CISSP-ISSMP Exam Training Practice Tests (ISC CISSP-ISSMP - Information Systems Security Management Professional)]

Question 1

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

A. Stakeholder management strategy B. Lessons learned documentation C. Risk register D. Risk management plan

Correct Answer: C

Question 2

Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the continuity strategy?

A. Plan approval and implementation B. Scope and plan initiation C. Business continuity plan development D. Business impact assessment

Correct Answer: C

Question 3

You are documenting your organization's change control procedures for project management. What portion of the change control process oversees features and functions of the product scope?

A. Configuration management B. Scope changecontrol system C. Product scope management is outside the concerns of the project. D. Project integration management

Correct Answer: A

Question 4

In which of the following contract types, the seller is reimbursed for all allowable costs for performing the contract work and receives a fixed fee payment which is calculated as a percentage of the initial estimated project costs?

A. Cost Plus Incentive Fee Contracts B. Cost Plus Fixed Fee Contracts C. Firm Fixed Price Contracts D. Fixed Price Incentive Fee Contracts

Correct Answer: B

Question 5

Which of the following authentication protocols provides support for a wide range of authentication methods, such as smart cards and certificates?

A. MS-CHAP v2 B. EAP C. CHAP D. PAP

Correct Answer: B

Question 6

Which of the following architecturally related vulnerabilities is a hardware or software mechanism, which was installed to permit system maintenance and to bypass the system's security protections?

A. Covert channel B. Lack of parameter checking C. Time of Check to Time of Use (TOC/TOU) attack D. Maintenance hook

Correct Answer: D

Question 7

Tomas is the project manager of the QWS Project and is worried that the project stakeholders will want to change the project scope frequently. His fear is based on the many open issues in the project and how the resolution of the issues may lead to additional project changes. On what document are Tomas and the stakeholders working in this scenario?

A. Issue log B. Communications management plan C. Change management plan D. Risk management plan

Correct Answer: C

Question 8

Which of the following is a variant with regard to Configuration Management?

A. A CI that particularly refers to a hardware specification. B. A CI thathas the same name as another CI but shares no relationship. C. A CI that has the same essential functionality as another CI but a bit different in some small manner. D. A CI that particularly refers to a software version.

Correct Answer: C

Question 9

Which of the following statements is true about auditing?

A. It is used to protect the network against virus attacks. B. It is used to secure the network or the computers on the network. C. It is used to track user accounts for file and object access, logon attempts, etc. D. It is used to prevent unauthorized access to network resources.

Correct Answer: C

Question 10

What are the purposes of audit records on an information system? Each correct answer represents a complete solution. Choose two.

A. Troubleshooting B. Investigation C. Backup D. Upgradation

Correct Answer: A,B

Question 11

Fill in the blank with an appropriate phrase.________ models address specifications, requirements, and design, verification and validation, and maintenance activities.

A. Life cycle

Correct Answer: A

Question 12

Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?

A. The IT Security Manager B. The Service Level Manager C. The Configuration Manager D. The Change Manager

Correct Answer: A

ISC CISSP-ISSMP - Information Systems Security Management Professional - CISSP-ISSMP Exam Practice Test