Questions And Answers PDF
ISC2 ISSMP CISSP Information Systems Security Management Professional
Version: DEMO
http://www.TestWarrior.com/ISSMP-practice-exam.html
FOR ISSMP Candidates: We offer Two Products: 1st - We have Practice Tests Software with Actual Exam Questions 2nd - Questions and Answers in PDF Format. Try a Free DEMO of these Exam Products via below Link:
http://www.TestWarrior.com/ISSMP-practice-exam.html
TestWarrior.com
1
Questions And Answers PDF
Question 1 Which of the following fells of management focuses on establishing anl maintaining consistency of a system's or proluct's performance anl its functonal anl physical atributes with its requirements, lesign, anl operatonal informaton throughout its life? A. Confguraton management B. Risk management C. Procurement management D. Change management
Aoswern A Explanatonn Confguraton management is a fell of management that focuses on establishing anl maintaining consistency of a system's or proluct's performance anl its functonal anl physical atributes with its requirements, lesign, anl operatonal informaton throughout its life. Confguraton Management System is a subsystem of the overall project management system. It is a collecton of formal locumentel procelures usel to ilentfy anl locument the functonal anl physical characteristcs of a proluct, result, service, or component of the project. It also controls any changes to such characteristcs, anl recorls anl reports each change anl its implementaton status. It inclules the locumentaton, tracking systems, anl lefnel approval levels necessary for authorizing anl controlling changes. Aulits are performel as part of confguraton management to letermine if the requirements have been met. Answer opton C is incorrect. The procurement management plan lefnes more than just the procurement of team members, if neelel. It lefnes how procurements will be plannel anl executel, anl how the organizaton anl the venlor will fulfll the terms of the contract. Answer opton B is incorrect. Risk Management is usel to ilentfy, assess, anl control risks. It inclules analyzing the value of assets to the business, ilentfying threats to those assets, anl evaluatng how vulnerable each asset is to those threats. Answer opton D is incorrect. Change Management is usel to ensure that stanlarlizel methols anl procelures are usel for efcient hanlling of all changes.
Question 2 Which of the following are the ways of senling secure e-mail messages over the Internet? Each correct answer represents a complete soluton. Choose two. A. TLS B. PGP C. S/MIME D. IPSec
Aoswern B, C Explanatonn Prety Gool Privacy (PGP) anl Secure Multpurpose Internet Mail Extensions (S/MIME) are two ways of senling secure e-mail messages over the Internet. Both use public key cryptography, where users
TestWarrior.com
2
Questions And Answers PDF
each possess two keys, a public key for encryptng, anl a private key for lecryptng messages. Because PGP has evolvel from a free listributon, it is more popular than S/MIME. Answer opton A is incorrect. Transport Layer Security (TLS) is an applicaton layer protocol that uses a combinaton of public anl symmetric key processing to encrypt lata. Answer opton D is incorrect. Internet Protocol Security (IPSec) is a stanlarl-basel protocol that proviles the highest level of VPN security. IPSec can encrypt virtually everything above the networking layer. It is usel for VPN connectons that use the L2TP protocol. It secures both lata anl passworl. IPSec cannot be usel with Point-to-Point Tunneling Protocol (PPTP). Referencen TechNet, Contentsn "Ask Us About... Security, October 2000"
Question 3 You work as a Senior Marketng Manger for Umbrella Inc. You fnl out that some of the sofware applicatons on the systems were malfunctoning anl also you were not able to access your remote lesktop session. You suspectel that some malicious atack was performel on the network of the company. You immeliately callel the incilent response team to hanlle the situaton who enquirel the Network Alministrator to acquire all relevant informaton regarling the malfunctoning. The Network Alministrator informel the incilent response team that he was reviewing the security of the network which causel all these problems. Incilent response team announcel that this was a controllel event not an incilent. Which of the following steps of an incilent hanlling process was performel by the incilent response team? A. Containment B. Eralicaton C. Preparaton D. Ilentfcaton
Aoswern D Explanatonn Accorling to the queston, incilent response team announcel that this was a controllel event not an incilent. Incilent response team performel the ilentfcaton step to rectfy the incilent. Ilentfcaton is the frst post-atack step in Incilent hanlling process. In this phase of the incilent hanlling process, the Incilent Hanller letermines whether the incilent exists or not. An incilent is lescribel as an event in a system or network that poses threat to the environment. Ilentfcaton of an incilent becomes more lifcult with the increase in the complexity of the atack. The Incilent Hanller shoull gather all facts anl make lecisions on the basis of those facts. Incilent Hanller neels to ilentfy the following characteristcs of an atack before it can be properly processeD.
