CISSP-ISSMP Topic 2
QUESTION NO: 45
Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution. Choose threE.
A. It ensures that unauthorized modifications are not made to data by authorized personnel or processes.
B. It determines the actions and behaviors of a single individual within a system
C. It ensures that modifications are not made to data by unauthorized personnel or processes.
D. It ensures that internal information is consistent among all subentities and also consistent with the real-world, external situation.
Answer: A,C,D
Explanation:
QUESTION NO: 46
Which of the following contract types is described in the statement below? “This contract type provides no incentive for the contractor to control costs and hence is rarely utilized.”
A. Cost Plus Fixed Fee
B. Cost Plus Percentage of Cost
C. Cost Plus Incentive Fee
D. Cost Plus Award Fee
Answer: B
Explanation:
QUESTION NO: 47
Ned is the program manager for his organization and he’s considering some new materials for his program. He and his team have never worked with these materials before and he wants to ask the vendor for some additional information, a demon, and even some samples. What type of a document should Ned send to the vendor?
A. IFB
B. RFQ
C. RFP
D. RFI
Answer: D
Explanation:
QUESTION NO: 48
Against which of the following does SSH provide protection? Each correct answer represents a complete solution. Choose two.
A. IP spoofing
B. Broadcast storm
C. Password sniffing
D. DoS attack
Answer: A,C
Explanation:
QUESTION NO: 49
What is a stakeholder analysis chart?
A. It is a matrix that documents stakeholders’ threats, perceived threats, and communication needs.
B. It is a matrix that identifies all of the stakeholders and to whom they must report to.
C. It is a matrix that documents the stakeholders’ requirements, when the requirements were created, and when the fulfillment of the requirements took place..
D. It is a matrix that identifies who must communicate with whom.
Answer: A
Explanation:
QUESTION NO: 50
Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?
A. Disaster Recovery Plan
B. Continuity of Operations Plan
C. Contingency Plan
D. Business Continuity Plan
Answer: D
Explanation:
QUESTION NO: 51
You are a project manager of a large construction project. Within the project you are working with several vendors to complete different phases of the construction. Your client has asked that you arrange for some of the materials a vendor is to install next week in the project to be changed. According to the change management plan what subsystem will need to manage this change request?
A. Cost
B. Resources
C. Contract
D. Schedule
Answer: C
Explanation:
QUESTION NO: 52
Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?
A. The Configuration Manager
B. The Supplier Manager
C. The Service Catalogue Manager
D. The IT Service Continuity Manager
Answer: B
Explanation:
QUESTION NO: 53
In which of the following SDLC phases is the system’s security features configured and enabled, the system is tested and installed or fielded, and the system is authorized for processing?
A. Initiation Phase
B. Development/Acquisition Phase
C. Implementation Phase
D. Operation/Maintenance Phase
Answer: C
Explanation:
QUESTION NO: 54
Which of the following laws or acts, formed in Australia, enforces prohibition against cyber stalking?
A. Malicious Communications Act (1998)
B. Anti-Cyber-Stalking law (1999)
C. Stalking Amendment Act (1999)
D. Stalking by Electronic Communications Act (2001)
Answer: C
Explanation:
QUESTION NO: 55
Which of the following response teams aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large?
A. CSIRT
B. CERT
C. FIRST
D. FedCIRC
Answer: C
Explanation:
QUESTION NO: 56
Which of the following statements is related with the first law of OPSEC?
A. If you are not protecting it (the critical and sensitive information), the adversary wins!
B. If you don’t know what to protect, how do you know you are protecting it?
C. If you don’t know about your security resources you could not protect your network.
D. If you don’t know the threat, how do you know what to protect?
Answer: D
Explanation:
QUESTION NO: 57
Change Management is used to ensure that standardized methods and procedures are used for efficient handling of all changes. Who decides the category of a change?
A. The Problem Manager
B. The Process Manager
C. The Change Manager
D. The Service Desk
E. The Change Advisory Board
Answer: C
Explanation:
QUESTION NO: 58
Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?
