Cyber Monday 2023! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: CM25OFF
Welcome to Pass4Success

- Free Preparation Discussions

ISC2 Information Systems Security Management Professional Exam

Certification Provider: ISC2
Exam Name: Information Systems Security Management Professional
Duration: 150 Minutes
Number of questions in our database: 224
Exam Version: Nov. 23, 2023
Exam Official Topics:
  • Topic 1: Threat Intelligence and Incident Management/ Risk Management
  • Topic 2: Law, Ethics and Security Compliance Management/ Understand the general processes employed in the identification of system assets
  • Topic 3: Systems Lifecycle Management/ Contingency Management/ Apply metrics, budgeting, project management and management of security team
  • Topic 4: Leadership and Business Management/ Recommend a documented security program that includes security awareness
  • Topic 5: Recognize the laws, regulations, and supporting policies/ Understand the general processes employed in the identification of system assets

Free ISC2 Information Systems Security Management Professional Exam Actual Questions

The questions for Information Systems Security Management Professional were last updated On Nov. 23, 2023

Question #1

Which of the following access control models are used in the commercial sector?

Each correct answer represents a complete solution. Choose two.

Reveal Solution Hide Solution
Correct Answer: B, D

The Biba model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.

The Clark-Wilson security model provides a foundation for specifying and analyzing an integrity policy for a computing system.

Answer option C is incorrect. The Bell-LaPadula access control model is mainly used in military systems.

Answer option A is incorrect. There is no such access control model as Clark-Biba.


Question #2

An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?

Reveal Solution Hide Solution
Correct Answer: C

Monitoring the computer hard disks or e-mails of employees pertains to the privacy policy of an organization.

Answer option B is incorrect. The backup policy of a company is related to the backup of its data.

Answer option A is incorrect. The network security policy is related to the security of a company's network.

Answer option D is incorrect. The user password policy is related to passwords that users provide to log on to the network.


Question #3

Sarah has created a site on which she publishes a copyrighted material. She is ignorant that she is infringing copyright. Is she guilty under copyright laws?

Reveal Solution Hide Solution
Correct Answer: B

Sarah is guilty under copyright laws because pleading ignorance of copyright infringement is not an excuse.

What is copyright?

A copyright is a form of intellectual property, which secures to its holder the exclusive right to produce copies of his or her works of original expression, such as a literary work, movie, musical work or sound recording, painting, photograph, computer program, or industrial design, for a defined, yet extendable, period of time. It does not cover ideas or facts. Copyright laws protect intellectual property from misuse by other individuals.


Question #4

Tomas is the project manager of the QWS Project and is worried that the project stakeholders will want to change the project scope frequently. His fear is based on the many open issues in the project and how the resolution of the issues may lead to additional project changes. On what document are Tomas and the stakeholders working in this scenario?

Reveal Solution Hide Solution
Correct Answer: B

The change management plan defines how the change control system works and the proper channels and procedures manages changes within the project. Change control system, a part of the configuration management system, is a collection of formal documented procedures that

define how project deliverables and documentation will be controlled, changed, and approved.

Answer option C is incorrect. The issue log is a document that records all issues, their characteristics, and status.

Answer option A is incorrect. The communications management plan defines who needs what information, when the information is needed, and the modality the information is to be communicated in.

Answer option D is incorrect. The risk management plan defines how risk will be managed within the project.


Question #5

You work as the Senior Project manager in Dotcoiss Inc. Your company has started a software project using configuration management and has completed 70% of it. You need to ensure that the network infrastructure devices and networking standards used in this project are installed in accordance with the requirements of its detailed project design documentation. Which of the following procedures will you employ to accomplish the task?

Reveal Solution Hide Solution
Correct Answer: B

Physical Configuration Audit (PCA) is one of the practices used in Software Configuration Management for Software Configuration Auditing. The purpose of the software PCA is to ensure that the design and reference documentation is consistent with the as-built software product. PCA checks and matches the really implemented layout with the documented layout.

Answer option D is incorrect. Functional Configuration Audit or FCA is one of the practices used in Software Configuration Management for Software Configuration Auditing. FCA occurs either at delivery or at the moment of effecting the change. A Functional Configuration Audit ensures that functional and performance attributes of a configuration item are achieved.

Answer option C is incorrect. Configuration control is a procedure of the Configuration management. Configuration control is a set of processes and approval stages required to change a configuration item's attributes and to re-baseline them. It supports the change of the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes.

Answer option A is incorrect. Configuration identification is the process of identifying the attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed.



Unlock all Information Systems Security Management Professional Exam Questions with Advanced Practice Test Features:
  • Select Question Types you want
  • Set your Desired Pass Percentage
  • Allocate Time (Hours : Minutes)
  • Create Multiple Practice tests with Limited Questions
  • Customer Support
Get Full Access Now
Disscuss ISC2 Information Systems Security Management Professional Topics, Questions or Ask Anything Related

Save Cancel