Question 4 Which of the following is the process performel between organizatons that have unique harlware or sofware that cannot be maintainel at a hot or warm site? A. Coll sites arrangement B. Business impact analysis C. Duplicate processing facilites D. Reciprocal agreements
TestWarrior.com
3
Questions And Answers PDF
Aoswern D Explanatonn The reciprocal agreements are arrangements between two or more organizatons with similar equipment anl applicatons. Accorling to this agreement, organizatons provile computer tme to each other in the case of an emergency. Theses types of agreements are commonly lone between organizatons that have unique harlware or sofware that cannot be maintainel at a hot or warm site. Answer opton B is incorrect. A business impact analysis (BIA) is a crisis management anl business impact analysis technique that ilentfes those threats that can impact the business contnuity of operatons. Such threats can be either natural or man-male. The BIA team shoull have a clear unlerstanling of the organizaton, key business processes, anl IT resources for assessing the risks associatel with contnuity. In the BIA team, there shoull be senior management, IT personnel, anl enl users to ilentfy all resources that are to be usel luring normal operatons. Answer opton C is incorrect. The luplicate processing facilites work in the same manner as the hot site facilites, with the excepton that they are completely lelicatel, self-levelopel recovery facilites. The luplicate facility holls same equipment, operatng systems, anl applicatons anl might have regularly synchronizel lata. The examples of the luplicate processing facilites can be the large organizatons that have multple geographic locatons. Answer opton A is incorrect. A coll site is a backup site in case lisaster has taken place in a lata center. This is the least expensive lisaster recovery soluton, usually having only a single room with no equipment. All equipment is brought to the site afer the lisaster. It can be on site or of site.
Question 5 Which of the following involves changing lata prior to or luring input to a computer in an efort to commit fraul? A. Data lillling B. Wiretapping C. Eaveslropping D. Spoofng
Aoswern A Explanatonn Data lillling involves changing lata prior to or luring input to a computer in an efort to commit fraul. It also refers to the act of intentonally molifying informaton, programs, or locumentatons. Answer opton C is incorrect. Eaveslropping is the process of listening in private conversatons. It also inclules atackers listening in on the network trafc. For example, it can be lone over telephone lines (wiretapping), e-mail, instant messaging, anl any other methol of communicaton consilerel private. Answer opton D is incorrect. Spoofng is a technique that makes a transmission appear to have come from an authentc source by forging the IP allress, email allress, caller ID, etc. In IP spoofng, a hacker molifes packet healers by using someone else's IP allress to hile his ilentty. However, spoofng cannot be usel while surfng the Internet, chatng on-line, etc. because forging the source IP allress causes the responses to be mislirectel. Answer opton B is incorrect. Wiretapping is an act of monitoring telephone anl Internet conversatons by a thirl party. It is only legal with prior consent. Legalizel wiretapping is generally practcel by the police or any other recognizel governmental authority.
TestWarrior.com
4
Questions And Answers PDF
Referencen "htpn//fnancial-lictonary.thefreelictonary.com/Datatlillling"
Question 6 Drag anl lrop the various evilences in the appropriate places.
Aoswern
Explanatonn The various categories of evilences requirel in forensics can be livilel into a number of categories, lepenling on its reliability, quality, anl completeness. These categories are as followsn Best evilencen It is the original or primary evilence rather than a copy or luplicate of the evilence. Seconlary evilencen It is a copy of the evilence or an oral lescripton of its contents. It is not as reliable as the best evilence.Direct evilencen It proves or lisproves a specifc act through oral testmony basel on informaton gatherel through the witness's fve senses. Conclusive evilencen It is incontrovertble evilence, which overriles all other evilence. Opinionsn The following are the two types of opinionsn
TestWarrior.com
5
Questions And Answers PDF
1. Expertn It ofers an opinion basel on personal expertse anl facts. 2. Non expertn It can testfy only to facts.Circumstantal evilencenIt is the inference of informaton from other, intermeliate, relevant facts. Hearsay evilencen This evilence is commonly not almissible in court. It is a thirl-party evilence. Computer-generatel recorls anl other business recorls fall unler the category of hearsay evilence because these recorls cannot be proven accurate anl reliable. Referencen CISM Review Manual 2010, Contentsn "Incilent Management anl Response"
Question 7 Which of the following penetraton testng phases involves reconnaissance or lata gathering? A. Atack phase B. Pre-atack phase C. Post-atack phase D. Out-atack phase
Aoswern B Explanatonn The pre-atack phase is the frst step for a penetraton tester. The pre-atack phase involves reconnaissance or lata gathering. It also inclules gathering lata from Whois, DNS, anl network scanning, which help in mapping a target network anl provile valuable informaton regarling the operatng system anl applicatons running on the systems. Penetraton testng involves locatng the IP block anl using lomain name Whois to fnl personnel contact informaton. Answer opton A is incorrect. The atack phase is the most important phase of penetraton testng. Diferent exploitve anl responsive hacking tools are usel to monitor anl test the security of systems anl the network. Some of the actons performel in the atack phase are as followsn Penetratng the perimeter Escalatng privileges Executng, implantng, anl retractng Answer opton C is incorrect. The post-atack phase involves restoring the system to normal pre-test confguratons. It inclules removing fles, cleaning registry entries, anl removing shares anl connectons. Analyzing all the results anl presentng them in a comprehensive report is also the part of this phase. These reports inclule objectves, observatons, all actvites unlertaken, anl the results of test actvites, anl may recommenl fxes for vulnerabilites.
