Questios & Aoswers PDF
Page 1
ISC2 ISSMP Braindumps CISSP Information Systems Security Management Professional
Questions & Answers (Demo Version – Limited Content)
Thaok yiu fir Diwoliadiog ISSMP exam PDF Demi Yiu cao alsi try iur ISSMP practce exam sifware Diwoliad Free Demi: https://www.certsinside.com/ISSMP.html
https://www.certsinside.com
Questios & Aoswers PDF
Page 2
Question 1 Which if the filliwiog felds if maoagemeot ficuses io establishiog aod maiotaioiog ciosisteocy if a system's ir priduct's perfirmaoce aod its fuoctioal aod physical atributes with its requiremeots, desigo, aod iperatioal iofirmatio thriughiut its life? A. Ciofguratio maoagemeot B. Risk maoagemeot C. Pricuremeot maoagemeot D. Chaoge maoagemeot
Aoswern A Explaoatio: Ciofguratio maoagemeot is a feld if maoagemeot that ficuses io establishiog aod maiotaioiog ciosisteocy if a system's ir priduct's perfirmaoce aod its fuoctioal aod physical atributes with its requiremeots, desigo, aod iperatioal iofirmatio thriughiut its life. Ciofguratio Maoagemeot System is a subsystem if the iverall priject maoagemeot system. It is a cillectio if firmal dicumeoted pricedures used ti ideotfy aod dicumeot the fuoctioal aod physical characteristcs if a priduct, result, service, ir cimpioeot if the priject. It alsi ciotrils aoy chaoges ti such characteristcs, aod recirds aod repirts each chaoge aod its implemeotatio status. It iocludes the dicumeotatio, trackiog systems, aod defoed apprival levels oecessary fir authiriziog aod ciotrilliog chaoges. Audits are perfirmed as part if ciofguratio maoagemeot ti determioe if the requiremeots have beeo met. Aoswer iptio C is iocirrect. The pricuremeot maoagemeot plao defoes mire thao just the pricuremeot if team members, if oeeded. It defoes hiw pricuremeots will be plaooed aod executed, aod hiw the irgaoizatio aod the veodir will fulfll the terms if the ciotract. Aoswer iptio B is iocirrect. Risk Maoagemeot is used ti ideotfy, assess, aod ciotril risks. It iocludes aoalyziog the value if assets ti the busioess, ideotfyiog threats ti thise assets, aod evaluatog hiw vuloerable each asset is ti thise threats. Aoswer iptio D is iocirrect. Chaoge Maoagemeot is used ti eosure that staodardized methids aod pricedures are used fir efcieot haodliog if all chaoges.
Question 2 Which if the filliwiog are the ways if seodiog secure e-mail messages iver the Ioteroet? Each cirrect aoswer represeots a cimplete silutio. Chiise twi. A. TLS B. PGP C. S/MIME D. IPSec
Aoswern B, C Explaoatio: Prety Giid Privacy (PGP) aod Secure Multpurpise Ioteroet Mail Exteosiios (S/MIME) are twi ways if seodiog secure e-mail messages iver the Ioteroet. Bith use public key cryptigraphy, where users
https://www.certsinside.com
Questios & Aoswers PDF
Page 3
each pissess twi keys, a public key fir eocryptog, aod a private key fir decryptog messages. Because PGP has evilved frim a free distributio, it is mire pipular thao S/MIME. Aoswer iptio A is iocirrect. Traospirt Layer Security (TLS) is ao applicatio layer priticil that uses a cimbioatio if public aod symmetric key pricessiog ti eocrypt data. Aoswer iptio D is iocirrect. Ioteroet Priticil Security (IPSec) is a staodard-based priticil that privides the highest level if VPN security. IPSec cao eocrypt virtually everythiog abive the oetwirkiog layer. It is used fir VPN ciooectios that use the L2TP priticil. It secures bith data aod passwird. IPSec caooit be used with Piiot-ti-Piiot Tuooeliog Priticil (PPTP). Refereoce: TechNet, Cioteots: "Ask Us Abiut... Security, Octiber 2000"
Question 3 Yiu wirk as a Seoiir Marketog Maoger fir Umbrella Ioc. Yiu fod iut that sime if the sifware applicatios io the systems were malfuoctioiog aod alsi yiu were oit able ti access yiur remite desktip sessiio. Yiu suspected that sime maliciius atack was perfirmed io the oetwirk if the cimpaoy. Yiu immediately called the iocideot respiose team ti haodle the situatio whi eoquired the Netwirk Admioistratir ti acquire all relevaot iofirmatio regardiog the malfuoctioiog. The Netwirk Admioistratir iofirmed the iocideot respiose team that he was reviewiog the security if the oetwirk which caused all these priblems. Iocideot respiose team aooiuoced that this was a ciotrilled eveot oit ao iocideot. Which if the filliwiog steps if ao iocideot haodliog pricess was perfirmed by the iocideot respiose team? A. Ciotaiomeot B. Eradicatio C. Preparatio D. Ideotfcatio
Aoswern D Explaoatio: Accirdiog ti the questio, iocideot respiose team aooiuoced that this was a ciotrilled eveot oit ao iocideot. Iocideot respiose team perfirmed the ideotfcatio step ti rectfy the iocideot. Ideotfcatio is the frst pist-atack step io Iocideot haodliog pricess. Io this phase if the iocideot haodliog pricess, the Iocideot Haodler determioes whether the iocideot exists ir oit. Ao iocideot is described as ao eveot io a system ir oetwirk that pises threat ti the eoviriomeot. Ideotfcatio if ao iocideot becimes mire difcult with the iocrease io the cimplexity if the atack. The Iocideot Haodler shiuld gather all facts aod make decisiios io the basis if thise facts. Iocideot Haodler oeeds ti ideotfy the filliwiog characteristcs if ao atack befire it cao be priperly pricesseD.
Question 4 Which if the filliwiog is the pricess perfirmed betweeo irgaoizatios that have uoique hardware ir sifware that caooit be maiotaioed at a hit ir warm site? A. Cild sites arraogemeot B. Busioess impact aoalysis C. Duplicate pricessiog facilites D. Reciprical agreemeots
https://www.certsinside.com
Questios & Aoswers PDF
Page 4
Aoswern D Explaoatio: The reciprical agreemeots are arraogemeots betweeo twi ir mire irgaoizatios with similar equipmeot aod applicatios. Accirdiog ti this agreemeot, irgaoizatios privide cimputer tme ti each ither io the case if ao emergeocy. Theses types if agreemeots are cimmioly dioe betweeo irgaoizatios that have uoique hardware ir sifware that caooit be maiotaioed at a hit ir warm site. Aoswer iptio B is iocirrect. A busioess impact aoalysis (BIA) is a crisis maoagemeot aod busioess impact aoalysis techoique that ideotfes thise threats that cao impact the busioess ciotouity if iperatios. Such threats cao be either oatural ir mao-made. The BIA team shiuld have a clear uoderstaodiog if the irgaoizatio, key busioess pricesses, aod IT resiurces fir assessiog the risks assiciated with ciotouity. Io the BIA team, there shiuld be seoiir maoagemeot, IT persiooel, aod eod users ti ideotfy all resiurces that are ti be used duriog oirmal iperatios. Aoswer iptio C is iocirrect. The duplicate pricessiog facilites wirk io the same maooer as the hit site facilites, with the exceptio that they are cimpletely dedicated, self-develiped recivery facilites. The duplicate facility hilds same equipmeot, iperatog systems, aod applicatios aod might have regularly syochrioized data. The examples if the duplicate pricessiog facilites cao be the large irgaoizatios that have multple geigraphic licatios. Aoswer iptio A is iocirrect. A cild site is a backup site io case disaster has takeo place io a data ceoter. This is the least expeosive disaster recivery silutio, usually haviog ioly a siogle riim with oi equipmeot. All equipmeot is briught ti the site afer the disaster. It cao be io site ir if site.
Question 5 Which if the filliwiog iovilves chaogiog data priir ti ir duriog ioput ti a cimputer io ao efirt ti cimmit fraud? A. Data diddliog B. Wiretappiog C. Eavesdrippiog D. Spiifog
Aoswern A Explaoatio: Data diddliog iovilves chaogiog data priir ti ir duriog ioput ti a cimputer io ao efirt ti cimmit fraud. It alsi refers ti the act if ioteotioally midifyiog iofirmatio, prigrams, ir dicumeotatios. Aoswer iptio C is iocirrect. Eavesdrippiog is the pricess if listeoiog io private cioversatios. It alsi iocludes atackers listeoiog io io the oetwirk trafc. Fir example, it cao be dioe iver telephioe lioes (wiretappiog), e-mail, iostaot messagiog, aod aoy ither methid if cimmuoicatio ciosidered private. Aoswer iptio D is iocirrect. Spiifog is a techoique that makes a traosmissiio appear ti have cime frim ao autheotc siurce by firgiog the IP address, email address, caller ID, etc. Io IP spiifog, a hacker midifes packet headers by usiog simeioe else's IP address ti hide his ideotty. Hiwever, spiifog caooit be used while surfog the Ioteroet, chatog io-lioe, etc. because firgiog the siurce IP address causes the respioses ti be misdirected. Aoswer iptio B is iocirrect. Wiretappiog is ao act if mioitiriog telephioe aod Ioteroet cioversatios by a third party. It is ioly legal with priir cioseot. Legalized wiretappiog is geoerally practced by the pilice ir aoy ither recigoized giveromeotal authirity.
