CISSP-ISSMP : Information Systems Security Management Professional : Part 05

CISSP-ISSMP : Information Systems Security Management Professional : Part 05

  1. An organization monitors the hard disks of its employees’ computers from time to time. Which policy does this pertain to?

    • Network security policy
    • Backup policy
    • Privacy policy 
    • User password policy

  2. Which of the following is a name, symbol, or slogan with which a product is identified?

    • Copyright
    • Trademark 
    • Trade secret
    • Patent

  3. Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee’s computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

    • Availability
    • Confidentiality 
    • Integrity
    • Authenticity

  4. You are the Network Administrator for a college. You watch a large number of people (some not even students) going in and out of areas with campus computers (libraries, computer labs, etc.). You have had a problem with laptops being stolen. What is the most cost effective method to prevent this?

    • Video surveillance on all areas with computers.
    • Use laptop locks. 
    • Appoint a security guard.
    • Smart card access to all areas with computers.

  5. You are the program manager for your project. You are working with the project managers regarding the procurement processes for their projects. You have ruled out one particular contract type because it is considered too risky for the program. Which one of the following contract types is usually considered to be the most dangerous for the buyer?

    • Cost plus incentive fee
    • Fixed fee
    • Cost plus percentage of costs 
    • Time and materials

  6. Which of the following types of cyber stalking damage the reputation of their victim and turn other people against them by setting up their own Websites, blogs or user pages for this purpose?

    • Encouraging others to harass the victim
    • False accusations 
    • Attempts to gather information about the victim
    • False victimization

  7. In which of the following contract types, the seller is reimbursed for all allowable costs for performing the contract work and receives a fixed fee payment which is calculated as a percentage of the initial estimated project costs?

    • Firm Fixed Price Contracts
    • Cost Plus Fixed Fee Contracts 
    • Fixed Price Incentive Fee Contracts
    • Cost Plus Incentive Fee Contracts

  8. Which of the following plans provides procedures for recovering business operations immediately following a disaster?

    • Disaster recovery plan
    • Business continuity plan
    • Continuity of operation plan
    • Business recovery plan

  9. NIST Special Publication 800-50 is a security awareness program. It is designed for those people who are currently working in the information technology field and want information on security policies. Which of the following are some of its critical steps? Each correct answer represents a complete solution. Choose two.

    • Awareness and Training Material Effectiveness
    • Awareness and Training Material Development 
    • Awareness and Training Material Implementation
    • Awareness and Training Program Design

  10. Which of the following are the responsibilities of a custodian with regard to data in an information classification program? Each correct answer represents a complete solution. Choose three.

    • Determining what level of classification the information requires
    • Running regular backups and routinely testing the validity of the backup data
    • Controlling access, adding and removing privileges for individual users
    • Performing data restoration from the backups when necessary

  11. You work as a Forensic Investigator. Which of the following rules will you follow while working on a case? Each correct answer represents a part of the solution. Choose all that apply.

    • Prepare a chain of custody and handle the evidence carefully.
    • Examine original evidence and never rely on the duplicate evidence.
    • Never exceed the knowledge base of the forensic investigation.
    • Follow the rules of evidence and never temper with the evidence.

  12. Which of the following is a variant with regard to Configuration Management? 

    • A CI that has the same name as another CI but shares no relationship.
    • A CI that particularly refers to a hardware specification.
    • A CI that has the same essential functionality as another CI but a bit different in some small manner. 
    • A CI that particularly refers to a software version.

  13. Which of the following statements are true about a hot site? Each correct answer represents a complete solution. Choose all that apply.

    • It can be used within an hour for data recovery. 
    • It is cheaper than a cold site but more expensive than a worm site.
    • It is the most inexpensive backup site.
    • It is a duplicate of the original site of the organization, with full computer systems as well as near-complete backups of user data.

  14. John is a black hat hacker. FBI arrested him while performing some email scams. Under which of the following US laws will john be charged?

    • 18 U.S.C. 1362
    • 18 U.S.C. 1030 
    • 18 U.S.C. 2701
    • 18 U.S.C. 2510

  15. Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two.

    • It uses TCP port 80 as the default port.
    • It is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site.
    • It uses TCP port 443 as the default port.
    • It is a protocol used to provide security for a database server in an internal network.

  16. Which of the following processes is a structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state?

    • Risk management
    • Configuration management
    • Change management 
    • Procurement management

  17. Which of the following ‘Code of Ethics Canons’ of the ‘(ISC)2 Code of Ethics’ states to act honorably, honestly, justly, responsibly and legally? 

    • Second Code of Ethics Canons 
    • Fourth Code of Ethics Canons
    • First Code of Ethics Canons
    • Third Code of Ethics Canons

  18. You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. Which of the following ideas will you consider the best when conducting a security awareness campaign?

    • Target system administrators and the help desk.
    • Provide technical details on exploits.
    • Provide customized messages for different groups. 
    • Target senior managers and business process owners.

  19. Which of the following methods can be helpful to eliminate social engineering threat? Each correct answer represents a complete solution. Choose three.

    • Password policies
    • Vulnerability assessments
    • Data encryption
    • Data classification

  20. Which of the following liabilities is a third-party liability in which an individual may be responsible for an action by another party?

    • Relational liability
    • Engaged liability
    • Contributory liability
    • Vicarious liability
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments