Last Updated on March 27, 2022 by Admin 3

CISSP-ISSMP : Information Systems Security Management Professional : Part 10

  1. Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.

    • Assessing the impact of potential threats 
    • Identifying the accused
    • Finding an economic balance between the impact of the risk and the cost of the countermeasure 
    • Identifying the risk
  2. You are the project manager of the NGQQ Project for your company. To help you communicate project status to your stakeholders, you are going to create a stakeholder register. All of the following information should be included in the stakeholder register except for which one?

    • Identification information for each stakeholder
    • Assessment information of the stakeholders’ major requirements, expectations, and potential influence
    • Stakeholder classification of their role in the project
    • Stakeholder management strategy
  3. Software Development Life Cycle (SDLC) is a logical process used by programmers to develop software. Which of the following SDLC phases meets the audit objectives defined below: System and data are validated. System meets all user requirements. System meets all control requirements.

    • Programming and training
    • Evaluation and acceptance 
    • Definition
    • Initiation

    Fill in the blank with an appropriate phrase.______________ is used to provide security mechanisms for the storage, processing, and transfer of data.

    • Data classification
  5. Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric’s organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric’s organization liable to pay the ZAS Corporation for the work they have completed so far on the project?

    • Yes, the ZAS Corporation did not choose to terminate the contract work.
    • It depends on what the outcome of a lawsuit will determine.
    • It depends on what the termination clause of the contract stipulates. 
    • No, the ZAS Corporation did not complete all of the work.

    Fill in the blank with the appropriate phrase. ____________ is the ability to record and report on the configuration baselines associated with each configuration item at any moment of time.

    • Configuration status accounting
  7. Which of the following security models focuses on data confidentiality and controlled access to classified information?

    • Bell-La Padula model 
    • Take-Grant model
    • Clark-Wilson model
    • Biba model
  8. You are an Incident manager in Orangesect.Inc. You have been tasked to set up a new extension of your enterprise. The networking, to be done in the new extension, requires different types of cables and an appropriate policy that will be decided by you. Which of the following stages in the Incident handling process involves your decision making?

    • Preparation 
    • Eradication
    • Identification
    • Containment
  9. Which of the following BCP teams handles financial arrangement, public relations, and media inquiries in the time of disaster recovery?

    • Software team
    • Off-site storage team
    • Applications team
    • Emergency-management team
  10. Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

    • Disaster recovery plan
    • Contingency plan 
    • Continuity of Operations Plan
    • Business continuity plan

    Fill in the blank with an appropriate phrase.___________ is the process of using a strategy and plan of what patches should be applied to which systems at a specified time. Correct

    • Patch management
  12. Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

    • Patent 
    • Utility model
    • Snooping
    • Copyright
  13. James works as a security manager for SoftTech Inc. He has been working on the continuous process improvement and on the ordinal scale for measuring the maturity of the organization involved in the software processes. According to James, which of the following maturity levels of software CMM focuses on the continuous process improvement?

    • Repeatable level
    • Defined level
    • Initiating level
    • Optimizing level
  14. Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?

    • The Service Level Manager
    • The Configuration Manager
    • The IT Security Manager 
    • The Change Manager
  15. Mark works as a security manager for SofTech Inc. He is working in a partially equipped office space which contains some of the system hardware, software, telecommunications, and power sources. In which of the following types of office sites is he working?

    • Mobile site
    • Warm site 
    • Cold site
    • Hot site
  16. Which of the following is a process of monitoring data packets that travel across a network?

    • Password guessing
    • Packet sniffing 
    • Shielding
    • Packet filtering
  17. You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location. However, budget is an issue. Which of the following is most appropriate for this client?

    • Cold site
    • Off site
    • Hot site
    • Warm site
  18. Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?

    • Initial analysis, request for service, data collection, data reporting, data analysis
    • Initial analysis, request for service, data collection, data analysis, data reporting
    • Request for service, initial analysis, data collection, data analysis, data reporting 
    • Request for service, initial analysis, data collection, data reporting, data analysis
  19. Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

    • Direct
    • Circumstantial 
    • Incontrovertible
    • Corroborating
  20. Change Management is used to ensure that standardized methods and procedures are used for efficient handling of all changes. Who decides the category of a change?

    • The Problem Manager
    • The Process Manager
    • The Change Manager 
    • The Service Desk
    • The Change Advisory Board