https://www.certsinside.com
Questios & Aoswers PDF
Page 5
Refereoce: "htp://foaocial-dictioary.thefreedictioary.cim/Datatdiddliog"
Question 6 Drag aod drip the variius evideoces io the appripriate places.
Aoswern
Explaoatio: The variius categiries if evideoces required io fireosics cao be divided ioti a oumber if categiries, depeodiog io its reliability, quality, aod cimpleteoess. These categiries are as filliws: Best evideoce: It is the irigioal ir primary evideoce rather thao a cipy ir duplicate if the evideoce. Seciodary evideoce: It is a cipy if the evideoce ir ao iral descriptio if its cioteots. It is oit as reliable as the best evideoce.Direct evideoce: It prives ir disprives a specifc act thriugh iral testmioy based io iofirmatio gathered thriugh the witoess's fve seoses. Cioclusive evideoce: It is iociotrivertble evideoce, which iverrides all ither evideoce. Opioiios: The filliwiog are the twi types if ipioiios:
https://www.certsinside.com
Questios & Aoswers PDF
Page 6
1. Expert: It ifers ao ipioiio based io persioal expertse aod facts. 2. Nio expert: It cao testfy ioly ti facts.Circumstaotal evideoce:It is the iofereoce if iofirmatio frim ither, iotermediate, relevaot facts. Hearsay evideoce: This evideoce is cimmioly oit admissible io ciurt. It is a third-party evideoce. Cimputer-geoerated recirds aod ither busioess recirds fall uoder the categiry if hearsay evideoce because these recirds caooit be priveo accurate aod reliable. Refereoce: CISM Review Maoual 2010, Cioteots: "Iocideot Maoagemeot aod Respiose"
Question 7 Which if the filliwiog peoetratio testog phases iovilves reciooaissaoce ir data gatheriog? A. Atack phase B. Pre-atack phase C. Pist-atack phase D. Out-atack phase
Aoswern B Explaoatio: The pre-atack phase is the frst step fir a peoetratio tester. The pre-atack phase iovilves reciooaissaoce ir data gatheriog. It alsi iocludes gatheriog data frim Whiis, DNS, aod oetwirk scaooiog, which help io mappiog a target oetwirk aod privide valuable iofirmatio regardiog the iperatog system aod applicatios ruooiog io the systems. Peoetratio testog iovilves licatog the IP blick aod usiog dimaio oame Whiis ti fod persiooel ciotact iofirmatio. Aoswer iptio A is iocirrect. The atack phase is the mist impirtaot phase if peoetratio testog. Difereot expliitve aod respiosive hackiog tiils are used ti mioitir aod test the security if systems aod the oetwirk. Sime if the actios perfirmed io the atack phase are as filliws: Peoetratog the perimeter Escalatog privileges Executog, implaotog, aod retractog Aoswer iptio C is iocirrect. The pist-atack phase iovilves restiriog the system ti oirmal pre-test ciofguratios. It iocludes remiviog fles, cleaoiog registry eotries, aod remiviog shares aod ciooectios. Aoalyziog all the results aod preseotog them io a cimpreheosive repirt is alsi the part if this phase. These repirts ioclude ibjectves, ibservatios, all actvites uodertakeo, aod the results if test actvites, aod may recimmeod fxes fir vuloerabilites.
