CISSP-ISSMP : Information Systems Security Management Professional : Part 09

CISSP-ISSMP : All Parts

CISSP-ISSMP : Information Systems Security Management Professional : All Parts
CISSP-ISSMP Part 01	CISSP-ISSMP Part 04	CISSP-ISSMP Part 07	CISSP-ISSMP Part 10
CISSP-ISSMP Part 02	CISSP-ISSMP Part 05	CISSP-ISSMP Part 08	CISSP-ISSMP Part 11
CISSP-ISSMP Part 03	CISSP-ISSMP Part 06	CISSP-ISSMP Part 09

You work as a Network Administrator for ABC Inc. The company uses a secure wireless network. John complains to you that his computer is not working properly. What type of security audit do you need to conduct to resolve the problem?
- Operational audit
- Dependent audit
- Non-operational audit
- Independent audit
Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.
- Data downloading from the Internet
- File and object access
- Network logons and logoffs
- Printer access
Which of the following relies on a physical characteristic of the user to verify his identity?
- Social Engineering
- Kerberos v5
- Biometrics
- CHAP
Which of the following response teams aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large?
- CSIRT
- CERT
- FIRST
- FedCIRC
Which of the following needs to be documented to preserve evidences for presentation in court?
- Separation of duties
- Account lockout policy
- Incident response policy
- Chain of custody
Which of the following tools works by using standard set of MS-DOS commands and can create an MD5 hash of an entire drive, partition, or selected files?
- Device Seizure
- Ontrack
- DriveSpy
- Forensic Sorter
Which of the following are the levels of military data classification system? Each correct answer represents a complete solution. Choose all that apply.
- Sensitive
- Top Secret
- Confidential
- Secret
- Unclassified
- Public
Which of the following security models deal only with integrity? Each correct answer represents a complete solution. Choose two.
- Biba-Wilson
- Clark-Wilson
- Bell-LaPadula
- Biba
Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?
- The Fair Credit Reporting Act (FCRA)
- The Privacy Act
- The Electronic Communications Privacy Act
- The Equal Credit Opportunity Act (ECOA)
Which of the following statements best explains how encryption works on the Internet?
- Encryption encodes information using specific algorithms with a string of numbers known as a key.
- Encryption validates a username and password before sending information to the Web server.
- Encryption allows authorized users to access Web sites that offer online shopping.
- Encryption helps in transaction processing by e-commerce servers on the Internet.
Which of the following processes will you involve to perform the active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures?
- Penetration testing
- Risk analysis
- Baselining
- Compliance checking
Which of the following access control models uses a predefined set of access privileges for an object of a system?
- Role-Based Access Control
- Mandatory Access Control
- Policy Access Control
- Discretionary Access Control
Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?
- 18 U.S.C. 1362
- 18 U.S.C. 1030
- 18 U.S.C. 1029
- 18 U.S.C. 2701
- 18 U.S.C. 2510
Which of the following sections come under the ISO/IEC 27002 standard?
- Financial assessment
- Asset management
- Security policy
- Risk assessment
Which of the following administrative policy controls is usually associated with government classifications of materials and the clearances of individuals to access those materials?
- Separation of Duties
- Due Care
- Acceptable Use
- Need to Know
Which of the following is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems?
- IDS
- OPSEC
- HIDS
- NIDS
Which of the following statements about the availability concept of Information security management is true?
- It determines actions and behaviors of a single individual within a system.
- It ensures reliable and timely access to resources.
- It ensures that unauthorized modifications are not made to data by authorized personnel or processes.
- It ensures that modifications are not made to data by unauthorized personnel or processes.
Rick is the project manager for TTM project. He is in the process of procuring services from vendors. He makes a contract with a vendor in which he precisely specify the services to be procured, and any changes to the procurement specification will increase the costs to the buyer. Which type of contract is this?
- Firm Fixed Price
- Fixed Price Incentive Fee
- Cost Plus Fixed Fee Contract
- Fixed Price with Economic Price Adjustment
Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major goal of a disaster recovery plan is to provide an organized way to make decisions if a disruptive event occurs and asks for the other objectives of the DRP. If you are among some of the newly recruited personnel in SoftTech Inc, what will be your answer for her question? Each correct answer represents a part of the solution. Choose three.
- Protect an organization from major computer services failure.
- Minimize the risk to the organization from delays in providing services.
- Guarantee the reliability of standby systems through testing and simulation.
- Maximize the decision-making required by personnel during a disaster.
You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?
- Quantitative risk analysis
- Qualitative risk analysis
- Requested changes
- Risk audits

CISSP-ISSMP : All Parts

CISSP-ISSMP : Information Systems Security Management Professional : All Parts
CISSP-ISSMP Part 01	CISSP-ISSMP Part 04	CISSP-ISSMP Part 07	CISSP-ISSMP Part 10
CISSP-ISSMP Part 02	CISSP-ISSMP Part 05	CISSP-ISSMP Part 08	CISSP-ISSMP Part 11
CISSP-ISSMP Part 03	CISSP-ISSMP Part 06	CISSP-ISSMP Part 09

CISSP-ISSMP : Information Systems Security Management Professional : Part 09

You work as a Network Administrator for ABC Inc. The company uses a secure wireless network. John complains to you that his computer is not working properly. What type of security audit do you need to conduct to resolve the problem?

Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.

Which of the following relies on a physical characteristic of the user to verify his identity?

Which of the following response teams aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large?

Which of the following needs to be documented to preserve evidences for presentation in court?

Which of the following tools works by using standard set of MS-DOS commands and can create an MD5 hash of an entire drive, partition, or selected files?

Which of the following are the levels of military data classification system? Each correct answer represents a complete solution. Choose all that apply.

Which of the following security models deal only with integrity? Each correct answer represents a complete solution. Choose two.

Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?

Which of the following statements best explains how encryption works on the Internet?

Which of the following access control models uses a predefined set of access privileges for an object of a system?

Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?

Which of the following sections come under the ISO/IEC 27002 standard?

Which of the following administrative policy controls is usually associated with government classifications of materials and the clearances of individuals to access those materials?

Which of the following is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems?

Which of the following statements about the availability concept of Information security management is true?

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?