ISSMP Online Practice Questions and Answers

You work as a Product manager for Marioiss Inc. You have been tasked to start a project for securing the network of your company. You want to employ configuration management to efficiently manage the procedures of the project. What will be the benefits of employing configuration management for completing this project? Each correct answer represents a complete solution. Choose all that apply.

A. It provides object, orient, decide and act strategy.

B. It provides a live documentation of the project.

C. It provides the risk analysis of project configurations.

D. It provides the versions for network devices.

Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two.

A. It uses TCP port 80 as the default port.

B. It is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site.

C. It uses TCP port 443 as the default port.

D. It is a protocol used to provide security for a database server in an internal network.

John is a black hat hacker. FBI arrested him while performing some email scams. Under which of the following US laws will john be charged?

A. 18 U.S.C. 1362

B. 18 U.S.C. 1030

C. 18 U.S.C. 2701

D. 18 U.S.C. 2510

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?

A. NSA-IAM

B. DITSCAP

C. ASSET

D. NIACAP

Which of the following penetration testing phases involves reconnaissance or data gathering?

A. Attack phase

B. Pre-attack phase

C. Post-attack phase

D. Out-attack phase

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

A. Business continuity plan

B. Disaster recovery plan

C. Continuity of Operations Plan

D. Contingency plan

Which of the following issues are addressed by the change control phase in the maintenance phase of the life cycle models? Each correct answer represents a complete solution. Choose all that apply.

A. Performing quality control

B. Recreating and analyzing the problem

C. Developing the changes and corresponding tests

D. Establishing the priorities of requests

Which of the following is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems?

A. IDS

B. OPSEC

C. HIDS

D. NIDS

Which of the following needs to be documented to preserve evidences for presentation in court?

A. Separation of duties

B. Account lockout policy

C. Incident response policy

D. Chain of custody

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

A. Quantitative risk analysis

B. Qualitative risk analysis

C. Requested changes

D. Risk audits