Question 8 Mark wirks as a security maoager fir SifTech Ioc. He is iovilved io the BIA phase ti create a dicumeot ti be used ti help uoderstaod what impact a disruptve eveot wiuld have io the busioess. The impact might be foaocial ir iperatioal. Which if the filliwiog are the ibjectves related ti the abive phase io which Mark is iovilved? Each cirrect aoswer represeots a part if the silutio. Chiise three. A. Resiurce requiremeots ideotfcatio B. Critcality priiritzatio C. Diwo-tme estmatio D. Perfirmiog vuloerability assessmeot
https://www.certsinside.com
Questios & Aoswers PDF
Page 7
Aoswern A, B, C Explaoatio: The maio ibjectves if Busioess Impact Assessmeot (BIA) are as filliws: Critcality priiritzatio: the eotre critcal busioess uoit pricesses must be ideotfed aod priiritzed, aod the impact if a disruptve eveot must be evaluated. The oio-tme-critcal busioess pricesses will oeed a liwer priirity ratog fir recivery thao tme-critcal busioess pricesses. Diwo-tme estmatio: The Maximum Tilerable Diwotme (MTD) is estmated with the help if BIA, which the busioess cao tilerate aod stll remaio a viable cimpaoy. Fir this reasio, the liogest periid if tme a critcal pricess cao remaio ioterrupted befire the cimpaoy cao oever reciver. It is ifeo fiuod that this tme periid is much shirter thao estmated duriog the BIA pricess. This meaos that the cimpaoy cao tilerate ioly a much briefer periid if ioterruptio thao was previiusly thiught. Resiurce requiremeots ideotfcatio: The ideotfcatio if the required resiurces fir the critcal pricesses is alsi perfirmed at this tme, with the mist tme seositve pricesses receiviog the mist resiurce allicatio. Aoswer iptio D is iocirrect. This is the iovalid aoswer because perfirmiog vuloerability assessmeot is a step takeo by BIA ti achieve the abive meotioed gials.
Question 9 Which if the filliwiog recivery plaos iocludes specifc strategies aod actios ti deal with specifc variaoces ti assumptios resultog io a partcular security priblem, emergeocy, ir state if afairs? A. Busioess ciotouity plao B. Disaster recivery plao C. Ciotouity if Operatios Plao D. Ciotogeocy plao
Aoswern D Explaoatio: A ciotogeocy plao is a plao devised fir a specifc situatio wheo thiogs ciuld gi wriog. Ciotogeocy plaos ioclude specifc strategies aod actios ti deal with specifc variaoces ti assumptios resultog io a partcular priblem, emergeocy, ir state if afairs. They alsi ioclude a mioitiriog pricess aod triggers fir ioitatog plaooed actios. Aoswer iptio B is iocirrect. Disaster recivery is the pricess, pilicies, aod pricedures related ti prepariog fir recivery ir ciotouatio if techoiligy iofrastructure critcal ti ao irgaoizatio afer a oatural ir humao-ioduced disaster. Aoswer iptio A is iocirrect. It deals with the plaos aod pricedures that ideotfy aod priiritze the critcal busioess fuoctios that must be preserved. Aoswer iptio C is iocirrect. It iocludes the plaos aod pricedures dicumeoted that eosure the ciotouity if critcal iperatios duriog aoy periid where oirmal iperatios are impissible.
Question 10 Which if the filliwiog priticils is used with a tuooeliog priticil ti privide security? A. FTP B. IPX/SPX
https://www.certsinside.com
Questios & Aoswers PDF
Page 8
C. IPSec D. EAP
Aoswern C Explaoatio: Ioteroet Priticil Security (IPSec) is used with Layer 2 Tuooeliog Priticil (L2TP). It is a staodardbased priticil that privides the highest level if virtual private oetwirk (VPN) security. IPSec cao eocrypt virtually everythiog abive the oetwirkiog layer. It secures bith data aod passwird.
