ISSMP Exam

CISSP Information Systems Security Management Professional

Exam: ISSMP

CCCEEERRRTTT MMMAAAGGGIIICCC

Demo Edition

ISSMP

1 http://www.certmagic.com

QUESTION: 1Which of the following fields of management focuses on establishing and maintainingconsistency of a system's or product's performance and its functional and physicalattributes with its requirements, design, and operational information throughout its life?

A. Configuration managementB. Risk managementC. Procurement managementD. Change management

Answer: A

Explanation:Configuration management is a field of management that focuses on establishing andmaintaining consistency of a system's or product's performance and its functional andphysical attributes with its requirements, design, and operational information throughoutits life.Configuration Management System is a subsystem of the overall projectmanagement system. It is a collection of formal documented procedures used to identifyand document the functional and physical characteristics of a product, result, service, orcomponent of the project.It also controls any changes to such characteristics, and recordsand reports each change and its implementation status. It includes the documentation,tracking systems, and defined approval levels necessary for authorizing and controllingchanges. Audits are performed as part of configuration management to determine if therequirements have been met.Answer option C is incorrect. The procurement management plan defines more than justthe procurement of team members, if needed. It defines how procurements will be plannedand executed, and how the organization and the vendor will fulfill the terms of thecontract.Answer option B is incorrect. Risk Management is used to identify, assess, and controlrisks. It includes analyzing the value of assets to the business, identifying threats to thoseassets, and evaluating how vulnerable each asset is to those threats.Answer option D is incorrect. Change Management is used to ensure that standardizedmethods and procedures are used for efficient handling of all changes.

QUESTION: 2Which of the following are the ways of sending secure e-mail messages over the Internet?Each correct answer represents a complete solution. Choose two.

A. TLSB. PGPC. S/MIMED. IPSec

ISSMP


Answer: B, C

Explanation:Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME)are two ways of sending secure e-mail messages over the Internet. Both use public keycryptography, where users each possess two keys, a public key for encrypting, and aprivate key for decrypting messages. Because PGP has evolved from a free distribution, itis more popular than S/MIME.Answer option A is incorrect. Transport Layer Security (TLS) is an application layerprotocol that uses a combination of public and symmetric key processing to encrypt data.Answer option D is incorrect. Internet Protocol Security (IPSec) is a standard-basedprotocol that provides the highest level of VPN security. IPSec can encrypt virtuallyeverything above the networking layer. It is used for VPN connections that use the L2TPprotocol. It secures both data and password.IPSec cannot be used with Point-to-Point Tunneling Protocol (PPTP).

Reference:TechNet, Contents: "Ask Us About... Security, October 2000"

QUESTION: 3You work as a Senior Marketing Manger for Umbrella Inc. You find out that some of thesoftware applications on the systems were malfunctioning and also you were not able toaccess your remote desktop session. You suspected that some malicious attack wasperformed on the network of the company. You immediately called the incident responseteam to handle the situation who enquired the Network Administrator to acquire allrelevant information regarding the malfunctioning. The Network Administrator informedthe incident response team that he was reviewing the security of the network which causedall these problems. Incident response team announced that this was a controlled event notan incident.Which of the following steps of an incident handling process was performedby the incident response team?

A. ContainmentB. EradicationC. PreparationD. Identification

Answer: D

Explanation:According to the question, incident response team announced that this was a controlledevent not an incident. Incident response team performed the identification step to rectifythe incident. Identification is the first post-attack step in Incident handling process. In thisphase of the incident handling process, the Incident Handler determines whether theincident exists or not. An incident is described as an event in a system or network that

ISSMP


poses threat to the environment. Identification of an incident becomes more difficult withthe increase in the complexity of the attack. The Incident Handler should gather all factsand make decisions on the basis of those facts. Incident Handler needs to identify thefollowing characteristics of an attack before it can be properly processeD.

QUESTION: 4Which of the following is the process performed between organizations that have uniquehardware or software that cannot be maintained at a hot or warm site?

