ISSMP®: Information Systems Security Management Professional v6.0

Page:    1 / 15   
Exam contains 218 questions

Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment within the work place. Peter started with the definition and types of sexual harassment. He then wants to convey that it is important that records of the sexual harassment incidents should be maintained, which helps in further legal prosecution. Which of the following data should be recorded in this documentation? Each correct answer represents a complete solution. Choose all that apply.

  • A. Names of the victims
  • B. Location of each incident
  • C. Nature of harassment
  • D. Date and time of incident

Answer : A,B,D

Which of the following types of evidence is considered as the best evidence?

  • A. A copy of the original document
  • B. Information gathered through the witness's senses
  • C. The original document
  • D. A computer-generated record

Answer : C

What are the purposes of audit records on an information system? Each correct answer represents a complete solution. Choose two.

  • A. Troubleshooting
  • B. Investigation
  • C. Upgradation
  • D. Backup

Answer : A,B

Which of the following refers to an information security document that is used in the United
States Department of Defense (DoD) to describe and accredit networks and systems?

  • A. SSAA
  • C. FIPS
  • D. TCSEC

Answer : A

Which of the following analysis provides a foundation for measuring investment of time, money and human resources required to achieve a particular outcome?

  • A. Vulnerability analysis
  • B. Cost-benefit analysis
  • C. Gap analysis
  • D. Requirementanalysis

Answer : C

A contract cannot have provisions for which one of the following?

  • A. Subcontracting the work
  • B. Penalties and fines for disclosure of intellectual rights
  • C. A deadline for the completion of the work
  • D. Illegal activities

Answer : D

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

  • A. Risk mitigation
  • B. Risk transfer
  • C. Risk acceptance
  • D. Risk avoidance

Answer : B

You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. One of the employees of your organization asks you the purpose of the security awareness, training and education program. What will be your answer?

  • A. It improves the possibility for career advancement of the IT staff.
  • B. It improves the security of vendor relations.
  • C. It improves the performance of a company's intranet.
  • D. It improves awareness of the need to protect system resources.

Answer : D

You are responsible for network and information security at a metropolitan police station.
The most important concern is that unauthorized parties are not able to access data. What is this called?

  • A. Availability
  • B. Encryption
  • C. Integrity
  • D. Confidentiality

Answer : D

What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?

  • A. Scope Verification
  • B. Project Management Information System
  • C. Integrated Change Control
  • D. Configuration Management System

Answer : D

Electronic communication technology refers to technology devices, such as computers and cell phones, used to facilitate communication. Which of the following is/are a type of electronic communication? Each correct answer represents a complete solution. Choose all that apply.

  • A. Internet telephony
  • B. Instant messaging
  • C. Electronic mail
  • D. Post-it note
  • E. Blogs
  • F. Internet teleconferencing

Answer : A,B,C,E,F

You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agreement is an example of what risk response?

  • A. Mitigation
  • B. Sharing
  • C. Acceptance
  • D. Transference

Answer : B

Which of the following acts is a specialized privacy bill that affects any educational institution to accept any form of funding from the federal government?

  • A. HIPAA
  • B. COPPA
  • C. FERPA
  • D. GLBA

Answer : C

Which of the following steps is the initial step in developing an information security strategy?

  • A. Perform a technical vulnerabilities assessment.
  • B. Assess the current levels of security awareness.
  • C. Perform a business impact analysis.
  • D. Analyze the current business strategy.

Answer : D

Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution. Choose three.

  • A. It ensures that unauthorized modifications are not made to data by authorized personnel orprocesses.
  • B. It determines the actions and behaviors of a single individual within a system
  • C. It ensures that modifications are not made to data by unauthorized personnel or processes.
  • D. It ensures that internal information is consistent among all subentities and also consistent with the real-world, external situation.

Answer : A,C,D

Page:    1 / 15   
Exam contains 218 questions

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.