Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

ISC2 Information Systems Security Management Professional Exam

Certification Provider: ISC2
Exam Name: Information Systems Security Management Professional
Duration: 150 Minutes
Number of questions in our database: 224
Exam Version: Mar. 20, 2024
Exam Official Topics:
  • Topic 1: Threat Intelligence and Incident Management/ Risk Management
  • Topic 2: Law, Ethics and Security Compliance Management/ Understand the general processes employed in the identification of system assets
  • Topic 3: Systems Lifecycle Management/ Contingency Management/ Apply metrics, budgeting, project management and management of security team
  • Topic 4: Leadership and Business Management/ Recommend a documented security program that includes security awareness
  • Topic 5: Recognize the laws, regulations, and supporting policies/ Understand the general processes employed in the identification of system assets
Disscuss ISC2 Information Systems Security Management Professional Topics, Questions or Ask Anything Related

Currently there are no comments in this discussion, be the first to comment!

Free ISC2 Information Systems Security Management Professional Exam Actual Questions

The questions for Information Systems Security Management Professional were last updated On Mar. 20, 2024

Question #1

Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation?

Reveal Solution Hide Solution
Correct Answer: B

Contingency plan is prepared and documented for emergency response, backup operations, and recovery maintained by an activity as the element of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency

situation. A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything that could happen. Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and 'triggers' for initiating planned actions. They are required to help governments, businesses, or individuals to recover from serious incidents in the minimum time with minimum cost and disruption.

Answer option A is incorrect. A disaster recovery plan should contain data, hardware, and software that can be critical for a business. It should also include the plan for sudden loss such as hard disc crash. The business should use backup and data recovery utilities to limit the loss of data.

Answer option C is incorrect. The Continuity Of Operation Plan (COOP) refers to the preparations and institutions maintained by the United States government, providing survival of federal government operations in the case of catastrophic events. It provides procedures and capabilities to sustain an organization's essential. COOP is the procedure documented to ensure persistent critical operations throughout any period where normal operations are unattainable.

Answer option D is incorrect. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster

or extended disruption. The logistical plan is called a business continuity plan.


Question #2

Fill in the blank with an appropriate word. _________ are used in information security to formalize security policies.

Reveal Solution Hide Solution
Correct Answer: A

Question #3

Which of the following rated systems of the Orange book has mandatory protection of the TCB?

Reveal Solution Hide Solution
Correct Answer: A

A B-rated system of the orange book has mandatory protection of the trusted computing base (TCB).

Trusted computing base (TCB) refers to hardware, software, controls, and processes that cause a computer system or network to be devoid of malicious software or hardware. Maintaining the trusted computing base (TCB) is essential for security policy to be implemented successfully.


Question #4

Sarah has created a site on which she publishes a copyrighted material. She is ignorant that she is infringing copyright. Is she guilty under copyright laws?

Reveal Solution Hide Solution
Correct Answer: B

Sarah is guilty under copyright laws because pleading ignorance of copyright infringement is not an excuse.

What is copyright?

A copyright is a form of intellectual property, which secures to its holder the exclusive right to produce copies of his or her works of original expression, such as a literary work, movie, musical work or sound recording, painting, photograph, computer program, or industrial design, for a defined, yet extendable, period of time. It does not cover ideas or facts. Copyright laws protect intellectual property from misuse by other individuals.


Question #5

Which of the following access control models are used in the commercial sector?

Each correct answer represents a complete solution. Choose two.

Reveal Solution Hide Solution
Correct Answer: B, D

The Biba model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.

The Clark-Wilson security model provides a foundation for specifying and analyzing an integrity policy for a computing system.

Answer option C is incorrect. The Bell-LaPadula access control model is mainly used in military systems.

Answer option A is incorrect. There is no such access control model as Clark-Biba.



Unlock all Information Systems Security Management Professional Exam Questions with Advanced Practice Test Features:
  • Select Question Types you want
  • Set your Desired Pass Percentage
  • Allocate Time (Hours : Minutes)
  • Create Multiple Practice tests with Limited Questions
  • Customer Support
Get Full Access Now

Save Cancel