A. Cold sites arrangementB. Business impact analysisC. Duplicate processing facilitiesD. Reciprocal agreements

Answer: D

Explanation:The reciprocal agreements are arrangements between two or more organizations withsimilar equipment and applications. According to this agreement, organizations providecomputer time to each other in the case of an emergency. Theses types of agreements arecommonly done between organizations that have unique hardware or software that cannotbe maintained at a hot or warm site.Answer option B is incorrect. A business impact analysis (BIA) is a crisis managementand business impact analysis technique that identifies those threats that can impact thebusiness continuity of operations. Such threats can be either natural or man-made. TheBIA team should have a clear understanding of the organization, key business processes,and IT resources for assessing the risks associated with continuity. In the BIA team, thereshould be senior management, IT personnel, and end users to identify all resources that areto be used during normal operations.Answer option C is incorrect. The duplicate processing facilities work in the same manneras the hot site facilities, with the exception that they are completely dedicated, self-developed recovery facilities. The duplicate facility holds same equipment, operatingsystems, and applications and might have regularly synchronized data. The examples ofthe duplicate processing facilities can be the large organizations that have multiplegeographic locations.Answer option A is incorrect. A cold site is a backup site in case disaster has taken placein a data center. This is the least expensive disaster recovery solution, usually having onlya single room with no equipment. All equipment is brought to the site after the disaster. Itcan be on site or off site.

QUESTION: 5Which of the following involves changing data prior to or during input to a computer in aneffort to commit fraud?

ISSMP


A. Data diddlingB. WiretappingC. EavesdroppingD. Spoofing

Answer: A

Explanation:Data diddling involves changing data prior to or during input to a computer in an effort tocommit fraud. It also refers to the act of intentionally modifying information, programs, ordocumentations. Answer option C is incorrect. Eavesdropping is the process of listening inprivate conversations. It also includes attackers listening in on the network traffic. Forexample, it can be done over telephone lines (wiretapping), e-mail, instant messaging, andany other method of communication considered private.Answer option D is incorrect. Spoofing is a technique that makes a transmission appear tohave come from an authentic source by forging the IP address, email address, caller ID,etc. In IP spoofing, a hacker modifies packet headers by using someone else's IP addressto hide his identity. However, spoofing cannot be used while surfing the Internet, chattingon-line, etc. because forging the source IP address causes the responses to be misdirected.Answer option B is incorrect. Wiretapping is an act of monitoring telephone and Internetconversations by a third party. It is only legal with prior consent. Legalized wiretapping isgenerally practiced by the police or any other recognized governmental authority.

Reference:"http://financial-dictionary.thefreedictionary.com/Data+diddling"

QUESTION: 6Drag and drop the various evidences in the appropriate places.

ISSMP


Answer:

Explanation:The various categories of evidences required in forensics can be divided into a number ofcategories, depending on its reliability, quality, and completeness. These categories are asfollows:Best evidence: It is the original or primary evidence rather than a copy or duplicate of theevidence. Secondary evidence: It is a copy of the evidence or an oral description of itscontents. It is not as reliable as the best evidence.Direct evidence: It proves or disproves a specific act through oral testimony based oninformation gathered through the witness's five senses.Conclusive evidence: It is incontrovertible evidence, which overrides all other evidence.Opinions: The following are the two types of opinions:1. Expert: It offers an opinion based on personal expertise and facts.2. Non expert: It can testify only to facts.Circumstantial evidence:It is the inference ofinformation from other, intermediate, relevant facts.Hearsay evidence: This evidence is commonly not admissible in court. It is a third-partyevidence. Computer-generated records and other business records fall under the categoryof hearsay evidence because these records cannot be proven accurate and reliable.

Reference:CISM Review Manual 2010, Contents: "Incident Management and Response"

QUESTION: 7Which of the following penetration testing phases involves reconnaissance or datagathering?

ISSMP


A. Attack phaseB. Pre-attack phase C. Post-attack phaseD. Out-attack phase

Answer: B

Explanation:The pre-attack phase is the first step for a penetration tester. The pre-attack phase involvesreconnaissance or data gathering. It also includes gathering data from Whois, DNS, andnetwork scanning, which help in mapping a target network and provide valuableinformation regarding the operating system and applications running on the systems.Penetration testing involves locating the IP block and using domain name Whois to findpersonnel contact information.Answer option A is incorrect. The attack phase is the most important phase of penetrationtesting. Different exploitive and responsive hacking tools are used to monitor and test thesecurity of systems and the network. Some of the actions performed in the attack phase areas follows: Penetrating the perimeterEscalating privilegesExecuting, implanting, and retractingAnswer option C is incorrect. The post-attack phase involves restoring the system tonormal pre-test configurations. It includes removing files, cleaning registry entries, andremoving shares and connections. Analyzing all the results and presenting them in acomprehensive report is also the part of this phase. These reports include objectives,observations, all activities undertaken, and the results of test activities, and mayrecommend fixes for vulnerabilities.

QUESTION: 8Mark works as a security manager for SoftTech Inc. He is involved in the BIA phase tocreate a document to be used to help understand what impact a disruptive event wouldhave on the business. The impact might be financial or operational. Which of thefollowing are the objectives related to the above phase in which Mark is involved?Each correct answer represents a part of the solution. Choose three.

A. Resource requirements identificationB. Criticality prioritizationC. Down-time estimationD. Performing vulnerability assessment

Answer: A, B, C

ISSMP


Explanation:The main objectives of Business Impact Assessment (BIA) are as follows:Criticality prioritization: the entire critical business unit processes must be identified andprioritized, and the impact of a disruptive event must be evaluated. The non-time-criticalbusiness processes will need a lower priority rating for recovery than time-critical businessprocesses.Down-time estimation: The Maximum Tolerable Downtime (MTD) is estimated with thehelp of BIA, which the business can tolerate and still remain a viable company. For thisreason, the longest period of time a critical process can remain interrupted before thecompany can never recover. It is often found that this time period is much shorter thanestimated during the BIA process. This means that the company can tolerate only a muchbriefer period of interruption than was previously thought.Resource requirements identification: The identification of the required resources for thecritical processes is also performed at this time, with the most time sensitive processesreceiving the most resource allocation.Answer option D is incorrect. This is the invalid answer because performing vulnerabilityassessment is a step taken by BIA to achieve the above mentioned goals.

QUESTION: 9Which of the following recovery plans includes specific strategies and actions to deal withspecific variances to assumptions resulting in a particular security problem, emergency, orstate of affairs?

A. Business continuity planB. Disaster recovery planC. Continuity of Operations PlanD. Contingency plan

Answer: D

Explanation:A contingency plan is a plan devised for a specific situation when things could go wrong.Contingency plans include specific strategies and actions to deal with specific variances toassumptions resulting in a particular problem, emergency, or state of affairs. They alsoinclude a monitoring process and triggers for initiating planned actions.Answer option B is incorrect. Disaster recovery is the process, policies, and proceduresrelated to preparing for recovery or continuation of technology infrastructure critical to anorganization after a natural or human-induced disaster.Answer option A is incorrect. It deals with the plans and procedures that identify andprioritize the critical business functions that must be preserved.Answer option C is incorrect. It includes the plans and procedures documented that ensurethe continuity of critical operations during any period where normal operations areimpossible.

ISSMP


QUESTION: 10Which of the following protocols is used with a tunneling protocol to provide security?

A. FTPB. IPX/SPXC. IPSecD. EAP

Answer: C

Explanation:Internet Protocol Security (IPSec) is used with Layer 2 Tunneling Protocol (L2TP). It is astandard- based protocol that provides the highest level of virtual private network (VPN)security. IPSec can encrypt virtually everything above the networking layer. It securesboth data and password.

QUESTION: 11Which of the following subphases are defined in the maintenance phase of the life cyclemodels?

A. Change controlB. Configuration controlC. Request controlD. Release control

Answer: A, C, D

Explanation:The subphases of the maintenance phase in the life cycle model are as follows:Request control: This phase manages the users' requests for changes to the softwareproduct and gathers information that can be used for managing this activity.Change control: This phase is the most important step in the maintenance phase. Variousissues are addressed by the change control phase. Some of them are as follows:1.Recreating and analyzing the problem2.Developing the changes and corresponding tests3.Performing quality controlRelease control: It is associated with issuing the latest release of the software. Releasecontrol phase involves deciding which requests will be included in the new release,

ISSMP


archiving of the release, configuration management, quality control, distribution, andacceptance testing.Answer option B is incorrect. This is not a valid option.

Reference:CISM Review Manual 2010, Contents: "Information security process management"

QUESTION: 12Which of the following terms refers to a mechanism which proves that the sender reallysent a particular message?

A. Non-repudiationB. ConfidentialityC. AuthenticationD. Integrity

Answer: A

Explanation:Non-repudiation is a mechanism which proves that the sender really sent a message. Itprovides an evidence of the identity of the senderand message integrity. It also prevents aperson from denying the submission or delivery of the message and the integrity of itscontents.Answer option C is incorrect. Authentication is a process of verifying the identity of aperson or network host.Answer option B is incorrect. Confidentiality ensures that no one can read a messageexcept the intended receiver.Answer option D is incorrect. Integrity assures the receiver that the received message hasnot been altered in any way from the original.

Reference:"http://en.wikipedia.org/wiki/Non-repudiation"

QUESTION: 13Which of the following characteristics are described by the DIAP Information ReadinessAssessment function?Each correct answer represents a complete solution. Choose all thatapply.

A. It performs vulnerability/threat analysis assessment.B. It identifies and generates IA requirements.C. It provides data needed to accurately assess IA readiness.D. It provides for entry and storage of individual system data.

ISSMP


Answer: A, B, C

Explanation:The characteristics of the DIAP Information Readiness Assessment function are asfollows:It provides data needed to accurately assess IA readiness.It identifies and generates IA requirements.It performs vulnerability/threat analysis assessment.Answer option D is incorrect. It is a function performed by the ASSET system.

Reference:CISM Review Manual 2010, Contents: "Information Security Program Development"

QUESTION: 14Joseph works as a Software Developer for Web Tech Inc. He wants to protect thealgorithms and the techniques of programming that he uses in developing an application.Which of the following laws are used to protect a part of software?

A. Code Security lawB. Trademark lawsC. Copyright lawsD. Patent laws

Answer: D

Explanation:Patent laws are used to protect the duplication of software. Software patents cover thealgorithms and techniques that are used in creating the software. It does not cover theentire program of the software. Patents give the author the right to make and sell hisproduct. The time of the patent of a product is limited though, i.e., the author of theproduct has the right to use the patent for only a specific length of time.Answer option C is incorrect. Copyright laws protect original works or creations ofauthorship including literary, dramatic, musical, artistic, and certain other intellectualworks.

QUESTION: 15Which of the following is the best method to stop vulnerability attacks on a Web server?

A. Using strong passwords

ISSMP


B. Configuring a firewallC. Implementing the latest virus scannerD. Installing service packs and updates

Answer: D

Explanation:

A vulnerability attack takes advantage of the vulnerabilities in an operating system orsoftware service by entering the operating system and disrupting its working. The bestway to counter such attacks is to keep the operating system updated with latest servicepacks and updates.Answer option B is incorrect. Configuring a firewall is helpful in Denial-of-Serviceattacks.Answer option A is incorrect. Using strong passwords is helpful in countering brute forceattacks. Answer option C is incorrect. Virus scanners are used to protect computers fromviruses. They do not help protect computers from attacks.

QUESTION: 16Which of the following is NOT a valid maturity level of the Software Capability MaturityModel (CMM)?

A. Managed levelB. Defined levelC. Fundamental levelD. Repeatable level

Answer: C

Explanation:Fundamental level is not a valid maturity level in the Software Capability Maturity Model(CMM). The maturity levels of CMM are as follows:1.Initiating level: At this level, processes are performed on an ad hoc basis.2.Repeatable level: At this level, project management practices are institutionalized.3.Defined level: At this level, technical practices are integrated with management practicesinstitutionalized.4.Managed level: At this level, product and process are quantitatively controlled.5.Optimizing level: At this level, process improvement is institutionalized.

