CISSP-ISSMP : Information Systems Security Management Professional : Part 02

CISSP-ISSMP : Information Systems Security Management Professional : Part 02

  1. You company suspects an employee of sending unauthorized emails to competitors. These emails are alleged to contain confidential company dat a. Which of the following is the most important step for you to take in preserving the chain of custody?

    • Preserve the email server including all logs. 
    • Seize the employee’s PC.
    • Make copies of that employee’s email.
    • Place spyware on the employee’s PC to confirm these activities.

  2. Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the continuity strategy?

    • Business continuity plan development 
    • Business impact assessment
    • Scope and plan initiation
    • Plan approval and implementation

  3. Which of the following statements is related with the second law of OPSEC?

    • If you are not protecting it (the critical and sensitive information), the adversary wins!
    • If you don’t know what to protect, how do you know you are protecting it? 
    • If you don’t know about your security resources you could not protect your network.
    • If you don’t know the threat, how do you know what to protect?

  4. Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur? 

    • Safeguard
    • Single Loss Expectancy (SLE)
    • Exposure Factor (EF)
    • Annualized Rate of Occurrence (ARO)

  5. You work as a Product manager for Marioiss Inc. You have been tasked to start a project for securing the network of your company. You want to employ configuration management to efficiently manage the procedures of the project. What will be the benefits of employing configuration management for completing this project? Each correct answer represents a complete solution. Choose all that apply.

    • It provides object, orient, decide and act strategy.
    • It provides a live documentation of the project. 
    • It provides the risk analysis of project configurations.
    • It provides the versions for network devices.

  6. Which of the following Acts enacted in United States allows the FBI to issue National Security Letters (NSLs) to Internet service providers (ISPs) ordering them to disclose records about their customers?

    • Electronic Communications Privacy Act of 1986 
    • Wiretap Act
    • Computer Fraud and Abuse Act
    • Economic Espionage Act of 1996

  7. SIMULATION

    Fill in the blank with an appropriate phrase.________ An is an intensive application of the OPSEC process to an existing operation or activity by a multidiscipline team of experts.

    • OPSEC assessment

  8. Which of the following methods for identifying appropriate BIA interviewees’ includes examining the organizational chart of the enterprise to understand the functional positions?

    • Organizational chart reviews 
    • Executive management interviews
    • Overlaying system technology
    • Organizational process models

  9. Which of the following statements are true about security risks? Each correct answer represents a complete solution. Choose three.

    • They can be analyzed and measured by the risk analysis process. 
    • They can be removed completely by taking proper actions.
    • They can be mitigated by reviewing and taking responsible actions based on possible risks.
    • They are considered an indicator of threats coupled with vulnerability.

  10. You work as a Web Administrator for Perfect World Inc. The company is planning to host an E-commerce Web site. You are required to design a security plan for it. Client computers with different operating systems will access the Web server. How will you configure the Web server so that it is secure and only authenticated users are able to access it? Each correct answer represents a part of the solution. Choose two.

    • Use encrypted authentication.
    • Use the SSL protocol.
    • Use the EAP protocol.
    • Use Basic authentication.

  11. You have created a team of HR Managers and Project Managers for Blue Well Inc. The team will concentrate on hiring some new employees for the company and improving the organization’s overall security by turning employees among numerous job positions. Which of the following steps will you perform to accomplish the task?

    • Job rotation 
    • Job responsibility
    • Screening candidates
    • Separation of duties

  12. Which of the following architecturally related vulnerabilities is a hardware or software mechanism, which was installed to permit system maintenance and to bypass the system’s security protections?

    • Maintenance hook 
    • Lack of parameter checking
    • Time of Check to Time of Use (TOC/TOU) attack
    • Covert channel

  13. Which of the following BCP teams provides clerical support to the other teams and serves as a message center for the user-recovery site?

    • Security team
    • Data preparation and records team
    • Administrative support team 
    • Emergency operations team

  14. A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark’s financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?

    • Copyright law
    • Trademark law
    • Privacy law 
    • Security law

  15. Which of the following are the examples of administrative controls? Each correct answer represents a complete solution. Choose all that apply.

    • Security awareness training
    • Security policy
    • Data Backup
    • Auditing

  16. Which of the following security issues does the Bell-La Padula model focus on?

    • Authentication
    • Confidentiality
    • Integrity
    • Authorization

  17. Which of the following are examples of physical controls used to prevent unauthorized access to sensitive materials?

    • Thermal alarm systems
    • Closed circuit cameras
    • Encryption
    • Security Guards

  18. Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?

    • Legal representative
    • Technical representative 
    • Lead investigator
    • Information security representative

  19. Which of the following laws enacted in United States makes it illegal for an Internet Service Provider (ISP) to allow child pornography to exist on Web sites?

    • Child Pornography Prevention Act (CPPA)
    • USA PATRIOT Act
    • Prosecutorial Remedies and Tools Against the Exploitation of Children Today Act (PROTECT Act)
    • Sexual Predators Act

  20. Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.

    • Administrative 
    • Automatic
    • Physical
    • Technical
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments