ISSMPĀ®: Information Systems Security Management Professional v6.0

Page:    1 / 15   
Exam contains 218 questions

You are the program manager for your project. You are working with the project managers regarding the procurement processes for their projects. You have ruled out one particular contract type because it is considered too risky for the program. Which one of the following contract types is usually considered to be the most dangerous for the buyer?

  • A. Cost plus incentive fee
  • B. Fixed fee
  • C. Cost plus percentage of costs
  • D. Time and materials


Answer : C

Which of the following anti-child pornography organizations helps local communities to create programs and develop strategies to investigate child exploitation?

  • A. Internet Crimes Against Children (ICAC)
  • B. Project Safe Childhood (PSC)
  • C. Anti-Child Porn.org
  • D. Innocent Images National Imitative (IINI)


Answer : B

In which of the following contract types, the seller is reimbursed for all allowable costs for performing the contract work and receives a fixed fee payment which is calculated as a percentage of the initial estimated project costs?

  • A. Firm Fixed Price Contracts
  • B. Cost Plus Fixed Fee Contracts
  • C. Fixed Price Incentive Fee Contracts
  • D. Cost Plus Incentive Fee Contracts


Answer : B

Which of the following acts is a specialized privacy bill that affects any educational institution to accept any form of funding from the federal government?

  • A. HIPAA
  • B. COPPA
  • C. FERPA
  • D. GLBA


Answer : C

Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?

  • A. Data diddling
  • B. Wiretapping
  • C. Eavesdropping
  • D. Spoofing


Answer : A

Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

  • A. Patent
  • B. Utility model
  • C. Snooping
  • D. Copyright


Answer : A

Mark works as a security manager for SoftTech Inc. He is involved in the BIA phase to create a document to be used to help understand what impact a disruptive event would have on the business. The impact might be financial or operational. Which of the following are the objectives related to the above phase in which Mark is involved? Each correct answer represents a part of the solution. Choose three.

  • A. Resource requirements identification
  • B. Criticality prioritization
  • C. Down-time estimation
  • D. Performing vulnerability assessment


Answer : A,B,C

Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.

  • A. Data downloading from the Internet
  • B. File and object access
  • C. Network logons and logoffs
  • D. Printer access


Answer : B,C,D

Which of the following sites are similar to the hot site facilities, with the exception that they are completely dedicated, self-developed recovery facilities?

  • A. Cold sites
  • B. Orange sites
  • C. Warm sites
  • D. Duplicate processing facilities


Answer : D

Which of the following rated systems of the Orange book has mandatory protection of the
TCB?

  • A. B-rated
  • B. C-rated
  • C. D-rated
  • D. A-rated


Answer : A

Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?

  • A. Business continuity plan
  • B. Crisis communication plan
  • C. Contingency plan
  • D. Disaster recovery plan


Answer : A

Which of the following governance bodies provides management, operational and technical controls to satisfy security requirements?

  • A. Senior Management
  • B. Business Unit Manager
  • C. Information Security Steering Committee
  • D. Chief Information Security Officer


Answer : A

Which of the following are the examples of administrative controls? Each correct answer represents a complete solution. Choose all that apply.

  • A. Security awareness training
  • B. Security policy
  • C. Data Backup
  • D. Auditing


Answer : A,B

Which of the following authentication protocols provides support for a wide range of authentication methods, such as smart cards and certificates?

  • A. PAP
  • B. EAP
  • C. MS-CHAP v2
  • D. CHAP


Answer : B

You work as the Network Administrator for a defense contractor. Your company works with sensitive materials and all IT personnel have at least a secret level clearance. You are still concerned that one individual could perhaps compromise the network (intentionally or unintentionally) by setting up improper or unauthorized remote access. What is the best way to avoid this problem?

  • A. Implement separation of duties.
  • B. Implement RBAC.
  • C. Implement three way authentication.
  • D. Implement least privileges.


Answer : A

Page:    1 / 15   
Exam contains 218 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us