CISSP-ISSMP : Information Systems Security Management Professional : Part 10

CISSP-ISSMP : All Parts

CISSP-ISSMP : Information Systems Security Management Professional : All Parts
CISSP-ISSMP Part 01	CISSP-ISSMP Part 04	CISSP-ISSMP Part 07	CISSP-ISSMP Part 10
CISSP-ISSMP Part 02	CISSP-ISSMP Part 05	CISSP-ISSMP Part 08	CISSP-ISSMP Part 11
CISSP-ISSMP Part 03	CISSP-ISSMP Part 06	CISSP-ISSMP Part 09

Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.
- Assessing the impact of potential threats
- Identifying the accused
- Finding an economic balance between the impact of the risk and the cost of the countermeasure
- Identifying the risk
You are the project manager of the NGQQ Project for your company. To help you communicate project status to your stakeholders, you are going to create a stakeholder register. All of the following information should be included in the stakeholder register except for which one?
- Identification information for each stakeholder
- Assessment information of the stakeholders’ major requirements, expectations, and potential influence
- Stakeholder classification of their role in the project
- Stakeholder management strategy
Software Development Life Cycle (SDLC) is a logical process used by programmers to develop software. Which of the following SDLC phases meets the audit objectives defined below: System and data are validated. System meets all user requirements. System meets all control requirements.
- Programming and training
- Evaluation and acceptance
- Definition
- Initiation
SIMULATION

Fill in the blank with an appropriate phrase.______________ is used to provide security mechanisms for the storage, processing, and transfer of data.
- Data classification
Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric’s organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric’s organization liable to pay the ZAS Corporation for the work they have completed so far on the project?
- Yes, the ZAS Corporation did not choose to terminate the contract work.
- It depends on what the outcome of a lawsuit will determine.
- It depends on what the termination clause of the contract stipulates.
- No, the ZAS Corporation did not complete all of the work.
SIMULATION

Fill in the blank with the appropriate phrase. ____________ is the ability to record and report on the configuration baselines associated with each configuration item at any moment of time.
- Configuration status accounting
Which of the following security models focuses on data confidentiality and controlled access to classified information?
- Bell-La Padula model
- Take-Grant model
- Clark-Wilson model
- Biba model
You are an Incident manager in Orangesect.Inc. You have been tasked to set up a new extension of your enterprise. The networking, to be done in the new extension, requires different types of cables and an appropriate policy that will be decided by you. Which of the following stages in the Incident handling process involves your decision making?
- Preparation
- Eradication
- Identification
- Containment
Which of the following BCP teams handles financial arrangement, public relations, and media inquiries in the time of disaster recovery?
- Software team
- Off-site storage team
- Applications team
- Emergency-management team
Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?
- Disaster recovery plan
- Contingency plan
- Continuity of Operations Plan
- Business continuity plan
SIMULATION

Fill in the blank with an appropriate phrase.___________ is the process of using a strategy and plan of what patches should be applied to which systems at a specified time. Correct
- Patch management
Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?
- Patent
- Utility model
- Snooping
- Copyright
James works as a security manager for SoftTech Inc. He has been working on the continuous process improvement and on the ordinal scale for measuring the maturity of the organization involved in the software processes. According to James, which of the following maturity levels of software CMM focuses on the continuous process improvement?
- Repeatable level
- Defined level
- Initiating level
- Optimizing level
Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?
- The Service Level Manager
- The Configuration Manager
- The IT Security Manager
- The Change Manager
Mark works as a security manager for SofTech Inc. He is working in a partially equipped office space which contains some of the system hardware, software, telecommunications, and power sources. In which of the following types of office sites is he working?
- Mobile site
- Warm site
- Cold site
- Hot site
Which of the following is a process of monitoring data packets that travel across a network?
- Password guessing
- Packet sniffing
- Shielding
- Packet filtering
You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location. However, budget is an issue. Which of the following is most appropriate for this client?
- Cold site
- Off site
- Hot site
- Warm site
Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?
- Initial analysis, request for service, data collection, data reporting, data analysis
- Initial analysis, request for service, data collection, data analysis, data reporting
- Request for service, initial analysis, data collection, data analysis, data reporting
- Request for service, initial analysis, data collection, data reporting, data analysis
Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?
- Direct
- Circumstantial
- Incontrovertible
- Corroborating
Change Management is used to ensure that standardized methods and procedures are used for efficient handling of all changes. Who decides the category of a change?
- The Problem Manager
- The Process Manager
- The Change Manager
- The Service Desk
- The Change Advisory Board

CISSP-ISSMP : All Parts

CISSP-ISSMP : Information Systems Security Management Professional : All Parts
CISSP-ISSMP Part 01	CISSP-ISSMP Part 04	CISSP-ISSMP Part 07	CISSP-ISSMP Part 10
CISSP-ISSMP Part 02	CISSP-ISSMP Part 05	CISSP-ISSMP Part 08	CISSP-ISSMP Part 11
CISSP-ISSMP Part 03	CISSP-ISSMP Part 06	CISSP-ISSMP Part 09

CISSP-ISSMP : Information Systems Security Management Professional : Part 10

Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.

You are the project manager of the NGQQ Project for your company. To help you communicate project status to your stakeholders, you are going to create a stakeholder register. All of the following information should be included in the stakeholder register except for which one?

Software Development Life Cycle (SDLC) is a logical process used by programmers to develop software. Which of the following SDLC phases meets the audit objectives defined below: System and data are validated. System meets all user requirements. System meets all control requirements.

SIMULATION

SIMULATION

Which of the following security models focuses on data confidentiality and controlled access to classified information?

Which of the following BCP teams handles financial arrangement, public relations, and media inquiries in the time of disaster recovery?

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

SIMULATION

Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?

Mark works as a security manager for SofTech Inc. He is working in a partially equipped office space which contains some of the system hardware, software, telecommunications, and power sources. In which of the following types of office sites is he working?

Which of the following is a process of monitoring data packets that travel across a network?

You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location. However, budget is an issue. Which of the following is most appropriate for this client?

Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?

Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

Change Management is used to ensure that standardized methods and procedures are used for efficient handling of all changes. Who decides the category of a change?