ISSMP Online Practice Questions and Answers
Andy works as a security manager for SoftTech Inc. He is involved in the BIA phase to create a document to be used to help understand what impact a disruptive event would have on the business. Choose and reorder the required steps that he will take to accomplish the BIA phase.
Select and Place:
Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."
A. Risk register
B. Risk management plan
C. Quality management plan
D. Project charter
John works as a security manager for Soft Tech Inc. He is working with his team on the disaster recovery management plan. One of his team members has a doubt related to the most cost effective DRP testing plan. According to you, which of the following disaster recovery testing plans is the most cost-effective and efficient way to identify areas of overlap in the plan before conducting more demanding training exercises?
A. Full-scale exercise
B. Walk-through drill
C. Evacuation drill
D. Structured walk-through test
Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three.
A. If you don't know the threat, how do you know what to protect?
B. If you don't know what to protect, how do you know you are protecting it?
C. If you are not protecting it (the critical and sensitive information), the adversary wins!
D. If you don't know about your security resources you cannot protect your network.
An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?
A. Network security policy
B. Backup policy
C. Privacy policy
D. User password policy
Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?
A. Data diddling
B. Wiretapping
C. Eavesdropping
D. Spoofing
Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?
A. Non-repudiation
B. Confidentiality
C. Authentication
D. Integrity
Which of the following policies helps reduce the potential damage from the actions of one person?
A. CSA
B. Risk assessment
C. Separation of duties
D. Internal audit
Which of the following types of agreement creates a confidential relationship between the parties to protect any type of confidential and proprietary information or a trade secret?
A. SLA
B. NDA
C. Non-price competition
D. CNC
Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?
A. 18 U.S.C. 1362
B. 18 U.S.C. 1030
C. 18 U.S.C. 1029
D. 18 U.S.C. 2701
E. 18 U.S.C. 2510