Certified Information Systems Security Management Professional (ISSMP) Sample Questions
Your proficiency in creating, delivering, and managing information security programmes is demonstrated by your holding the ISSMP Certified Information Systems Security Management Professional credential. Your management and leadership abilities are supported by it. In order to meet enterprise financial and operational requirements and support the organization’s desired risk position, ISSMPs direct the alignment of security programmes with those objectives.The article provides a list of Certified Information Systems Security Management Professional (ISSMP) Sample Questions that cover core exam topics including –
- Leadership and Business Management 22%
- Systems Lifecycle Management 19%
- Systems Lifecycle Management 19%
- Threat Intelligence and Incident Management 17%
- Law, Ethics, and Security Compliance Management 14%
Q1)Which of the following areas of management is most concerned with developing and preserving consistency between a system’s or product’s performance and its functional and physical qualities throughout its life in Certified Information Systems Security Management Professional (ISSMP) ?
- A. Configuration management
- B. Risk management
- C. Procurement management
- D. Change management
Correct Answer: A
Q2) Which of the following areas of management is most concerned with developing and preserving consistency between a system’s or product’s performance and its functional and physical qualities throughout its life in Certified Information Systems Security Management Professional (ISSMP) ?
- A. TLS
- B. PGP
- C. S/MIME
- D. IPSec
Correct Answer: BC
Q3) You are employed by Umbrella Inc. as a Senior Marketing Manager. You discover that several of the systems’ software programmes were broken and that you couldn’t access your remote desktop connection. Secondly, you had a sneaking suspicion that the business’s network had been the target of some hostile attack. You summoned the incident response team to resolve the matter right away, and they contacted the network administrator to get all the information they needed about the malfunction.The network administrator let the incident response team know that he was investigating the network’s security, which was the root of all these issues. This was a controlled event rather than an incident, according to the incident response team. The incident response team completed which of the following steps of an incident handling process?
- A. Containment
- B. Eradication
- C. Preparation
- D. Identification
Correct Answer: D
Q4) What procedure is used between businesses when one of them has specialised gear or software that cannot be maintained at a hot or warm site?
- A. Cold sites arrangement
- B. Business impact analysis
- C. Duplicate processing facilities
- D. Reciprocal agreements
Correct Answer: D
Q5) Which of the following fraud attempts includes altering data before or during entry to a computer?
- A. Data diddling
- B. Wiretapping
- C. Eavesdropping
- D. Spoofing
Correct Answer: A
Q6)Which of the following penetration testing stages involves acquiring information through reconnaissance?
- A. Attack phase
- B. Pre-attack phase
- C. Post-attack phase
- D. Out-attack phase
Correct Answer: B
Q7)For SoftTech Inc., Mark manages security. He is taking part in the BIA phase to produce a document that will be utilised to help determine the effects that a disruptive event might have on the company’s operations. The effects could be operational or monetary. Which of the following describes the goals for the phase mentioned above, in which Mark is involved? A piece of the solution is represented by each right response. Pick three.
- A. Resource requirements identification
- B. Criticality prioritization
- C. Down-time estimation
- D. Performing vulnerability assessment
Correct Answer: ABC
Q8)Which of the following recovery plans has specific tactics and procedures to address certain deviations from presumptions leading to a particular security issue, emergency, or state of affairs?
- A. Business continuity plan
- B. Disaster recovery plan
- C. Continuity of Operations Plan
- D. Contingency plan
Correct Answer: D
Q9)Which of the following protocols, in order to guarantee security, is utilised with a tunnelling protocol?
- A. FTP
- B. IPX/SPX
- C. IPSec
- D. EAP
Correct Answer: C
Q10)Which of the following subphases is defined in the life cycle models’ maintenance phase?
- A. Change control
- B. Configuration control
- C. Request control
- D. Release control
Correct Answer: ACD
Q11)Which of the following describes a system that demonstrates the sender of a message actually sent it?
- A. Non-repudiation
- B. Confidentiality
- C. Authentication
- D. Integrity
Correct Answer: A
Q12)Which of the aforementioned traits does the DIAP Information Readiness Assessment function describe? A full solution is represented by each accurate response. Decide which options apply.
- A. It carries out an examination of threats and vulnerabilities.
- B. It locates and creates requirements for IA.
- C. It offers the information required to accurately gauge IA readiness.
- D. It allows for the input and storage of specific system data.
Correct Answer: ABC
Q13)For Web Tech Inc., Joseph is a software developer. He wishes to safeguard the programming approaches and algorithms he employs when creating an application. Which of the following legal provisions is employed to safeguard a piece of software?
- A. Code Security law
- B. Trademark laws
- C. Copyright laws
- D. Patent laws
Correct Answer: D
Q14) Which of the following is the most effective approach to thwart Web server vulnerability attacks?
- A. Creating secure passwords
- B. Setting up a firewall
- C. Using the most recent malware scanner
- D. Putting service packs and updates in place
Correct Answer: D
Q15) Which of the following does the Software Capability Maturity Model (CMM) NOT recognise as a genuine maturity level?
- A. Managed level
- B. Defined level
- C. Fundamental level
- D. Repeatable level
Correct Answer: C
Q16)Which of the following BCP teams responds to the disaster’s immediate consequences as the first responder?
- A. Emergency-management team
- B. Damage-assessment team
- C. Off-site storage team
- D. Emergency action team
Correct Answer: D
Q17)Which security model among the following requires that users only access objects through applications?
- A. Biba-Clark model
- B. Bell-LaPadula
- C. Clark-Wilson
- D. Biba model
Correct Answer: C
Q18)Which of the following uses a user’s physical attributes to confirm his identity?
- A. Social Engineering
- B. Kerberos v5
- C. Biometrics
- D. CHAP
Correct Answer: C
Q19)Which of the aforementioned actions can have their security be audited? A full solution is represented by each accurate response. Pick three.
- A. Data downloading from the Internet
- B. File and object access
- C. Network logons and logoffs
- D. Printer access
Correct Answer: BCD
Q20)You are an administrator of networks for ABC Inc. The business makes use of a safe wifi network. You receive a complaint from John about his computer’s malfunction. What kind of security audit must you perform to fix the issue?
- A. Operational audit
- B. Dependent audit
- C. Non-operational audit
- D. Independent audit
Correct Answer: D