Last Updated on February 27, 2022 by Admin 3

CISSP-ISSMP : Information Systems Security Management Professional : Part 03

  1. Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They’d like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

    • Contingency reserve
    • Contingency reserve 
    • Risk response
    • Risk response plan
  2. Rachael is the project manager for a large project in her organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they’ve already completed the project work they were contracted to do. What can Rachael do in this instance?

    • Threaten to sue the vendor if they don’t complete the work.
    • Fire the vendor for failing to complete the contractual obligation.
    • Withhold the vendor’s payments for the work they’ve completed.
    • Refer to the contract agreement for direction.
  3. Mark works as a security manager for SoftTech Inc. He is performing a security awareness program. To be successful in performing the awareness program, he should take into account the needs and current levels of training and understanding of the employees and audience. There are five key ways, which Mark should keep in mind while performing this activity. Current level of computer usage What the audience really wants to learn How receptive the audience is to the security program How to gain acceptance Who might be a possible ally Which of the following activities is performed in this security awareness process?

    • Separation of duties
    • Stunned owl syndrome
    • Audience participation
    • Audience segmentation
  4. Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event?

    • Earned value management
    • Risk audit
    • Technical performance measurement
    • Corrective action
  5. Which of the following signatures watches for the connection attempts to well-known, frequently attacked ports?

    • Port signatures 
    • Digital signatures
    • Header condition signatures
    • String signatures
  6. In which of the following phases of the SDLC does the software and other components of the system faithfully incorporate the design specifications and provide proper documentation and training?

    • Programming and training 
    • Evaluation and acceptance
    • Initiation
    • Design
  7. How many change control systems are there in project management?

    • 3
    • 4
    • 2
    • 1
  8. SIMULATION

    Fill in the blank with an appropriate phrase. _______is a branch of forensic science pertaining to legal evidence found in computers and digital storage media.

    • Computer forensics
  9. You work as a project manager for SoftTech Inc. A threat with a dollar value of $150,000 is expected to happen in your project and the frequency of threat occurrence per year is 0.001. What will be the annualized loss expectancy in your project?

    • $180.25
    • $150 
    • $100
    • $120
  10. Which of the following are the process steps of OPSEC? Each correct answer represents a part of the solution. Choose all that apply.

    • Analysis of Vulnerabilities 
    • Display of associated vulnerability components
    • Assessment of Risk
    • Identification of Critical Information
  11. Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?

    • Data custodian
    • Auditor 
    • User
    • Data owner
  12. Which of the following statements is true about auditing?

    • It is used to protect the network against virus attacks.
    • It is used to track user accounts for file and object access, logon attempts, etc. 
    • It is used to secure the network or the computers on the network.
    • It is used to prevent unauthorized access to network resources.
  13. You work as the Network Administrator for a defense contractor. Your company works with sensitive materials and all IT personnel have at least a secret level clearance. You are still concerned that one individual could perhaps compromise the network (intentionally or unintentionally) by setting up improper or unauthorized remote access. What is the best way to avoid this problem?

    • Implement separation of duties. 
    • Implement RBAC.
    • Implement three way authentication.
    • Implement least privileges.
  14. Which of the following are the responsibilities of the owner with regard to data in an information classification program? Each correct answer represents a complete solution. Choose three.

    • Determining what level of classification the information requires.
    • Delegating the responsibility of the data protection duties to a custodian.
    • Reviewing the classification assignments at regular time intervals and making changes as the business needs change.
    • Running regular backups and routinely testing the validity of the backup data.
  15. Which of the following is the default port for Simple Network Management Protocol (SNMP)?

    • TCP port 80
    • TCP port 25
    • UDP port 161 
    • TCP port 110
  16. Which of the following laws is defined as the Law of Nations or the legal norms that has developed through the customary exchanges between states over time, whether based on diplomacy or aggression?

    • Customary 
    • Tort
    • Criminal
    • Administrative
  17. Tomas is the project manager of the QWS Project and is worried that the project stakeholders will want to change the project scope frequently. His fear is based on the many open issues in the project and how the resolution of the issues may lead to additional project changes. On what document are Tomas and the stakeholders working in this scenario?

    • Communications management plan
    • Change management plan 
    • Issue log
    • Risk management plan
  18. Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation? 

    • Disaster Recovery Plan
    • Contingency Plan 
    • Continuity Of Operations Plan
    • Business Continuity Plan
  19. You work as the project manager for Bluewell Inc. You are working on NGQQ Project for your company. You have completed the risk analysis processes for the risk events. You and the project team have created risk responses for most of the identified project risks. Which of the following risk response planning techniques will you use to shift the impact of a threat to a third party, together with the responses?

    • Risk mitigation
    • Risk acceptance
    • Risk avoidance
    • Risk transference
  20. Which of the following anti-child pornography organizations helps local communities to create programs and develop strategies to investigate child exploitation? 

    • Internet Crimes Against Children (ICAC)
    • Project Safe Childhood (PSC) 
    • Anti-Child Porn.org
    • Innocent Images National Imitative (IINI)