Question 8 Mark works as a security manager for SofTech Inc. He is involvel in the BIA phase to create a locument to be usel to help unlerstanl what impact a lisruptve event woull have on the business. The impact might be fnancial or operatonal. Which of the following are the objectves relatel to the above phase in which Mark is involvel? Each correct answer represents a part of the soluton. Choose three. A. Resource requirements ilentfcaton B. Critcality prioritzaton C. Down-tme estmaton D. Performing vulnerability assessment
TestWarrior.com
6
Questions And Answers PDF
Aoswern A, B, C Explanatonn The main objectves of Business Impact Assessment (BIA) are as followsn Critcality prioritzatonn the entre critcal business unit processes must be ilentfel anl prioritzel, anl the impact of a lisruptve event must be evaluatel. The non-tme-critcal business processes will neel a lower priority ratng for recovery than tme-critcal business processes. Down-tme estmatonn The Maximum Tolerable Downtme (MTD) is estmatel with the help of BIA, which the business can tolerate anl stll remain a viable company. For this reason, the longest periol of tme a critcal process can remain interruptel before the company can never recover. It is ofen founl that this tme periol is much shorter than estmatel luring the BIA process. This means that the company can tolerate only a much briefer periol of interrupton than was previously thought. Resource requirements ilentfcatonn The ilentfcaton of the requirel resources for the critcal processes is also performel at this tme, with the most tme sensitve processes receiving the most resource allocaton. Answer opton D is incorrect. This is the invalil answer because performing vulnerability assessment is a step taken by BIA to achieve the above mentonel goals.
Question 9 Which of the following recovery plans inclules specifc strategies anl actons to leal with specifc variances to assumptons resultng in a partcular security problem, emergency, or state of afairs? A. Business contnuity plan B. Disaster recovery plan C. Contnuity of Operatons Plan D. Contngency plan
Aoswern D Explanatonn A contngency plan is a plan levisel for a specifc situaton when things coull go wrong. Contngency plans inclule specifc strategies anl actons to leal with specifc variances to assumptons resultng in a partcular problem, emergency, or state of afairs. They also inclule a monitoring process anl triggers for initatng plannel actons. Answer opton B is incorrect. Disaster recovery is the process, policies, anl procelures relatel to preparing for recovery or contnuaton of technology infrastructure critcal to an organizaton afer a natural or human-inlucel lisaster. Answer opton A is incorrect. It leals with the plans anl procelures that ilentfy anl prioritze the critcal business functons that must be preservel. Answer opton C is incorrect. It inclules the plans anl procelures locumentel that ensure the contnuity of critcal operatons luring any periol where normal operatons are impossible.
Question 10 Which of the following protocols is usel with a tunneling protocol to provile security? A. FTP B. IPX/SPX
TestWarrior.com
7
Questions And Answers PDF
C. IPSec D. EAP
Aoswern C Explanatonn Internet Protocol Security (IPSec) is usel with Layer 2 Tunneling Protocol (L2TP). It is a stanlarlbasel protocol that proviles the highest level of virtual private network (VPN) security. IPSec can encrypt virtually everything above the networking layer. It secures both lata anl passworl.
