Is the CISSP-ISSMP practice exam free?

Yes. ExamCademy offers all 216 CISSP-ISSMP practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the CISSP-ISSMP practice questions?

All CISSP-ISSMP questions are community-created and reviewed by moderators to align with ISC's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the CISSP-ISSMP exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official ISC documentation and hands-on experience for best results.

CISSP-ISSMP Practice Exam — Free 216+ Questions

216Practice Questions

3Study Modes

FreeTo Get Started

Topic:Sort:

Question 1

Leadership and Organizational Management

Question 2

Security Operations

Question 3

Security Operations

Question 4

Security Operations

Question 5

Systems Lifecycle Management

Question 7

Contingency Management

Question 8

Systems Lifecycle Management

Question 9

Security Operations

Question 10

Security Operations

Question 11

Security Operations

Question 12

Security Operations

Question 13

Security Operations

Question 14

Security Operations

Question 15

Law, Ethics, and Security Compliance Management

Question 16

Security Operations

Question 17

Risk Management

Question 18

Security Operations

Question 19

Systems Lifecycle Management

Question 20

Security Operations

Question 21

Risk Management

Question 22

Risk Management

Question 23

Law, Ethics, and Security Compliance Management

Question 24

Systems Lifecycle Management

Question 25

Systems Lifecycle Management

Question 26

Risk Management

Page 1 of 9 • Questions 1-25 of 216

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Ned is the program manager for his organization and he's considering some new materials for his program. He and his team have never worked with these materials before and he wants to ask the vendor for some additional information, a demon, and even some samples. What type of a document should Ned send to the vendor?

A IFB
B RFQ
C RFP
D RFI

SIMULATION -
Fill in the blank with an appropriate phrase.________ An is an intensive application of the OPSEC process to an existing operation or activity by a multidiscipline team of experts.

Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution.
Choose three.

A It ensures that unauthorized modifications are not made to data by authorized personnel or processes.
B It determines the actions and behaviors of a single individual within a system
C It ensures that modifications are not made to data by unauthorized personnel or processes.
D It ensures that internal information is consistent among all subentities and also consistent with the real-world, external situation.

You work as a Web Administrator for Perfect World Inc. The company is planning to host an E-commerce Web site. You are required to design a security plan for it. Client computers with different operating systems will access the Web server. How will you configure the Web server so that it is secure and only authenticated users are able to access it? Each correct answer represents a part of the solution. Choose two.

A Use encrypted authentication.
B Use the SSL protocol.
C Use the EAP protocol.
D Use Basic authentication.

Which of the following fields of management focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?

A Configuration management
B Risk management
C Procurement management
D Change management

Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the continuity strategy?

A Business continuity plan development
B Business impact assessment
C Scope and plan initiation
D Plan approval and implementation

Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.

A Vulnerability Assessment and Penetration Testing
B Security Certification and Accreditation (C&A)
C Change and Configuration Control
D Risk Adjustments

Which of the following statements is related with the first law of OPSEC?

A If you are not protecting it (the critical and sensitive information), the adversary wins!
B If you don't know what to protect, how do you know you are protecting it?
C If you don't know about your security resources you could not protect your network.
D If you don't know the threat, how do you know what to protect?

You work as a Network Administrator for ABC Inc. The company uses a secure wireless network. John complains to you that his computer is not working properly.
What type of security audit do you need to conduct to resolve the problem?

A Operational audit
B Dependent audit
C Non-operational audit
D Independent audit

Which of the following are examples of physical controls used to prevent unauthorized access to sensitive materials?

A Thermal alarm systems
B Closed circuit cameras
C Encryption
D Security Guards

Which of the following are the examples of administrative controls? Each correct answer represents a complete solution. Choose all that apply.

A Security awareness training
B Security policy
C Data Backup
D Auditing

Which of the following statements is related with the second law of OPSEC?

A If you are not protecting it (the critical and sensitive information), the adversary wins!
B If you don't know what to protect, how do you know you are protecting it?
C If you don't know about your security resources you could not protect your network.
D If you don't know the threat, how do you know what to protect?

Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?

A Data diddling
B Wiretapping
C Eavesdropping
D Spoofing

Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment within the work place. Peter started with the definition and types of sexual harassment. He then wants to convey that it is important that records of the sexual harassment incidents should be maintained, which helps in further legal prosecution. Which of the following data should be recorded in this documentation? Each correct answer represents a complete solution. Choose all that apply.

A Names of the victims
B Location of each incident
C Nature of harassment
D Date and time of incident

Which of the following are the ways of sending secure e-mail messages over the Internet? Each correct answer represents a complete solution. Choose two.

A TLS
B PGP
C S/MIME
D IPSec

Which of the following characteristics are described by the DIAP Information Readiness Assessment function? Each correct answer represents a complete solution. Choose all that apply.

A It performs vulnerability/threat analysis assessment.
B It identifies and generates IA requirements.
C It provides data needed to accurately assess IA readiness.
D It provides for entry and storage of individual system data.

Which of the following is the best method to stop vulnerability attacks on a Web server?

A Using strong passwords
B Configuring a firewall
C Implementing the latest virus scanner
D Installing service packs and updates

Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?

A Managed level
B Defined level
C Fundamental level
D Repeatable level

Which of the following statements about system hardening are true? Each correct answer represents a complete solution. Choose two.

A It can be achieved by installing service packs and security updates on a regular basis.
B It is used for securing the computer hardware.
C It can be achieved by locking the computer room.
D It is used for securing an operating system.

Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

A Monitor and Control Risks
B Identify Risks
C Perform Qualitative Risk Analysis
D Perform Quantitative Risk Analysis

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

A Risk management plan
B Lessons learned documentation
C Risk register
D Stakeholder management strategy

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

A SSAA
B FITSAF
C FIPS
D TCSEC

Which of the following analysis provides a foundation for measuring investment of time, money and human resources required to achieve a particular outcome?

A Vulnerability analysis
B Cost-benefit analysis
C Gap analysis
D Requirement analysis

What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?

A Scope Verification
B Project Management Information System
C Integrated Change Control
D Configuration Management System

You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agreement is an example of what risk response?

A Mitigation
B Sharing
C Acceptance
D Transference

CISSP-ISSMPPreview

About the CISSP-ISSMP Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 26

CISSP-ISSMPPreview

About the CISSP-ISSMP Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 26