QUESTION: 17Which of the following BCP teams is the first responder and deals with the immediateeffects of the disaster?

ISSMP


A. Emergency-management teamB. Damage-assessment teamC. Off-site storage teamD. Emergency action team

Answer: D

Explanation:The primary goal of the emergency action team of the BCP team is to evacuate personneland secure human life. It is the first responder and deals with the immediate effects of thedisaster.Answer option B is incorrect. The damage access team assesses the damage immediatelyfollowing the disaster, to provide the estimate of time to recover.Answer option A is incorrect. The emergency-management team handles key decisionmaking and directs recovery teams and business personnel. It also handles financialarrangement, public relations, and media inquiries.Answer option C is incorrect. The offsite storage team is responsible for obtaining,packaging, and shipping media and records to the recovery facilities.

Reference:ISACA Online Help Manual, Contents: "Business Continuity and Disaster Recovery"

QUESTION: 18Which of the following security models dictates that subjects can only access objectsthrough applications?

A. Biba-Clark modelB. Bell-LaPadulaC. Clark-WilsonD. Biba model

Answer: C

Explanation:The Clark-Wilson security model dictates that subjects can only access objects throughapplications.Answer option D is incorrect. The Biba model does not let subjects write to objects at ahigher integrity level.

ISSMP


Answer option B is incorrect. The Bell-LaPadula model has a simple security rule, whichmeans a subject cannot read data from a higher level.Answer option A is incorrect. There is no such model as Biba-Clark model.

Reference: "http://en.wikipedia.org/wiki/Clark-Wilson_model"

QUESTION: 19Which of the following relies on a physical characteristic of the user to verify his identity?

A. Social EngineeringB. Kerberos v5C. BiometricsD. CHAP

Answer: C

Explanation:Biometrics is a method of authentication that uses physical characteristics, such asfingerprints, scars, retinal patterns, and other forms of biophysical qualities to identify auser. Nowadays, the usage of biometric devices such as hand scanners and retinal scannersis becoming more common in the business environment.Answer option B is incorrect. Kerberos v5 is an authentication method used by Windowsoperating systems to authenticate users and network services. Windows 2000/2003 and XPclients and servers use Kerberos v5 as the default authentication method. Kerberos hasreplaced the NT LAN Manager (NTLM) authentication method, which was less secure.Kerberos uses mutual authentication to verify both the identity of the user and networkservices. The Kerberos authentication process is transparent to the users.Note: Kerberos v5 is not supported on Windows XP Home clients or on any clients thatare not members of an Active Directory domain.Answer option A is incorrect. Social engineering is the art of convincing people andmaking them disclose useful information such as account names and passwords. Thisinformation is further exploited by hackers to gain access to a user's computer or network.This method involves mental ability of the people to trick someone rather than theirtechnical skills. A user should always distrust people who ask him for his account name orpassword, computer name, IP address, employee ID, or other information that can bemisused.Answer option D is incorrect. Challenge Handshake Authentication Protocol (CHAP) is anauthentication protocol that uses a secure form of encrypted authentication. Using CHAP,network dial-up connections are able to securely connect to almost all PPP servers.

QUESTION: 20Which of the following types of activities can be audited for security? Each correct answerrepresents a complete solution. Choose three.

ISSMP


A. Data downloading from the InternetB. File and object accessC. Network logons and logoffsD. Printer access

Answer: B, C, D

Explanation:The following types of activities can be audited.Network logons and logoffsFile accessPrinter accessRemote access service Application usage Network servicesAuditing is used to track user accounts for file and object access, logon attempts, systemshutdown, etc. This enhances the security of the network. Before enabling securityauditing, the type of event to be audited should be specified in the audit policy.Auditing is an essential component to maintain the security of deployed systems. Securityauditing depends on the criticality of the environment and on the company's securitypolicy. The security system should be reviewed periodically.Answer option A is incorrect. Data downloading from the Internet cannot be audited.

ISSMP


Documents

ISSMP Exam