A. Direct
B. Circumstantial
C. Incontrovertible
D. Corroborating
Answer: B
Explanation:
QUESTION NO: 59
Which of the following Acts enacted in United States amends Civil Rights Act of 1964, providing technical changes affecting the length of time allowed to challenge unlawful seniority provisions, to sue the federal government for discrimination and to bring age discrimination claims?
A. PROTECT Act
B. Sexual Predators Act
C. Civil Rights Act of 1991
D. The USA Patriot Act of 2001
Answer: C
Explanation:
QUESTION NO: 60
Which of the following policies helps reduce the potential damage from the actions of one person?
A. CSA
B. Risk assessment
C. Separation of duties
D. Internal audit
Answer: C
Explanation:
QUESTION NO: 61
The goal of Change Management is to ensure that standardized methods and procedures are used for efficient handling of all changes. Which of the following are Change Management terminologies? Each correct answer represents a part of the solution. Choose threE.
A. Request for Change
B. Service Request Management
C. Change
D. Forward Schedule of Changes
Answer: A,C,D
Explanation:
QUESTION NO: 62
Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?
A. Initial analysis, request for service, data collection, data reporting, data analysis
B. Initial analysis, request for service, data collection, data analysis, data reporting
C. Request for service, initial analysis, data collection, data analysis, data reporting
D. Request for service, initial analysis, data collection, data reporting, data analysis
Answer: C
Explanation:
QUESTION NO: 63
Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?
A. The Service Level Manager
B. The Configuration Manager
C. The IT Security Manager
D. The Change Manager
Answer: C
Explanation:
QUESTION NO: 64
James works as a security manager for SoftTech Inc. He has been working on the continuous process improvement and on the ordinal scale for measuring the maturity of the organization involved in the software processes. According to James, which of the following maturity levels of software CMM focuses on continuous process improvement?
A. Repeatable level
B. Defined level
C. Initiating level
D. Optimizing level
Answer: D
Explanation:
QUESTION NO: 65
Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?
A. Patent
B. Utility model
C. Snooping
D. Copyright
Answer: A
Explanation:
QUESTION NO: 66
You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location. However, budget is an issue. Which of the following is most appropriate for this client?
A. Cold site
B. Off site
C. Hot site
D. Warm site
Answer: A
Explanation:
QUESTION NO: 67
Which of the following is a process of monitoring data packets that travel across a network?
A. Password guessing
B. Packet sniffing
C. Shielding
D. Packet filtering
Answer: B
Explanation:
QUESTION NO: 68
Mark works as a security manager for SofTech Inc. He is working in a partially equipped office space which contains some of the system hardware, software, telecommunications, and power sources. In which of the following types of office sites is he working?
A. Mobile site
B. Warm site
C. Cold site
D. Hot site
Answer: B
Explanation:
QUESTION NO: 69
You are documenting your organization’s change control procedures for project management.
What portion of the change control process oversees features and functions of the product scope?
A. Configuration management
B. Product scope management is outside the concerns of the project.
C. Scope change control system
D. Project integration management
Answer: A
Explanation:
QUESTION NO: 70
Which of the following enables an inventor to legally enforce his right to exclude others from using his invention?
A. Spam
B. Patent
C. Artistic license
D. Phishing
Answer: B
Explanation:
QUESTION NO: 71
Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two.
A. Assuring the integrity of organizational data
B. Building Risk free systems
C. Risk control
D. Risk identification
Answer: C,D
Explanation:
QUESTION NO: 72
Which of the following statements best describes the consequences of the disaster recovery plan test?
A. If no deficiencies were found during the test, then the test was probably flawed.
B. The plan should not be changed no matter what the results of the test would be.
C. The results of the test should be kept secret.
D. If no deficiencies were found during the test, then the plan is probably perfect.
Answer: A
Explanation:
QUESTION NO: 73
Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP) ?
A. UDP port 161
B. TCP port 443
C. TCP port 110
D. UDP port 1701
Answer: D
Explanation:
QUESTION NO: 74
Which of the following statements reflect the ‘Code of Ethics Canons’ in the ‘(ISC)2 Code of
Ethics’? Each correct answer represents a complete solution. Choose all that apply.
