Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: s2p65

Easiest Solution 2 Pass Your Certification Exams

ISSMP ISC ISSMP®: Information Systems Security Management Professional Free Practice Exam Questions (2025 Updated)

Prepare effectively for your ISC ISSMP ISSMP®: Information Systems Security Management Professional certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

ISC ISSMP Premium Access     Download Demo    
Page: 1 / 4
Total 218 questions

Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation?

A.

Disaster Recovery Plan

B.

Contingency Plan

C.

Continuity Of Operations Plan

D.

Business Continuity Plan

Which of the following statements is related with the second law of OPSEC?

A.

If you are not protecting it (the critical and sensitive information), the adversary wins!

B.

If you don't know what to protect, how do you know you are protecting it?

C.

If you don't know about your security resources you could not protect your network.

D.

If you don't know the threat, how do you know what to protect?

Which of the following statements is true about auditing?

A.

It is used to protect the network against virus attacks.

B.

It is used to track user accounts for file and object access, logon attempts, etc.

C.

It is used to secure the network or the computers on the network.

D.

It is used to prevent unauthorized access to network resources.

Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.

A.

Administrative

B.

Automatic

C.

Physical

D.

Technical

Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one?

A.

Configuration Verification and Auditing

B.

Configuration Item Costing

C.

Configuration Identification

D.

Configuration Status Accounting

The goal of Change Management is to ensure that standardized methods and procedures are used for efficient handling of all changes. Which of the following are Change Management terminologies? Each correct answer represents a part of the solution. Choose three.

A.

Request for Change

B.

Service Request Management

C.

Change

D.

Forward Schedule of Changes

Change Management is used to ensure that standardized methods and procedures are used for efficient handling of all changes. Who decides the category of a change?

A.

The Problem Manager

B.

The Process Manager

C.

The Change Manager

D.

The Service Desk

E.

The Change Advisory Board

Mark works as a security manager for SofTech Inc. He is working in a partially equipped office space which contains some of the system hardware, software, telecommunications, and power sources. In which of the following types of office sites is he working?

A.

Mobile site

B.

Warm site

C.

Cold site

D.

Hot site

Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event?

A.

Earned value management

B.

Risk audit

C.

Technical performance measurement

D.

Correctiveaction

Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?

A.

The Fair Credit Reporting Act (FCRA)

B.

The Privacy Act

C.

The Electronic Communications Privacy Act

D.

The Equal Credit Opportunity Act (ECOA)

You are the Network Administrator for a college. You watch a large number of people (some not even students) going in and out of areas with campus computers (libraries, computer labs, etc.). You have had a problem with laptops being stolen. What is the most cost effective method to prevent this?

A.

Videosurveillance on all areas with computers.

B.

Use laptop locks.

C.

Appoint a security guard.

D.

Smart card access to all areas with computers.

Fill in the blank with an appropriate phrase.______________ is used to provide security mechanisms for the storage, processing, and transfer of data.

A.

Data classification

Which of the following plans provides procedures for recovering business operations immediately following a disaster?

A.

Disaster recovery plan

B.

Business continuity plan

C.

Continuity of operation plan

D.

Business recovery plan

Which of the following terms describes a repudiation of a contract that occurs before the time when performance is due?

A.

Expected breach

B.

Actual breach

C.

Anticipatory breach

D.

Nonperforming breach

Which of the following are the examples of administrative controls? Each correct answer represents a complete solution. Choose all that apply.

A.

Security awareness training

B.

Security policy

C.

Data Backup

D.

Auditing

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

A.

Risk mitigation

B.

Risk transfer

C.

Risk acceptance

D.

Risk avoidance

Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT Service Management (ITSM) process. Configuration Management is used for which of the following? 1.To account for all IT assets 2.To provide precise information support to other ITIL disciplines 3.To provide a solid base only for Incident and Problem Management 4.To verify configuration records and correct any exceptions

A.

1, 3, and 4 only

B.

2 and 4 only

C.

1, 2, and 4 only

D.

2, 3, and 4 only

You are the program manager for your project. You are working with the project managers regarding the procurement processes for their projects. You have ruled out one particular contract type because it is considered too risky for the program. Which one of the following contract types is usually considered to be the most dangerous for the buyer?

A.

Cost plus incentive fee

B.

Fixed fee

C.

Cost plus percentage of costs

D.

Time and materials

You are an Incident manager in Orangesect.Inc. You have been tasked to set up a new extension of your enterprise. The networking, to be done in the new extension, requires different types of cables and an appropriate policy that will be decided by you. Which of the following stages in the Incident handling process involves your decision making?

A.

Preparation

B.

Eradication

C.

Identification

D.

Containment

In which of the following contract types, the seller is reimbursed for all allowable costs for performing the contract work and receives a fixed fee payment which is calculated as a percentage of the initial estimated project costs?

A.

Firm Fixed Price Contracts

B.

Cost Plus Fixed Fee Contracts

C.

Fixed Price Incentive Fee Contracts

D.

Cost Plus Incentive Fee Contracts

ISC ISSMP Premium Access     Download Demo    
Page: 1 / 4
Total 218 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved