The Actual Exam Version included actual exam questions verified by IT Experts. We verified questions and updated frequently each month and also based on members’ feedback to keep updating with the real exam. We are offering money back immediately if questions in our Actual Exam Version do not appear in your exam. Highly recommend you take the Actual Exam Version then go to the exam as soon as possible.
CISSP-ISSMP Information Systems Security Management Professional Actual Exam
QUESTION NO: 61
The goal of Change Management is to ensure that standardized methods and procedures are used for efficient handling of all changes. Which of the following are Change Management terminologies? Each correct answer represents a part of the solution. Choose three.
A. Request for Change
B. Service Request Management
D. Forward Schedule of Changes
QUESTION NO: 62
Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?
A. Initial analysis, request for service, data collection, data reporting, data analysis
B. Initial analysis, request for service, data collection, data analysis, data reporting
C. Request for service, initial analysis, data collection, data analysis, data reporting
D. Request for service, initial analysis, data collection, data reporting, data analysis
QUESTION NO: 63
Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?
A. The Service Level Manager
B. The Configuration Manager
C. The IT Security Manager
D. The Change Manager
QUESTION NO: 64
James works as a security manager for SoftTech Inc. He has been working on the continuous process improvement and on the ordinal scale for measuring the maturity of the organization involved in the software processes. According to James, which of the following maturity levels of software CMM focuses on continuous process improvement?
A. Repeatable level
B. Defined level
C. Initiating level
D. Optimizing level
QUESTION NO: 65
Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?
B. Utility model
QUESTION NO: 66
You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location. However, budget is an issue. Which of the following is most appropriate for this client?
A. Cold site
B. Off site
C. Hot site
D. Warm site
QUESTION NO: 67
Which of the following is a process of monitoring data packets that travel across a network?
A. Password guessing
B. Packet sniffing
D. Packet filtering
QUESTION NO: 68
Mark works as a security manager for SofTech Inc. He is working in a partially equipped office space which contains some of the system hardware, software, telecommunications, and power sources. In which of the following types of office sites is he working?
A. Mobile site
B. Warm site
C. Cold site
D. Hot site
QUESTION NO: 69
You are documenting your organization’s change control procedures for project management.
What portion of the change control process oversees features and functions of the product scope?
A. Configuration management
B. Product scope management is outside the concerns of the project.
C. Scope change control system
D. Project integration management
QUESTION NO: 70
Which of the following enables an inventor to legally enforce his right to exclude others from using his invention?
C. Artistic license
QUESTION NO: 71
Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two.
A. Assuring the integrity of organizational data
B. Building Risk free systems
C. Risk control
D. Risk identification
QUESTION NO: 72
Which of the following statements best describes the consequences of the disaster recovery plan test?
A. If no deficiencies were found during the test, then the test was probably flawed.
B. The plan should not be changed no matter what the results of the test would be.
C. The results of the test should be kept secret.
D. If no deficiencies were found during the test, then the plan is probably perfect.
QUESTION NO: 73
Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP) ?
A. UDP port 161
B. TCP port 443
C. TCP port 110
D. UDP port 1701
QUESTION NO: 74
Which of the following statements reflect the ‘Code of Ethics Canons’ in the ‘(ISC)2 Code of ethics’? Each correct answer represents a complete solution. Choose all that apply.
A. Provide diligent and competent service to principals.
B. Protect society, the commonwealth, and the infrastructure.
C. Give guidance for resolving good versus good and bad versus bad dilemmas.
D. Act honorably, honestly, justly, responsibly, and legally.
QUESTION NO: 75
Which of the following issues are addressed by the change control phase in the maintenance phase of the life cycle models? Each correct answer represents a complete solution. Choose all that apply.
A. Performing quality control
B. Recreating and analyzing the problem
C. Developing the changes and corresponding tests
D. Establishing the priorities of requests
QUESTION NO: 76
Which of the following statements about Due Care policy is true?
A. It is a method used to authenticate users on a network.
B. It is a method for securing database servers.
C. It identifies the level of confidentiality of information.
D. It provides information about new viruses.
QUESTION NO: 77
Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one?
A. Configuration Verification and Auditing
B. Configuration Item Costing
C. Configuration Identification
D. Configuration Status Accounting
QUESTION NO: 78
What are the steps related to the vulnerability management program? Each correct answer represents a complete solution. Choose all that apply.
A. Maintain and Monitor
B. Organization Vulnerability
C. Define Policy
D. Baseline the Environment
QUESTION NO: 79
Which of the following is a documentation of guidelines that are used to create archival copies of important data?
A. User policy
B. Security policy
C. Audit policy
D. Backup policy
QUESTION NO: 80
Which of the following deals is a binding agreement between two or more persons that is enforceable by law?
D. Service level agreement
QUESTION NO: 81
Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?
B. Single Loss Expectancy (SLE)
C. Exposure Factor (EF)
D. Annualized Rate of Occurrence (ARO)
QUESTION NO: 82
Which of the following types of agreement creates a confidential relationship between the parties to protect any type of confidential and proprietary information or a trade secret?
C. Non-price competition
QUESTION NO: 83
Which of the following sections come under the ISO/IEC 27002 standard?
A. Financial assessment
B. Asset management
C. Security policy
D. Risk assessment
QUESTION NO: 84
Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?
A. 18 U.S.C. 1362
B. 18 U.S.C. 1030
C. 18 U.S.C. 1029
D. 18 U.S.C. 2701
E. 18 U.S.C. 2510
QUESTION NO: 85
Which of the following access control models uses a predefined set of access privileges for an object of a system?
A. Role-Based Access Control
B. Mandatory Access Control
C. Policy Access Control
D. Discretionary Access Control
QUESTION NO: 86
Which of the following statements about the availability concept of Information security management is true?
A. It determines actions and behaviors of a single individual within a system.
B. It ensures reliable and timely access to resources.
C. It ensures that unauthorized modifications are not made to data by authorized personnel or processes.
D. It ensures that modifications are not made to data by unauthorized personnel or processes.
QUESTION NO: 87
Which of the following is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems?
QUESTION NO: 88
Which of the following administrative policy controls is usually associated with government classifications of materials and the clearances of individuals to access those materials?
A. Separation of Duties
B. Due Care
C. Acceptable Use
D. Need to Know
QUESTION NO: 89
Which of the following processes will you involve to perform the active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures?
A. Penetration testing
B. Risk analysis
D. Compliance checking
QUESTION NO: 90
Which of the following are the levels of the military data classification system? Each correct answer represents a complete solution. Choose all that apply.
B. Top Secret