rotationPersonnel securityAdministrative controlsFraud prevention - Question #118Security Leadership and Management
Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk even...
Quantitative Risk AnalysisContingency ReserveFinancial Risk ManagementProject Risk Management - Question #119Security Audit Management
Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?
AuditingSecurity Roles and ResponsibilitiesPolicy ComplianceVerification - Question #120Security Operations Management
Which of the following are the process steps of OPSEC? Each correct answer represents a part of the solution. Choose all that apply.
OPSECOperations SecuritySecurity ProcessesRisk Assessment - Question #121Security Leadership and Management
You work as a project manager for SoftTech Inc. A threat with a dollar value of $150,000 is expected to happen in your project and the frequency of threat occurrence per year is 0....
Risk ManagementAnnualized Loss Expectancy (ALE)Quantitative Risk AnalysisRisk Calculation - Question #122Security Leadership and Management
Which of the following are the responsibilities of the owner with regard to data in an information classification program? Each correct answer represents a complete solution. Choos...
Data Owner ResponsibilitiesInformation ClassificationData Roles - Question #123Security Leadership and Management
You work as the Network Administrator for a defense contractor. Your company works with sensitive materials and all IT personnel have at least a secret level clearance. You are sti...
Separation of DutiesInsider Threat MitigationOrganizational SecurityRisk Management - Question #124Security Audit Management
Which of the following statements is true about auditing?
AuditingLoggingSecurity MonitoringAccountability - Question #125Security Operations Management
Fill in the blank with an appropriate phrase. _______is a branch of forensic science pertaining to legal evidence found in computers and digital storage media. Answer: Computer for...
Computer forensicsDigital forensicsEvidence collectionIncident response - Question #126Security Leadership and Management
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk r...
Risk ManagementProject RiskRisk ResponseCorrective Action - Question #127Security Program Development
Mark works as a security manager for SoftTech Inc. He is performing a security awareness program. To be successful in performing the awareness program, he should take into account...
Security Awareness ProgramAudience SegmentationTraining DesignEmployee Education - Question #128Security Leadership and Management
Rachael is the project manager for a large project in her organization. A new change request has been proposed that will affect several areas of the project. One area of the projec...
Contract ManagementVendor ManagementChange ManagementProject Management - Question #129Security Leadership and Management
How many change control systems are there in project management?
Change ManagementProject ManagementConfiguration ManagementSecurity Governance - Question #130Security Program Development
In which of the following phases of the SDLC does the software and other components of the system faithfully incorporate the design specifications and provide proper documentation...
SDLCSoftware DevelopmentTrainingDocumentation - Question #131Security Operations Management
Which of the following signatures watches for the connection attempts to well-known, frequently attacked ports?
IDS/IPSSignature-based detectionNetwork security monitoringThreat detection - Question #132Security Operations Management
Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT Service Management (ITSM) process. Configuration Management is used for which of the fol...
Configuration ManagementITILIT Service ManagementIT Assets - Question #133Foundational Security Concepts
Which of the following protocols are used to provide secure communication between a client and a server over the Internet? Each correct answer represents a part of the solution. Ch...
Secure Communication ProtocolsTLSSSLNetwork Security - Question #134Security Leadership and Management
How can you calculate the Annualized Loss Expectancy (ALE) that may occur due to a threat?
Annualized Loss Expectancy (ALE)Risk ManagementQuantitative Risk AnalysisLoss Expectancy - Question #135Foundational Security Concepts
Which of the following rate systems of the Orange book has no security controls?
Orange BookTCSECSecurity EvaluationTrusted Systems - Question #136Security Leadership and Management
Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative r...
Risk managementRisk registerRisk analysis - Question #137Security Program Development
Which of the following authentication protocols provides support for a wide range of authentication methods, such as smart cards and certificates?
Authentication ProtocolsEAPSmart CardsCertificates - Question #138Security Operations Management
Which of the following test methods has the objective to test the IT system from the viewpoint of a threat-source and to identify potential failures in the IT system protection sch...
Penetration testingSecurity testingVulnerability assessmentThreat simulation - Question #139Security Leadership and Management
Which of the following statements reflect the 'Code of Ethics Preamble' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.
(ISC)2 Code of EthicsProfessional EthicsCertification RequirementsPreamble - Question #140Foundational Security Concepts
Which of the following options is an approach to restricting system access to authorized users?
Access ControlRBACSecurity ModelsAuthorization - Question #141Security Leadership and Management
You are the project manager for TTX project. You have to procure some electronics gadgets for the project. A relative of yours is in the retail business of those gadgets. He approa...
Conflict of interestEthicsProfessional conductProcurement management - Question #142Security Leadership and Management
What course of action can be taken by a party if the current negotiations fail and an agreement cannot be reached?
Negotiation strategyBATNAConflict resolutionDecision making - Question #143Security Leadership and Management
Which of the following terms describes a repudiation of a contract that occurs before the time when performance is due?
Contract lawLegal terminologyBreach of contractAnticipatory breach - Question #144Security Leadership and Management
Which of the following is generally practiced by the police or any other recognized governmental authority?
WiretappingLegal interceptionLaw enforcementInvestigative techniques - Question #145Security Operations Management
Which of the following is a documentation of guidelines that computer forensics experts use to handle evidences?
Computer forensicsEvidence handlingChain of custodyIncident response - Question #146Security Leadership and Management
Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?
Risk ManagementQuantitative Risk AnalysisAnnualized Rate of Occurrence (ARO)Threat Frequency - Question #147Security Leadership and Management
Which of the following statements is related with the second law of OPSEC?
Operations Security (OPSEC)Critical InformationInformation Protection Principles - Question #148Security Program Development
Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the...
Business Continuity PlanningBCP ProcessPlan DevelopmentContinuity Strategy - Question #150Security Leadership and Management
Which of the following Acts enacted in United States allows the FBI to issue National Security Letters (NSLs) to Internet service providers (ISPs) ordering them to disclose records...
National Security Letters (NSLs)Electronic Communications Privacy Act (ECPA)Legal & Regulatory CompliancePrivacy Law - Question #151Security Leadership and Management
You work as a Product manager for Marioiss Inc. You have been tasked to start a project for securing the network of your company. You want to employ configuration management to eff...
Configuration ManagementProject ManagementSecurity Program ManagementChange Management - Question #152Security Operations Management
You company suspects an employee of sending unauthorized emails to competitors. These emails are alleged to contain confidential company dat
Chain of CustodyIncident ResponseDigital ForensicsEvidence Preservation