ISSMP Online Practice Questions and Answers
Policies are considered the first and highest level of documentation, from which the lower-level elements of standards, procedures, and guidelines flow. Drag and drop each policy statement according to its hierarchy level (i.e. from top to bottom).
Select and Place:
Which of the following rate systems of the Orange book has no security controls?
A. D-rated
B. C-rated
C. E-rated
D. A-rated
Which of the following is a variant with regard to Configuration Management?
A. A CI that has the same name as another CI but shares no relationship.
B. A CI that particularly refers to a hardware specification.
C. A CI that has the same essential functionality as another CI but a bit different in some small manner.
D. A CI that particularly refers to a software version.
Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?
A. Availability
B. Confidentiality
C. Integrity
D. Authenticity
Which of the following processes is used by remote users to make a secure connection to internal resources after establishing an Internet connection?
A. Packet filtering
B. Tunneling
C. Packet sniffing
D. Spoofing
Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.
A. Vulnerability Assessment and Penetration Testing
B. Security Certification and Accreditation (CandA)
C. Change and Configuration Control
D. Risk Adjustments
Which of the following laws or acts, formed in Australia, enforces prohibition against cyber stalking?
A. Malicious Communications Act (1998)
B. Anti-Cyber-Stalking law (1999)
C. Stalking Amendment Act (1999)
D. Stalking by Electronic Communications Act (2001)
James works as a security manager for SoftTech Inc. He has been working on the continuous process improvement and on the ordinal scale for measuring the maturity of the organization involved in the software processes. According to James, which of the following maturity levels of software CMM focuses on the continuous process improvement?
A. Repeatable level
B. Defined level
C. Initiating level
D. Optimizing level
Which of the following processes will you involve to perform the active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures?
A. Penetration testing
B. Risk analysis
C. Baselining
D. Compliance checking
Which of the following security models deal only with integrity? Each correct answer represents a complete solution. Choose two.
A. Biba-Wilson
B. Clark-Wilson
C. Bell-LaPadula
D. Biba
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2024 leads4pass.com.