ISSMP Information Systems Security Management Professional Questions and Answers

Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?

Which of the following access control models are used in the commercial sector? Each correct answer represents a complete solution. Choose two.

Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the continuity strategy?

Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.

Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?

Which of the following refers to the ability to ensure that the data is not modified or tampered with?

NIST Special Publication 800-50 is a security awareness program. It is designed for those people who are currently working in the information technology field and want information on security policies. Which of the following are some of its critical steps? Each correct answer represents a complete solution. Choose two.

Which of the following needs to be documented to preserve evidences for presentation in court?

Mark works as a security manager for SoftTech Inc. He is performing a security awareness program. To be successful in performing the awareness program, he should take into account the needs and current levels of training and understanding of the employees and audience. There are five key ways, which Mark should keep in mind while performing this activity. Current level of computer usage What the audience really wants to learn How receptive the audience is to the security program How to gain acceptance Who might be a possible ally Which of the following activities is performed in this security awareness process?

A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

Which of the following is the best method to stop vulnerability attacks on a Web server?

Which of the following rated systems of the Orange book has mandatory protection of the TCB?

You are the program manager for your project. You are working with the project managers regarding the procurement processes for their projects. You have ruled out one particular contract type because it is considered too risky for the program. Which one of the following contract types is usually considered to be the most dangerous for the buyer?

Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

What course of action can be taken by a party if the current negotiations fail and an agreement cannot be reached?

Which of the following statements is related with the second law of OPSEC?

Which of the following are the levels of public or commercial data classification system? Each correct answer represents a complete solution. Choose all that apply.

Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three.

Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment within the work place. Peter started with the definition and types of sexual harassment. He then wants to convey that it is important that records of the sexual harassment incidents should be maintained, which helps in further legal prosecution. Which of the following data should be recorded in this documentation? Each correct answer represents a complete solution. Choose all that apply.

Which of the following terms describes a repudiation of a contract that occurs before the time when performance is due?

Fill in the blank with an appropriate phrase.___________ is the process of using a strategy and plan of what patches should be applied to which systems at a specified time. Correct

Which of the following protocols is used with a tunneling protocol to provide security?

Which of the following types of agreement creates a confidential relationship between the parties to protect any type of confidential and proprietary information or a trade secret?

Which of the following statements about the availability concept of Information security management is true?

Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.

You work as a security manager for SoftTech Inc. You along with your team are doing the disaster recovery for your project. Which of the following steps are performed by you for secure recovery based on the extent of the disaster and the organization's recovery ability? Each correct answer represents a part of the solution. Choose three.

Which of the following laws or acts, formed in Australia, enforces prohibition against cyber stalking?

Which of the following sections come under the ISO/IEC 27002 standard?