ISC issmp practice test

Information Systems Security Management Professional

Last exam update: Nov 27 ,2025
Page 1 out of 15. Viewing questions 1-15 out of 218

Question 1

Which of the following fields of management focuses on establishing and maintaining consistency of
a system's or product's performance and its functional and physical attributes with its requirements,
design, and operational information throughout its life?

  • A. Configuration management
  • B. Risk management
  • C. Procurement management
  • D. Change management
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which of the following are the ways of sending secure e-mail messages over the Internet? Each
correct answer represents a complete solution. Choose two.

  • A. TLS
  • B. PGP
  • C. S/MIME
  • D. IPSec
Mark Question:
Answer:

B, C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

You work as a Senior Marketing Manger for Umbrella Inc. You find out that some of the software
applications on the systems were malfunctioning and also you were not able to access your remote
desktop session. You suspected that some malicious attack was performed on the network of the
company. You immediately called the incident response team to handle the situation who enquired
the Network Administrator to acquire all relevant information regarding the malfunctioning. The
Network Administrator informed the incident response team that he was reviewing the security of
the network which caused all these problems. Incident response team announced that this was a
controlled event not an incident. Which of the following steps of an incident handling process was
performed by the incident response team?

  • A. Containment
  • B. Eradication
  • C. Preparation
  • D. Identification
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which of the following is the process performed between organizations that have unique hardware
or software that cannot be maintained at a hot or warm site?

  • A. Cold sites arrangement
  • B. Business impact analysis
  • C. Duplicate processing facilities
  • D. Reciprocal agreements
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which of the following involves changing data prior to or during input to a computer in an effort to
commit fraud?

  • A. Data diddling
  • B. Wiretapping
  • C. Eavesdropping
  • D. Spoofing
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Which of the following penetration testing phases involves reconnaissance or data gathering?

  • A. Attack phase
  • B. Pre-attack phase
  • C. Post-attack phase
  • D. Out-attack phase
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Mark works as a security manager for SoftTech Inc. He is involved in the BIA phase to create a
document to be used to help understand what impact a disruptive event would have on the
business. The impact might be financial or operational. Which of the following are the objectives
related to the above phase in which Mark is involved? Each correct answer represents a part of the
solution. Choose three.

  • A. Resource requirements identification
  • B. Criticality prioritization
  • C. Down-time estimation
  • D. Performing vulnerability assessment
Mark Question:
Answer:

A, B, C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which of the following recovery plans includes specific strategies and actions to deal with specific
variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

  • A. Business continuity plan
  • B. Disaster recovery plan
  • C. Continuity of Operations Plan
  • D. Contingency plan
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which of the following protocols is used with a tunneling protocol to provide security?

  • A. FTP
  • B. IPX/SPX
  • C. IPSec
  • D. EAP
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of the following subphases are defined in the maintenance phase of the life cycle models?

  • A. Change control
  • B. Configuration control
  • C. Request control
  • D. Release control
Mark Question:
Answer:

A, C, D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Which of the following terms refers to a mechanism which proves that the sender really sent a
particular message?

  • A. Non-repudiation
  • B. Confidentiality
  • C. Authentication
  • D. Integrity
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Which of the following characteristics are described by the DIAP Information Readiness Assessment
function? Each correct answer represents a complete solution. Choose all that apply.

  • A. It performs vulnerability/threat analysis assessment.
  • B. It identifies and generates IA requirements.
  • C. It provides data needed to accurately assess IA readiness.
  • D. It provides for entry and storage of individual system data.
Mark Question:
Answer:

A, B, C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Joseph works as a Software Developer for Web Tech Inc. He wants to protect the algorithms and the
techniques of programming that he uses in developing an application. Which of the following laws
are used to protect a part of software?

  • A. Code Security law
  • B. Trademark laws
  • C. Copyright laws
  • D. Patent laws
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Which of the following is the best method to stop vulnerability attacks on a Web server?

  • A. Using strong passwords
  • B. Configuring a firewall
  • C. Implementing the latest virus scanner
  • D. Installing service packs and updates
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Which of the following is NOT a valid maturity level of the Software Capability Maturity Model
(CMM)?

  • A. Managed level
  • B. Defined level
  • C. Fundamental level
  • D. Repeatable level
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2