Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

CISSP-ISSMPFree trial

By isc

Verified

25Q per page

Question 1

Which of the following fields of management focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?

A: Configuration management
B: Risk management
C: Procurement management
D: Change management

—

Question 2

Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?

A: Non-repudiation
B: Confidentiality
C: Authentication
D: Integrity

—

Question 3

Which of the following are examples of physical controls used to prevent unauthorized access to sensitive materials?

A: Thermal alarm systems
B: Closed circuit cameras
C: Encryption
D: Security Guards

—

Question 4

Which of the following security issues does the Bell-La Padula model focus on?

A: Authentication
B: Confidentiality
C: Integrity
D: Authorization

—

Question 5

Which of the following are the examples of administrative controls? Each correct answer represents a complete solution. Choose all that apply.

A: Security awareness training
B: Security policy
C: Data Backup
D: Auditing

—

Question 6

Which of the following laws enacted in United States makes it illegal for an Internet Service Provider (ISP) to allow child pornography to exist on Web sites?

A: Child Pornography Prevention Act (CPPA)
B: USA PATRIOT Act
C: Prosecutorial Remedies and Tools Against the Exploitation of Children Today Act (PROTECT Act)
D: Sexual Predators Act

—

Question 7

You work as a Web Administrator for Perfect World Inc. The company is planning to host an E-commerce Web site. You are required to design a security plan for it. Client computers with different operating systems will access the Web server. How will you configure the Web server so that it is secure and only authenticated users are able to access it? Each correct answer represents a part of the solution. Choose two.

A: Use encrypted authentication.
B: Use the SSL protocol.
C: Use the EAP protocol.
D: Use Basic authentication.

—

Question 8

Which of the following characteristics are described by the DIAP Information Readiness Assessment function? Each correct answer represents a complete solution. Choose all that apply.

A: It performs vulnerability/threat analysis assessment.
B: It identifies and generates IA requirements.
C: It provides data needed to accurately assess IA readiness.
D: It provides for entry and storage of individual system data.

—

Question 9

Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

A: Quantitative analysis
B: Contingency reserve
C: Risk response
D: Risk response plan

—

Question 10

Joseph works as a Software Developer for Web Tech Inc. He wants to protect the algorithms and the techniques of programming that he uses in developing an application. Which of the following laws are used to protect a part of software?

A: Code Security law
B: Trademark laws
C: Copyright laws
D: Patent laws

—

Question 11

Which of the following is the best method to stop vulnerability attacks on a Web server?

A: Using strong passwords
B: Configuring a firewall
C: Implementing the latest virus scanner
D: Installing service packs and updates

—

Question 12

Which of the following rate systems of the Orange book has no security controls?

A: D-rated
B: C-rated
C: E-rated
D: A-rated

—

Question 13

What course of action can be taken by a party if the current negotiations fail and an agreement cannot be reached?

A: ZOPA
B: PON
C: Bias
D: BATNA

—

Question 14

Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?

A: Managed level
B: Defined level
C: Fundamental level
D: Repeatable level

—

Question 15

Which of the following statements is related with the second law of OPSEC?

A: If you are not protecting it (the critical and sensitive information), the adversary wins!
B: If you don't know what to protect, how do you know you are protecting it?
C: If you don't know about your security resources you could not protect your network.
D: If you don't know the threat, how do you know what to protect?

—

That’s the end of your free questions

You’ve reached the preview limit for CISSP-ISSMP

Consider upgrading to gain full access!

Page 1 of 3 • Questions 1-25 of 73

1 2 3

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!