ExamGecko
Search Search Login
Home Home / ISC / CISSP-ISSMP

ISC CISSP-ISSMP Practice Test - Questions Answers, Page 13

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following statements is related with the second law of OPSEC?
How many change control systems are there in project management?
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event?
Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?
You work as the project manager for Bluewell Inc. You are working on NGQQ Project for your company. You have completed the risk analysis processes for the risk events. You and the project team have created risk responses for most of the identified project risks. Which of the following risk response planning techniques will you use to shift the impact of a threat to a third party, together with the responses?
Which of the following liabilities is a third-party liability in which an individual may be responsible for an action by another party?
In which of the following contract types, the seller is reimbursed for all allowable costs for performing the contract work and receives a fixed fee payment which is calculated as a percentage of the initial estimated project costs?
How can you calculate the Annualized Loss Expectancy (ALE) that may occur due to a threat?
Which of the following architecturally related vulnerabilities is a hardware or software mechanism, which was installed to permit system maintenance and to bypass the system's security protections?
SIMULATION Fill in the blank with the appropriate phrase. ____________ is the ability to record and report on the configuration baselines associated with each configuration item at any moment of time.

Question 121

Report
Export
Collapse

Which of the following architecturally related vulnerabilities is a hardware or software mechanism, which was installed to permit system maintenance and to bypass the system's security protections?

A.
Maintenance hook
A.
Maintenance hook
Answers
B.
Lack of parameter checking
B.
Lack of parameter checking
Answers
C.
Time of Check to Time of Use (TOC/TOU) attack
C.
Time of Check to Time of Use (TOC/TOU) attack
Answers
D.
Covert channel
D.
Covert channel
Answers
Suggested answer: A

Question 122

Report
Export
Collapse

You have created a team of HR Managers and Project Managers for Blue Well Inc. The team will concentrate on hiring some new employees for the company and improving the organization's overall security by turning employees among numerous job positions. Which of the following steps will you perform to accomplish the task?

A.
Job rotation
A.
Job rotation
Answers
B.
Job responsibility
B.
Job responsibility
Answers
C.
Screening candidates
C.
Screening candidates
Answers
D.
Separation of duties
D.
Separation of duties
Answers
Suggested answer: A

Question 123

Report
Export
Collapse

Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

A.
Quantitative analysis
A.
Quantitative analysis
Answers
B.
Contingency reserve
B.
Contingency reserve
Answers
C.
Risk response
C.
Risk response
Answers
D.
Risk response plan
D.
Risk response plan
Answers
Suggested answer: B

Question 124

Report
Export
Collapse

Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?

A.
Data custodian
A.
Data custodian
Answers
B.
Auditor
B.
Auditor
Answers
C.
User
C.
User
Answers
D.
Data owner
D.
Data owner
Answers
Suggested answer: B

Question 125

Report
Export
Collapse

Which of the following are the process steps of OPSEC? Each correct answer represents a part of the solution. Choose all that apply.

A.
Analysis of Vulnerabilities
A.
Analysis of Vulnerabilities
Answers
B.
Display of associated vulnerability components
B.
Display of associated vulnerability components
Answers
C.
Assessment of Risk
C.
Assessment of Risk
Answers
D.
Identification of Critical Information
D.
Identification of Critical Information
Answers
Suggested answer: A, C, D

Question 126

Report
Export
Collapse

You work as a project manager for SoftTech Inc. A threat with a dollar value of $150,000 is expected to happen in your project and the frequency of threat occurrence per year is 0.001. What will be the annualized loss expectancy in your project?

A.
$180.25
A.
$180.25
Answers
B.
$150
B.
$150
Answers
C.
$100
C.
$100
Answers
D.
$120
D.
$120
Answers
Suggested answer: B

Question 127

Report
Export
Collapse

Which of the following are the responsibilities of the owner with regard to data in an information classification program? Each correct answer represents a complete solution. Choose three.

A.
Determining what level of classification the information requires.
A.
Determining what level of classification the information requires.
Answers
B.
Delegating the responsibility of the data protection duties to a custodian.
B.
Delegating the responsibility of the data protection duties to a custodian.
Answers
C.
Reviewing the classification assignments at regular time intervals and making changes as the business needs change.
C.
Reviewing the classification assignments at regular time intervals and making changes as the business needs change.
Answers
D.
Running regular backups and routinely testing the validity of the backup data.
D.
Running regular backups and routinely testing the validity of the backup data.
Answers
Suggested answer: A, B, C

Question 128

Report
Export
Collapse

You work as the Network Administrator for a defense contractor. Your company works with sensitive materials and all IT personnel have at least a secret level clearance. You are still concerned that one individual could perhaps compromise the network (intentionally or unintentionally) by setting up improper or unauthorized remote access. What is the best way to avoid this problem?

A.
Implement separation of duties.
A.
Implement separation of duties.
Answers
B.
Implement RBAC.
B.
Implement RBAC.
Answers
C.
Implement three way authentication.
C.
Implement three way authentication.
Answers
D.
Implement least privileges.
D.
Implement least privileges.
Answers
Suggested answer: A

Question 129

Report
Export
Collapse

Which of the following statements is true about auditing?

A.
It is used to protect the network against virus attacks.
A.
It is used to protect the network against virus attacks.
Answers
B.
It is used to track user accounts for file and object access, logon attempts, etc.
B.
It is used to track user accounts for file and object access, logon attempts, etc.
Answers
C.
It is used to secure the network or the computers on the network.
C.
It is used to secure the network or the computers on the network.
Answers
D.
It is used to prevent unauthorized access to network resources.
D.
It is used to prevent unauthorized access to network resources.
Answers
Suggested answer: B

Question 130

Report
Export
Collapse

SIMULATION

Fill in the blank with an appropriate phrase. _______is a branch of forensic science pertaining to legal evidence found in computers and digital storage media.

A.
Computer forensics
A.
Computer forensics
Answers
Suggested answer: A
Total 218 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms