Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

CISSP-ISSMP by ISC - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

Which of the following are examples of physical controls used to prevent unauthorized access to sensitive materials?

A Thermal alarm systems
B Closed circuit cameras
C Encryption
D Security Guards

Question 4

Which of the following security issues does the Bell-La Padula model focus on?

A Authentication
B Confidentiality
C Integrity
D Authorization

Question 5

Which of the following are the examples of administrative controls? Each correct answer represents a complete solution. Choose all that apply.

A Security awareness training
B Security policy
C Data Backup
D Auditing

Question 6

Which of the following laws enacted in United States makes it illegal for an Internet Service Provider (ISP) to allow child pornography to exist on Web sites?

A Child Pornography Prevention Act (CPPA)
B USA PATRIOT Act
C Prosecutorial Remedies and Tools Against the Exploitation of Children Today Act (PROTECT Act)
D Sexual Predators Act

Question 7

You work as a Web Administrator for Perfect World Inc. The company is planning to host an E-commerce Web site. You are required to design a security plan for it. Client computers with different operating systems will access the Web server. How will you configure the Web server so that it is secure and only authenticated users are able to access it? Each correct answer represents a part of the solution. Choose two.

A Use encrypted authentication.
B Use the SSL protocol.
C Use the EAP protocol.
D Use Basic authentication.

Question 8

Which of the following characteristics are described by the DIAP Information Readiness Assessment function? Each correct answer represents a complete solution. Choose all that apply.

A It performs vulnerability/threat analysis assessment.
B It identifies and generates IA requirements.
C It provides data needed to accurately assess IA readiness.
D It provides for entry and storage of individual system data.

Question 9

Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

A Quantitative analysis
B Contingency reserve
C Risk response
D Risk response plan

Question 10

Joseph works as a Software Developer for Web Tech Inc. He wants to protect the algorithms and the techniques of programming that he uses in developing an application. Which of the following laws are used to protect a part of software?

A Code Security law
B Trademark laws
C Copyright laws
D Patent laws

Question 11

Which of the following is the best method to stop vulnerability attacks on a Web server?

A Using strong passwords
B Configuring a firewall
C Implementing the latest virus scanner
D Installing service packs and updates

Question 12

Which of the following rate systems of the Orange book has no security controls?

A D-rated
B C-rated
C E-rated
D A-rated

Question 13

What course of action can be taken by a party if the current negotiations fail and an agreement cannot be reached?

A ZOPA
B PON
C Bias
D BATNA

Question 14

Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?

A Managed level
B Defined level
C Fundamental level
D Repeatable level

Question 15

Which of the following statements is related with the second law of OPSEC?

A If you are not protecting it (the critical and sensitive information), the adversary wins!
B If you don't know what to protect, how do you know you are protecting it?
C If you don't know about your security resources you could not protect your network.
D If you don't know the threat, how do you know what to protect?

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 3 • Questions 1-25 of 73

1 2 3

→

Know a question that should be here? Contribute to this exam

Which of the following fields of management focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?

A Configuration management
B Risk management
C Procurement management
D Change management

Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?

A Non-repudiation
B Confidentiality
C Authentication
D Integrity