CISSP-ISSMP : Information Systems Security Management Professional : Part 08

CISSP-ISSMP : Information Systems Security Management Professional : Part 08

1. Which of the following characteristics are described by the DIAP Information Readiness Assessment function? Each correct answer represents a complete solution. Choose all that apply.

   • It performs vulnerability/threat analysis assessment. 
   • It identifies and generates IA requirements. 
   • It provides data needed to accurately assess IA readiness. 
   • It provides for entry and storage of individual system data.

2. Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?

   • Non-repudiation 
   • Confidentiality
   • Authentication
   • Integrity

3. Mark works as a security manager for SoftTech Inc. He is involved in the BIA phase to create a document to be used to help understand what impact a disruptive event would have on the business. The impact might be financial or operational. Which of the following are the objectives related to the above phase in which Mark is involved? Each correct answer represents a part of the solution. Choose three.

   • Resource requirements identification 
   • Criticality prioritization 
   • Down-time estimation 
   • Performing vulnerability assessment

4. You work as a Senior Marketing Manger for Umbrella Inc. You find out that some of the software applications on the systems were malfunctioning and also you were not able to access your remote desktop session. You suspected that some malicious attack was performed on the network of the company. You immediately called the incident response team to handle the situation who enquired the Network Administrator to acquire all relevant information regarding the malfunctioning. The Network Administrator informed the incident response team that he was reviewing the security of the network which caused all these problems. Incident response team announced that this was a controlled event not an incident. Which of the following steps of an incident handling process was performed by the incident response team?

   • Containment
   • Eradication
   • Preparation
   • Identification

5. Which of the following are the ways of sending secure e-mail messages over the Internet? Each correct answer represents a complete solution. Choose two.

   • TLS
   • PGP 
   • S/MIME 
   • IPSec

6. Which of the following fields of management focuses on establishing and maintaining consistency of a system’s or product’s performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?

   • Configuration management 
   • Risk management
   • Procurement management
   • Change management

7. Which of the following penetration testing phases involves reconnaissance or data gathering?

   • Attack phase
   • Pre-attack phase 
   • Post-attack phase
   • Out-attack phase

8. Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud? 

   • Data diddling 
   • Wiretapping
   • Eavesdropping
   • Spoofing

9. Which of the following is the process performed between organizations that have unique hardware or software that cannot be maintained at a hot or warm site?

   • Cold sites arrangement
   • Business impact analysis
   • Duplicate processing facilities
   • Reciprocal agreements

10. Which of the following is the best method to stop vulnerability attacks on a Web server?

    • Using strong passwords
    • Configuring a firewall
    • Implementing the latest virus scanner
    • Installing service packs and updates

11. Which of the following statements about system hardening are true? Each correct answer represents a complete solution. Choose two.

    • It can be achieved by installing service packs and security updates on a regular basis. 
    • It is used for securing the computer hardware.
    • It can be achieved by locking the computer room.
    • It is used for securing an operating system.

12. You are the project manager of the GHE Project. You have identified the following risks with the characteristics as shown in the following figure:

    

    How much capital should the project set aside for the risk contingency reserve?

    • $142,000
    • $232,000
    • $41,750
    • $23,750

13. SIMULATION

    Fill in the blank with an appropriate phrase.________ models address specifications, requirements, and design, verification and validation, and maintenance activities.

    • Life cycle

14. Walter is the project manager of a large construction project. He’ll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

    • Project contractual relationship with the vendor 
    • Project management plan 
    • Project communications plan
    • Project scope statement

15. Which of the following processes is described in the statement below? “It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project.”

    • Monitor and Control Risks 
    • Identify Risks
    • Perform Qualitative Risk Analysis
    • Perform Quantitative Risk Analysis

16. Which of the following are the common roles with regard to data in an information classification program? Each correct answer represents a complete solution. Choose all that apply.

    • Editor
    • Custodian 
    • Owner 
    • Security auditor 
    • User

17. Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems?

    • Gramm-Leach-Bliley Act
    • Computer Fraud and Abuse Act 
    • Computer Security Act
    • Digital Millennium Copyright Act

18. Which of the following security models dictates that subjects can only access objects through applications?

    • Biba-Clark model
    • Bell-LaPadula
    • Clark-Wilson 
    • Biba model

19. Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster?

    • Emergency-management team
    • Damage-assessment team
    • Off-site storage team
    • Emergency action team

20. Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?

    • Managed level
    • Defined level
    • Fundamental level 
    • Repeatable level