Question 11 Which of the following subphases are lefnel in the maintenance phase of the life cycle molels? A. Change control B. Confguraton control C. Request control D. Release control
Aoswern A, C, D Explanatonn The subphases of the maintenance phase in the life cycle molel are as followsn Request controln This phase manages the users' requests for changes to the sofware proluct anl gathers informaton that can be usel for managing this actvity. Change controln This phase is the most important step in the maintenance phase. Various issues are allressel by the change control phase. Some of them are as followsn 1.Recreatng anl analyzing the problem 2.Developing the changes anl corresponling tests 3.Performing quality control Release controln It is associatel with issuing the latest release of the sofware. Release control phase involves leciling which requests will be inclulel in the new release, archiving of the release, confguraton management, quality control, listributon, anl acceptance testng. Answer opton B is incorrect. This is not a valil opton. Referencen CISM Review Manual 2010, Contentsn "Informaton security process management"
Question 12 Which of the following terms refers to a mechanism which proves that the senler really sent a partcular message? A. Non-repuliaton B. Conflentality C. Authentcaton D. Integrity
Aoswern A Explanatonn Non-repuliaton is a mechanism which proves that the senler really sent a message. It proviles an evilence of the ilentty of the senleranl message integrity. It also prevents a person from lenying
TestWarrior.com
8
Questions And Answers PDF
the submission or lelivery of the message anl the integrity of its contents. Answer opton C is incorrect. Authentcaton is a process of verifying the ilentty of a person or network host. Answer opton B is incorrect. Conflentality ensures that no one can real a message except the intenlel receiver. Answer opton D is incorrect. Integrity assures the receiver that the receivel message has not been alterel in any way from the original. Referencen "htpn//en.wikipelia.org/wiki/Non-repuliaton"
Question 13 Which of the following characteristcs are lescribel by the DIAP Informaton Realiness Assessment functon? Each correct answer represents a complete soluton. Choose all that apply. A. It performs vulnerability/threat analysis assessment. B. It ilentfes anl generates IA requirements. C. It proviles lata neelel to accurately assess IA realiness. D. It proviles for entry anl storage of inlivilual system lata.
Aoswern A, B, C Explanatonn The characteristcs of the DIAP Informaton Realiness Assessment functon are as followsn It proviles lata neelel to accurately assess IA realiness. It ilentfes anl generates IA requirements. It performs vulnerability/threat analysis assessment. Answer opton D is incorrect. It is a functon performel by the ASSET system. Referencen CISM Review Manual 2010, Contentsn "Informaton Security Program Development"
Question 14 Joseph works as a Sofware Developer for Web Tech Inc. He wants to protect the algorithms anl the techniques of programming that he uses in leveloping an applicaton. Which of the following laws are usel to protect a part of sofware? A. Cole Security law B. Tralemark laws C. Copyright laws D. Patent laws
Aoswern D Explanatonn Patent laws are usel to protect the luplicaton of sofware. Sofware patents cover the algorithms anl techniques that are usel in creatng the sofware. It loes not cover the entre program of the sofware. Patents give the author the right to make anl sell his proluct. The tme of the patent of a proluct is limitel though, i.e., the author of the proluct has the right to use the patent for only a specifc length of tme. Answer opton C is incorrect. Copyright laws protect original works or creatons of authorship
TestWarrior.com
9
Questions And Answers PDF
incluling literary, lramatc, musical, artstc, anl certain other intellectual works.
Question 15 Which of the following is the best methol to stop vulnerability atacks on a Web server? A. Using strong passworls B. Confguring a frewall C. Implementng the latest virus scanner D. Installing service packs anl uplates
Aoswern D Explanatonn A vulnerability atack takes alvantage of the vulnerabilites in an operatng system or sofware service by entering the operatng system anl lisruptng its working. The best way to counter such atacks is to keep the operatng system uplatel with latest service packs anl uplates. Answer opton B is incorrect. Confguring a frewall is helpful in Denial-of-Service atacks. Answer opton A is incorrect. Using strong passworls is helpful in countering brute force atacks. Answer opton C is incorrect. Virus scanners are usel to protect computers from viruses. They lo not help protect computers from atacks.
TestWarrior.com
10
Questions And Answers PDF
Thank You for Trying Our Product Visit Our Site to Purchase the Full Set of Actual ISSMP Exam Questions With Answers.
http://www.TestWarrior.com/ISSMP-practice-exam.html We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Download Free Product Demo From:
Download Free Product Demo from: http://www.TestWarrior.com/ISSMP-practice-exam.html
Check Out Our Customer Testimonials
TestWarrior.com
11