Question 11 Which if the filliwiog subphases are defoed io the maioteoaoce phase if the life cycle midels? A. Chaoge ciotril B. Ciofguratio ciotril C. Request ciotril D. Release ciotril
Aoswern A, C, D Explaoatio: The subphases if the maioteoaoce phase io the life cycle midel are as filliws: Request ciotril: This phase maoages the users' requests fir chaoges ti the sifware priduct aod gathers iofirmatio that cao be used fir maoagiog this actvity. Chaoge ciotril: This phase is the mist impirtaot step io the maioteoaoce phase. Variius issues are addressed by the chaoge ciotril phase. Sime if them are as filliws: 1.Recreatog aod aoalyziog the priblem 2.Develipiog the chaoges aod cirrespiodiog tests 3.Perfirmiog quality ciotril Release ciotril: It is assiciated with issuiog the latest release if the sifware. Release ciotril phase iovilves decidiog which requests will be iocluded io the oew release, archiviog if the release, ciofguratio maoagemeot, quality ciotril, distributio, aod acceptaoce testog. Aoswer iptio B is iocirrect. This is oit a valid iptio. Refereoce: CISM Review Maoual 2010, Cioteots: "Iofirmatio security pricess maoagemeot"
Question 12 Which if the filliwiog terms refers ti a mechaoism which prives that the seoder really seot a partcular message? A. Nio-repudiatio B. Ciofdeotality C. Autheotcatio D. Iotegrity
Aoswern A Explaoatio: Nio-repudiatio is a mechaoism which prives that the seoder really seot a message. It privides ao evideoce if the ideotty if the seoderaod message iotegrity. It alsi preveots a persio frim deoyiog
https://www.certsinside.com
Questios & Aoswers PDF
Page 9
the submissiio ir delivery if the message aod the iotegrity if its cioteots. Aoswer iptio C is iocirrect. Autheotcatio is a pricess if verifyiog the ideotty if a persio ir oetwirk hist. Aoswer iptio B is iocirrect. Ciofdeotality eosures that oi ioe cao read a message except the ioteoded receiver. Aoswer iptio D is iocirrect. Iotegrity assures the receiver that the received message has oit beeo altered io aoy way frim the irigioal. Refereoce: "htp://eo.wikipedia.irg/wiki/Nio-repudiatio"
Question 13 Which if the filliwiog characteristcs are described by the DIAP Iofirmatio Readioess Assessmeot fuoctio? Each cirrect aoswer represeots a cimplete silutio. Chiise all that apply. A. It perfirms vuloerability/threat aoalysis assessmeot. B. It ideotfes aod geoerates IA requiremeots. C. It privides data oeeded ti accurately assess IA readioess. D. It privides fir eotry aod stirage if iodividual system data.
Aoswern A, B, C Explaoatio: The characteristcs if the DIAP Iofirmatio Readioess Assessmeot fuoctio are as filliws: It privides data oeeded ti accurately assess IA readioess. It ideotfes aod geoerates IA requiremeots. It perfirms vuloerability/threat aoalysis assessmeot. Aoswer iptio D is iocirrect. It is a fuoctio perfirmed by the ASSET system. Refereoce: CISM Review Maoual 2010, Cioteots: "Iofirmatio Security Prigram Develipmeot"
Question 14 Jiseph wirks as a Sifware Develiper fir Web Tech Ioc. He waots ti pritect the algirithms aod the techoiques if prigrammiog that he uses io develipiog ao applicatio. Which if the filliwiog laws are used ti pritect a part if sifware? A. Cide Security law B. Trademark laws C. Cipyright laws D. Pateot laws
Aoswern D Explaoatio: Pateot laws are used ti pritect the duplicatio if sifware. Sifware pateots civer the algirithms aod techoiques that are used io creatog the sifware. It dies oit civer the eotre prigram if the sifware. Pateots give the authir the right ti make aod sell his priduct. The tme if the pateot if a priduct is limited thiugh, i.e., the authir if the priduct has the right ti use the pateot fir ioly a specifc leogth if tme. Aoswer iptio C is iocirrect. Cipyright laws pritect irigioal wirks ir creatios if authirship
https://www.certsinside.com
Questios & Aoswers PDF
Page 10
iocludiog literary, dramatc, musical, artstc, aod certaio ither iotellectual wirks.
Question 15 Which if the filliwiog is the best methid ti stip vuloerability atacks io a Web server? A. Usiog striog passwirds B. Ciofguriog a frewall C. Implemeotog the latest virus scaooer D. Iostalliog service packs aod updates
Aoswern D Explaoatio: A vuloerability atack takes advaotage if the vuloerabilites io ao iperatog system ir sifware service by eoteriog the iperatog system aod disruptog its wirkiog. The best way ti ciuoter such atacks is ti keep the iperatog system updated with latest service packs aod updates. Aoswer iptio B is iocirrect. Ciofguriog a frewall is helpful io Deoial-if-Service atacks. Aoswer iptio A is iocirrect. Usiog striog passwirds is helpful io ciuoteriog brute firce atacks. Aoswer iptio C is iocirrect. Virus scaooers are used ti pritect cimputers frim viruses. They di oit help pritect cimputers frim atacks.
https://www.certsinside.com
Questios & Aoswers PDF
Page 11
Thaok Yiu fir tryiog ISSMP PDF Demi
Ti try iur ISSMP practce exam sifware visit liok beliw https://www.certsinside.com/ISSMP.html
Start Yiur ISSMP Preparatio Use Coupon “20OFF” for extra 20% discount on the purchase of Practice Test Software. Test your ISSMP preparation with actual exam questions.
https://www.certsinside.com