CISSP-ISSMP : Information Systems Security Management Professional : Part 06
-
Which of the following SDLC phases consists of the given security controls. Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases Generation
- Design
- Maintenance
- Deployment
- Requirements Gathering
-
Which of the following rated systems of the Orange book has mandatory protection of the TCB?
- B-rated
- C-rated
- D-rated
- A-rated
-
Which of the following steps are generally followed in computer forensic examinations? Each correct answer represents a complete solution. Choose three.
- Acquire
- Analyze
- Authenticate
- Encrypt
-
Which of the following is used to back up forensic evidences or data folders from the network or locally attached hard disk drives?
- WinHex
- Vedit
- Device Seizure
- FAR system
-
Which of the following is the default port for Secure Shell (SSH)?
- UDP port 161
- TCP port 22
- UDP port 138
- TCP port 443
-
Mark is the project manager of the NHQ project in Spartech Inc. The project has an asset valued at $195,000 and is subjected to an exposure factor of 35 percent. What will be the Single Loss Expectancy of the project?
- $92,600
- $67,250
- $68,250
- $72,650
-
Management has asked you to perform a risk audit and report back on the results. Bonny, a project team member asks you what a risk audit is. What do you tell Bonny?
- A risk audit is a review of all the risks that have yet to occur and what their probability of happening are.
- A risk audit is a review of the effectiveness of the risk responses in dealing with identified risks and their root causes, as well as the effectiveness of the risk management process.
- A risk audit is a review of all the risk probability and impact for the risks, which are still present in the project but which have not yet occurred.
- A risk audit is an audit of all the risks that have occurred in the project and what their true impact on cost and time has been.
-
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.
- System Definition
- Accreditation
- Verification
- Re-Accreditation
- Validation
- Identification
-
You work as a security manager for SoftTech Inc. You along with your team are doing the disaster recovery for your project. Which of the following steps are performed by you for secure recovery based on the extent of the disaster and the organization’s recovery ability? Each correct answer represents a part of the solution. Choose three.
- Recover to an alternate site for critical functions
- Restore full system at an alternate operating site
- Restore full system after a catastrophic loss
- Recover at the primary operating site
-
Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?
- Risk mitigation
- Risk transfer
- Risk acceptance
- Risk avoidance
-
A contract cannot have provisions for which one of the following?
- Subcontracting the work
- Penalties and fines for disclosure of intellectual rights
- A deadline for the completion of the work
- Illegal activities
-
Which of the following analysis provides a foundation for measuring investment of time, money and human resources required to achieve a particular outcome?
- Vulnerability analysis
- Cost-benefit analysis
- Gap analysis
- Requirement analysis
-
What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?
- Scope Verification
- Project Management Information System
- Integrated Change Control
- Configuration Management System
-
You are responsible for network and information security at a metropolitan police station. The most important concern is that unauthorized parties are not able to access data. What is this called?
- Availability
- Encryption
- Integrity
- Confidentiality
-
You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. One of the employees of your organization asks you the purpose of the security awareness, training and education program. What will be your answer?
- It improves the possibility for career advancement of the IT staff.
- It improves the security of vendor relations.
- It improves the performance of a company’s intranet.
- It improves awareness of the need to protect system resources.
-
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
- SSAA
- FITSAF
- FIPS
- TCSEC
-
Which of the following can be prevented by an organization using job rotation and separation of duties policies?
- Collusion
- Eavesdropping
- Buffer overflow
- Phishing
-
Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.
- Vulnerability Assessment and Penetration Testing
- Security Certification and Accreditation (C&A)
- Change and Configuration Control
- Risk Adjustments
-
You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?
- Risk management plan
- Lessons learned documentation
- Risk register
- Stakeholder management strategy
-
What are the purposes of audit records on an information system? Each correct answer represents a complete solution. Choose two.
- Troubleshooting
- Investigation
- Upgradation
- Backup
Subscribe
0 Comments
Newest