Last Updated on February 27, 2022 by Admin 3

CISSP-ISSMP : Information Systems Security Management Professional : Part 11

  1. Which of the following statements is related with the first law of OPSEC?

    • If you are not protecting it (the critical and sensitive information), the adversary wins!
    • If you don’t know what to protect, how do you know you are protecting it?
    • If you don’t know about your security resources you could not protect your network.
    • If you don’t know the threat, how do you know what to protect?
  2. The goal of Change Management is to ensure that standardized methods and procedures are used for efficient handling of all changes. Which of the following are Change Management terminologies? Each correct answer represents a part of the solution. Choose three.

    • Request for Change 
    • Service Request Management
    • Change 
    • Forward Schedule of Changes
  3. Which of the following policies helps reduce the potential damage from the actions of one person?

    • CSA
    • Risk assessment
    • Separation of duties 
    • Internal audit
  4. Which of the following Acts enacted in United States amends Civil Rights Act of 1964, providing technical changes affecting the length of time allowed to challenge unlawful seniority provisions, to sue the federal government for discrimination and to bring age discrimination claims?

    • PROTECT Act
    • Sexual Predators Act
    • Civil Rights Act of 1991 
    • The USA Patriot Act of 2001
  5. You are documenting your organization’s change control procedures for project management. What portion of the change control process oversees features and functions of the product scope?

    • Configuration management 
    • Product scope management is outside the concerns of the project.
    • Scope change control system
    • Project integration management
  6. Which of the following is a documentation of guidelines that are used to create archival copies of important data?

    • User policy
    • Security policy
    • Audit policy
    • Backup policy
  7. What are the steps related to the vulnerability management program? Each correct answer represents a complete solution. Choose all that apply.

    • Maintain and Monitor 
    • Organization Vulnerability
    • Define Policy 
    • Baseline the Environment
  8. Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one?

    • Configuration Verification and Auditing
    • Configuration Item Costing
    • Configuration Identification
    • Configuration Status Accounting
  9. Which of the following types of agreement creates a confidential relationship between the parties to protect any type of confidential and proprietary information or a trade secret?

    • SLA
    • NDA 
    • Non-price competition
    • CNC
  10. Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

    • Safeguard
    • Single Loss Expectancy (SLE)
    • Exposure Factor (EF)
    • Annualized Rate of Occurrence (ARO)
  11. Which of the following deals is a binding agreement between two or more persons that is enforceable by law?

    • Outsource
    • Proposal
    • Contract 
    • Service level agreement
  12. Which of the following statements about Due Care policy is true?

    • It is a method used to authenticate users on a network.
    • It is a method for securing database servers.
    • It identifies the level of confidentiality of information. 
    • It provides information about new viruses.
  13. Which of the following statements best describes the consequences of the disaster recovery plan test?

    • If no deficiencies were found during the test, then the test was probably flawed. 
    • The plan should not be changed no matter what the results of the test would be.
    • The results of the test should be kept secret.
    • If no deficiencies were found during the test, then the plan is probably perfect.
  14. Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two.

    • Assuring the integrity of organizational data
    • Building Risk free systems
    • Risk control 
    • Risk identification
  15. Which of the following enables an inventor to legally enforce his right to exclude others from using his invention?

    • Spam
    • Patent 
    • Artistic license
    • Phishing
  16. Which of the following issues are addressed by the change control phase in the maintenance phase of the life cycle models? Each correct answer represents a complete solution. Choose all that apply.

    • Performing quality control 
    • Recreating and analyzing the problem 
    • Developing the changes and corresponding tests
    • Establishing the priorities of requests
  17. Which of the following statements reflect the ‘Code of Ethics Canons’ in the ‘(ISC)2 Code of Ethics’? Each correct answer represents a complete solution. Choose all that apply.

    • Provide diligent and competent service to principals. 
    • Protect society, the commonwealth, and the infrastructure. 
    • Give guidance for resolving good versus good and bad versus bad dilemmas. 
    • Act honorably, honestly, justly, responsibly, and legally.
  18. Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP) ?

    • UDP port 161
    • TCP port 443
    • TCP port 110
    • UDP port 1701