CISSP-ISSMP : Information Systems Security Management Professional : Part 01

CISSP-ISSMP : Information Systems Security Management Professional : Part 01

1. You are the project manager for TTX project. You have to procure some electronics gadgets for the project. A relative of yours is in the retail business of those gadgets. He approaches you for your favor to get the order. This is the situation of ____. 

   • Conflict of interest 
   • Bribery
   • Illegal practice
   • Irresponsible practice

2. Which of the following options is an approach to restricting system access to authorized users?

   • DAC
   • MIC
   • RBAC 
   • MAC

3. Which of the following statements reflect the ‘Code of Ethics Preamble’ in the ‘(ISC)2 Code of Ethics’? Each correct answer represents a complete solution. Choose all that apply.

   • Strict adherence to this Code is a condition of certification.
   • Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.
   • Advance and protect the profession.
   • Provide diligent and competent service to principals.

4. Which of the following is generally practiced by the police or any other recognized governmental authority?

   • Phishing
   • Wiretapping
   • SMB signing
   • Spoofing

5. Which of the following terms describes a repudiation of a contract that occurs before the time when performance is due?

   • Expected breach
   • Actual breach
   • Anticipatory breach 
   • Nonperforming breach

6. What course of action can be taken by a party if the current negotiations fail and an agreement cannot be reached?

   • ZOPA
   • PON
   • Bias
   • BATNA

7. Which of the following test methods has the objective to test the IT system from the viewpoint of a threat-source and to identify potential failures in the IT system protection schemes?

   • Penetration testing 
   • On-site interviews
   • Security Test and Evaluation (ST&E)
   • Automated vulnerability scanning tool

8. How can you calculate the Annualized Loss Expectancy (ALE) that may occur due to a threat?

   • Single Loss Expectancy (SLE)/ Exposure Factor (EF)
   • Asset Value X Exposure Factor (EF)
   • Exposure Factor (EF)/Single Loss Expectancy (SLE)
   • Single Loss Expectancy (SLE) X Annualized Rate of Occurrence (ARO)

9. Which of the following protocols are used to provide secure communication between a client and a server over the Internet? Each correct answer represents a part of the solution. Choose two.

   • TLS 
   • HTTP
   • SNMP
   • SSL

10. Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT Service Management (ITSM) process. Configuration Management is used for which of the following? 1.To account for all IT assets 2.To provide precise information support to other ITIL disciplines 3.To provide a solid base only for Incident and Problem Management 4.To verify configuration records and correct any exceptions

    • 1, 3, and 4 only
    • 2 and 4 only
    • 1, 2, and 4 only 
    • 2, 3, and 4 only

11. Which of the following authentication protocols provides support for a wide range of authentication methods, such as smart cards and certificates?

    • PAP
    • EAP 
    • MS-CHAP v2
    • CHAP

12. Which of the following documents is described in the statement below? “It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning.”

    • Risk register 
    • Risk management plan
    • Quality management plan
    • Project charter

13. Which of the following rate systems of the Orange book has no security controls?

    • D-rated 
    • C-rated
    • E-rated
    • A-rated

14. Which of the following is a documentation of guidelines that computer forensics experts use to handle evidences?

    • Evidence access policy
    • Incident response policy
    • Chain of custody 
    • Chain of evidence

15. Which of the following backup sites takes the longest recovery time?

    • Cold site 
    • Hot site
    • Warm site
    • Mobile backup site

16. Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?

    • Utility model
    • Cookie
    • Copyright
    • Trade secret

17. Which of the following are the levels of public or commercial data classification system? Each correct answer represents a complete solution. Choose all that apply.

    • Secret
    • Sensitive 
    • Unclassified
    • Private
    • Confidential
    • Public

18. Which of the following attacks can be mitigated by providing proper training to the employees in an organization?

    • Social engineering 
    • Smurf
    • Denial-of-Service
    • Man-in-the-middle

19. The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typical areas for improvement? Each correct answer represents a complete solution. Choose all that apply.

    • Information dissemination policy
    • Electronic monitoring statement
    • Additional personnel security controls
    • Incident response plan

20. John works as a security manager for Soft Tech Inc. He is working with his team on the disaster recovery management plan. One of his team members has a doubt related to the most cost effective DRP testing plan. According to you, which of the following disaster recovery testing plans is the most cost-effective and efficient way to identify areas of overlap in the plan before conducting more demanding training exercises?

    • Full-scale exercise
    • Walk-through drill
    • Evacuation drill
    • Structured walk-through test