A. Provide diligent and competent service to principals.
B. Protect society, the commonwealth, and the infrastructure.
C. Give guidance for resolving good versus good and bad versus bad dilemmas.
D. Act honorably, honestly, justly, responsibly, and legally.
Answer: A,B,D
Explanation:
QUESTION NO: 75
Which of the following issues are addressed by the change control phase in the maintenance phase of the life cycle models? Each correct answer represents a complete solution. Choose all that apply.
A. Performing quality control
B. Recreating and analyzing the problem
C. Developing the changes and corresponding tests
D. Establishing the priorities of requests
Answer: A,B,C
Explanation:
QUESTION NO: 76
Which of the following statements about Due Care policy is true?
A. It is a method used to authenticate users on a network.
B. It is a method for securing database servers.
C. It identifies the level of confidentiality of information.
D. It provides information about new viruses.
Answer: C
Explanation:
QUESTION NO: 77
Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one?
A. Configuration Verification and Auditing
B. Configuration Item Costing
C. Configuration Identification
D. Configuration Status Accounting
Answer: B
Explanation:
QUESTION NO: 78
What are the steps related to the vulnerability management program? Each correct answer represents a complete solution. Choose all that apply.
A. Maintain and Monitor
B. Organization Vulnerability
C. Define Policy
D. Baseline the Environment
Answer: A,C,D
Explanation:
QUESTION NO: 79
Which of the following is a documentation of guidelines that are used to create archival copies of important data?
A. User policy
B. Security policy
C. Audit policy
D. Backup policy
Answer: D
Explanation:
QUESTION NO: 80
Which of the following deals is a binding agreement between two or more persons that is enforceable by law?
A. Outsource
B. Proposal
C. Contract
D. Service level agreement
Answer: C
Explanation:
QUESTION NO: 81
Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?
A. Safeguard
B. Single Loss Expectancy (SLE)
C. Exposure Factor (EF)
D. Annualized Rate of Occurrence (ARO)
Answer: D
Explanation:
QUESTION NO: 82
Which of the following types of agreement creates a confidential relationship between the parties to protect any type of confidential and proprietary information or a trade secret?
A. SLA
B. NDA
C. Non-price competition
D. CNC
Answer: B
Explanation:
QUESTION NO: 83
Which of the following sections come under the ISO/IEC 27002 standard?
A. Financial assessment
B. Asset management
C. Security policy
D. Risk assessment
Answer: B,C,D
Explanation:
QUESTION NO: 84
Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?
A. 18 U.S.C. 1362
B. 18 U.S.C. 1030
C. 18 U.S.C. 1029
D. 18 U.S.C. 2701
E. 18 U.S.C. 2510
Answer: A
Explanation:
QUESTION NO: 85
Which of the following access control models uses a predefined set of access privileges for an object of a system?
A. Role-Based Access Control
B. Mandatory Access Control
C. Policy Access Control
D. Discretionary Access Control
Answer: B
Explanation:
QUESTION NO: 86
Which of the following statements about the availability concept of Information security management is true?
A. It determines actions and behaviors of a single individual within a system.
B. It ensures reliable and timely access to resources.
C. It ensures that unauthorized modifications are not made to data by authorized personnel or processes.
D. It ensures that modifications are not made to data by unauthorized personnel or processes.
Answer: B
Explanation:
QUESTION NO: 87
Which of the following is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems?
A. IDS
B. OPSEC
C. HIDS
D. NIDS
Answer: B
Explanation:
QUESTION NO: 88
Which of the following administrative policy controls is usually associated with government classifications of materials and the clearances of individuals to access those materials?
A. Separation of Duties
B. Due Care
C. Acceptable Use
D. Need to Know
Answer: D
Explanation:
QUESTION NO: 89
Which of the following processes will you involve to perform the active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures?
A. Penetration testing
B. Risk analysis
C. Baselining
D. Compliance checking
Answer: A
Explanation:
QUESTION NO: 90
Which of the following are the levels of the military data classification system? Each correct answer represents a complete solution. Choose all that apply.
A. Sensitive
B. Top Secret
C. Confidential
D. Secret
E. Unclassified
F. Public
Answer: A,B,C,D,E
Explanation:
