ISSMP Online Practice Questions and Answers
Which of the following are the responsibilities of the owner with regard to data in an information classification program? Each correct answer represents a complete solution. Choose three.
A. Determining what level of classification the information requires.
B. Delegating the responsibility of the data protection duties to a custodian.
C. Reviewing the classification assignments at regular time intervals and making changes as the business needs change.
D. Running regular backups and routinely testing the validity of the backup data.
Which of the following signatures watches for the connection attempts to well-known, frequently attacked ports?
A. Port signatures
B. Digital signatures
C. Header condition signatures
D. String signatures
Which of the following is a documentation of guidelines that computer forensics experts use to handle evidences?
A. Evidence access policy
B. Incident response policy
C. Chain of custody
D. Chain of evidence
Which of the following is a variant with regard to Configuration Management?
A. A CI that has the same name as another CI but shares no relationship.
B. A CI that particularly refers to a hardware specification.
C. A CI that has the same essential functionality as another CI but a bit different in some small manner.
D. A CI that particularly refers to a software version.
You are the Network Administrator for a college. You watch a large number of people (some not even students) going in and out of areas with campus computers (libraries, computer labs, etc.). You have had a problem with laptops being stolen. What is the most cost effective method to prevent this?
A. Video surveillance on all areas with computers.
B. Use laptop locks.
C. Appoint a security guard.
D. Smart card access to all areas with computers.
Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?
A. Business continuity plan
B. Crisis communication plan
C. Contingency plan
D. Disaster recovery plan
Which of the following concepts represent the three fundamental principles of information security? Each correct answer represents a complete solution. Choose three.
A. Confidentiality
B. Integrity
C. Availability
D. Privacy
Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.
A. Data downloading from the Internet
B. File and object access
C. Network logons and logoffs
D. Printer access
You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agreement is an example of what risk response?
A. Mitigation
B. Sharing
C. Acceptance
D. Transference
Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?
A. The Fair Credit Reporting Act (FCRA)
B. The Privacy Act
C. The Electronic Communications Privacy Act
D. The Equal Credit Opportunity Act (ECOA)