CISSP-ISSMP Practice Questions

Which of the following are the levels of public or commercial data classification system? Each correct answer represents a complete solution. Choose all that apply.

Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain...

Which of the following backup sites takes the longest recovery time?

John works as a security manager for Soft Tech Inc. He is working with his team on the disaster recovery management plan. One of his team members has a doubt related to the most co...

The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next ti...

Which of the following attacks can be mitigated by providing proper training to the employees in an organization?

Which of the following is the default port for Simple Network Management Protocol (SNMP)?

Which of the following is a variant with regard to Configuration Management?

You work as a Forensic Investigator. Which of the following rules will you follow while working on a case? Each correct answer represents a part of the solution. Choose all that ap...

Which of the following are the responsibilities of a custodian with regard to data in an information classification program? Each correct answer represents a complete solution. Cho...

Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two.

John is a black hat hacker. FBI arrested him while performing some email scams. Under which of the following US laws will john be charged?

Which of the following statements are true about a hot site? Each correct answer represents a complete solution. Choose all that apply.

NIST Special Publication 800-50 is a security awareness program. It is designed for those people who are currently working in the information technology field and want information...

You are the program manager for your project. You are working with the project managers regarding the procurement processes for their projects. You have ruled out one particular co...

You are the Network Administrator for a college. You watch a large number of people (some not even students) going in and out of areas with campus computers (libraries, computer la...

Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptiti...

Which of the following plans provides procedures for recovering business operations immediately following a disaster?

In which of the following contract types, the seller is reimbursed for all allowable costs for performing the contract work and receives a fixed fee payment which is calculated as...

Which of the following types of cyber stalking damage the reputation of their victim and turn other people against them by setting up their own Websites, blogs or user pages for th...

Which of the following processes is a structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state?

Mark is the project manager of the NHQ project in Spartech Inc. The project has an asset valued at $195,000 and is subjected to an exposure factor of 35 percent. What will be the S...

Which of the following is the default port for Secure Shell (SSH)?

Drop the appropriate value to complete the formula. Answer:

Which of the following is used to back up forensic evidences or data folders from the network or locally attached hard disk drives?

You work as a security manager for SoftTech Inc. You along with your team are doing the disaster recovery for your project. Which of the following steps are performed by you for se...

Which of the following BCP teams handles financial arrangement, public relations, and media inquiries in the time of disaster recovery?

Management has asked you to perform a risk audit and report back on the results. Bonny, a project team member asks you what a risk audit is. What do you tell Bonny?

Which of the following steps are generally followed in computer forensic examinations? Each correct answer represents a complete solution. Choose three.

Which of the following methods can be helpful to eliminate social engineering threat? Each correct answer represents a complete solution. Choose three.

You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. Which of the following ideas will you consider the best when c...

Which of the following 'Code of Ethics Canons' of the '(ISC)2 Code of Ethics' states to act honorably, honestly, justly, responsibly and legally?

Which of the following rated systems of the Orange book has mandatory protection of the TCB?

Which of the following SDLC phases consists of the given security controls. Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requireme...

Which of the following liabilities is a third-party liability in which an individual may be responsible for an action by another party?

Which of the following measurements of an enterprise's security state is the process whereby an organization establishes the parameters within which programs, investments, and acqu...

You are the Network Administrator for a software company. Due to the nature of your company's business, you have a significant number of highly computer savvy users. However, you h...

Which of the following are examples of administrative controls that involve all levels of employees within an organization and determine which users have access to what resources a...

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information as...

Which of the following governance bodies provides management, operational and technical controls to satisfy security requirements?

Which of the following divisions of the Trusted Computer System Evaluation Criteria (TCSEC) is based on the Mandatory Access Control (MAC) policy?

Which of the following sites are similar to the hot site facilities, with the exception that they are completely dedicated, self-developed recovery facilities?

Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will...

Tomas is the project manager of the QWS Project and is worried that the project stakeholders will want to change the project scope frequently. His fear is based on the many open is...

Which of the following laws is defined as the Law of Nations or the legal norms that has developed through the customary exchanges between states over time, whether based on diplom...

Which of the following refers to the ability to ensure that the data is not modified or tampered with?

Which of the following anti-child pornography organizations helps local communities to create programs and develop strategies to investigate child exploitation?

You work as the project manager for Bluewell Inc. You are working on NGQQ Project for your company. You have completed the risk analysis processes for the risk events. You and the...

Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three.

In which of the following alternative processing sites is the backup facility maintained in a constant order, with a full complement of servers, workstations, and communication lin...