CISSP-ISSMP Practice Questions
223 real CISSP-ISSMP exam questions with expert-verified answers and explanations. Page 5 of 5.
- Question #204Foundational Security Concepts
Which of the following processes is used by remote users to make a secure connection to internal resources after establishing an Internet connection?
Secure Remote AccessVPNTunneling ProtocolsNetwork Security - Question #205Security Leadership and Management
Which of the following is a name, symbol, or slogan with which a product is identified?
Intellectual PropertyTrademarkLegal ConceptsAsset Protection - Question #206Security Leadership and Management
An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?
Privacy policyEmployee monitoringData privacyOrganizational policies - Question #207Security Leadership and Management
Sarah has created a site on which she publishes a copyrighted material. She is ignorant that she is infringing copyright. Is she guilty under copyright laws?
Copyright infringementIntellectual property lawLegal complianceIgnorance of law - Question #208Foundational Security Concepts
Which of the following models uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another subject?
Take-Grant ModelAccess Control ModelsSecurity ModelsInformation Flow - Question #209Security Program Development
Which of the following plans is designed to protect critical business processes from natural or man- made failures or disasters and the resultant loss of capital due to the unavail...
Business Continuity PlanningOrganizational ResilienceRisk ManagementCritical Business Functions - Question #210Foundational Security Concepts
Which of the following concepts represent the three fundamental principles of information security? Each correct answer represents a complete solution. Choose three.
CIA TriadInformation Security PrinciplesConfidentialityIntegrity - Question #211Foundational Security Concepts
Which of the following can be done over telephone lines, e-mail, instant messaging, and any other method of communication considered private.
EavesdroppingCommunication SecurityThreatsConfidentiality - Question #212Security Audit Management
You work as the Senior Project manager in Dotcoiss Inc. Your company has started a software project using configuration management and has completed 70% of it. You need to ensure t...
Configuration ManagementPhysical Configuration AuditCompliance VerificationProject Management - Question #213Foundational Security Concepts
In which of the following mechanisms does an authority, within limitations, specify what objects can be accessed by a subject?
Access ControlDiscretionary Access ControlSecurity Models - Question #214Foundational Security Concepts
Which of the following access control models are used in the commercial sector? Each correct answer represents a complete solution. Choose two.
Access Control ModelsIntegrity ModelsCommercial Security - Question #215Security Operations Management
Which of the following fields of management focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes wi...
Configuration ManagementSystem ConsistencyLifecycle ManagementIT Governance - Question #216Security Operations Management
Which of the following are the ways of sending secure e-mail messages over the Internet? Each correct answer represents a complete solution. Choose two.
Email SecurityPGPS/MIMECryptographic Protocols - Question #217Security Operations Management
You work as a Senior Marketing Manger for Umbrella Inc. You find out that some of the software applications on the systems were malfunctioning and also you were not able to access...
Incident ResponseIncident Handling ProcessIncident IdentificationSecurity Operations - Question #218Security Program Development
Which of the following is the process performed between organizations that have unique hardware or software that cannot be maintained at a hot or warm site?
Reciprocal AgreementsDisaster RecoveryBusiness Continuity PlanningRecovery Strategies - Question #219Foundational Security Concepts
Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?
Computer CrimeFraud TechniquesData Manipulation - Question #220Security Audit Management
Drag and drop the various evidences in the appropriate places. Answer:
Evidence CollectionEvidence ClassificationAudit EvidenceCompliance Documentation - Question #221Security Operations Management
Which of the following penetration testing phases involves reconnaissance or data gathering?
Penetration TestingReconnaissancePre-attack phaseSecurity Assessment - Question #222Security Program Development
Mark works as a security manager for SoftTech Inc. He is involved in the BIA phase to create a document to be used to help understand what impact a disruptive event would have on t...
Business Impact AnalysisBusiness ContinuityRisk ManagementRecovery Planning - Question #223Security Program Development
Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency,...
Contingency PlanningBusiness Continuity ManagementDisaster RecoveryRisk Response - Question #224Foundational Security Concepts
Which of the following protocols is used with a tunneling protocol to provide security?
IPSecNetwork SecurityTunnelingVPN Protocols - Question #225Security Leadership and Management
Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment withi...
Incident DocumentationLegal & Regulatory ComplianceWorkplace SecurityRisk Management - Question #226Security Program Development
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December...
DIACAPCertification and AccreditationDoD Security FrameworksInformation Assurance