最新的CISSP Concentrations認證 CISSP-ISSMP考試題庫

問題1

Which of the following needs to be documented to preserve evidences for presentation in court?

A. Account lockout policy

B. Separation of duties

C. Incident response policy

D. Chain of custody

正確答案: D

問題2

NIST Special Publication 800-50 is a security awareness program. It is designed for those people who are currently working in the information technology field and want information on security policies. Which of the following are some of its critical steps? Each correct answer represents a complete solution. Choose two.

A. Awareness and Training Material Implementation

B. Awareness and Training Program Design

C. Awareness and Training Material Development

D. Awareness and Training Material Effectiveness

正確答案: B,C

問題3

Which of the following is a name, symbol, or slogan with which a product is identified?

A. Trademark

B. Patent

C. Trade secret

D. Copyright

正確答案: A

問題4

In which of the following phases of the SDLC does the software and other components of the system faithfully incorporate the design specifications and provide proper documentation and training?

A. Evaluation and acceptance

B. Initiation

C. Programming andtraining

D. Design

正確答案: C

問題5

Which of the following acts is a specialized privacy bill that affects any educational institution to accept any form of funding from the federal government?

A. FERPA

B. HIPAA

C. COPPA

D. GLBA

正確答案: A

問題6

Which of the following are the common roles with regard to data in an information classification program? Each correct answer represents a complete solution. Choose all that apply.

A. Editor

B. Owner

C. Security auditor

D. Custodian

E. User

正確答案: B,C,D,E

問題7

Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution. Choose three.

A. It ensures that unauthorized modifications are not made to data by authorized personnel orprocesses.

B. It determines the actions and behaviors of a single individual within a system

C. It ensures that modifications are not made to data by unauthorized personnel or processes.

D. It ensures that internal information is consistent among all subentities and also consistent with the real-world, external situation.

正確答案: A,C,D

問題8

Which of the following rated systems of the Orange book has mandatory protection of the TCB?

A. A-rated

B. B-rated

C. C-rated

D. D-rated

正確答案: B

問題9

A contract cannot have provisions for which one of the following?

A. Penalties and fines for disclosure of intellectual rights

B. Subcontracting the work

C. Illegal activities

D. A deadline for the completion of the work

正確答案: C

問題10

Which of the following refers to the ability to ensure that the data is not modified or tampered with?

A. Availability

B. Non-repudiation

C. Confidentiality

D. Integrity

正確答案: D

問題11

Which of the following attacks can be mitigated by providing proper training to the employees in an organization?

A. Denial-of-Service

B. Smurf

C. Social engineering

D. Man-in-the-middle

正確答案: C

最新的ISC CISSP-ISSMP - Information Systems Security Management Professional - CISSP-ISSMP免費考試真題

最新更新

站內鏈接

聯系我們