Free Preparation Discussions
MENU
ISC2 Information Systems Security Management Professional Exam
- Topic 1: Threat Intelligence and Incident Management/ Risk Management
- Topic 2: Law, Ethics and Security Compliance Management/ Understand the general processes employed in the identification of system assets
- Topic 3: Systems Lifecycle Management/ Contingency Management/ Apply metrics, budgeting, project management and management of security team
- Topic 4: Leadership and Business Management/ Recommend a documented security program that includes security awareness
- Topic 5: Recognize the laws, regulations, and supporting policies/ Understand the general processes employed in the identification of system assets
Free ISC2 Information Systems Security Management Professional Exam Actual Questions
The questions for Information Systems Security Management Professional were last updated On Nov. 23, 2023
Which of the following access control models are used in the commercial sector?
Each correct answer represents a complete solution. Choose two.
The Biba model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.
The Clark-Wilson security model provides a foundation for specifying and analyzing an integrity policy for a computing system.
Answer option C is incorrect. The Bell-LaPadula access control model is mainly used in military systems.
Answer option A is incorrect. There is no such access control model as Clark-Biba.
An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?
Monitoring the computer hard disks or e-mails of employees pertains to the privacy policy of an organization.
Answer option B is incorrect. The backup policy of a company is related to the backup of its data.
Answer option A is incorrect. The network security policy is related to the security of a company's network.
Answer option D is incorrect. The user password policy is related to passwords that users provide to log on to the network.
Sarah has created a site on which she publishes a copyrighted material. She is ignorant that she is infringing copyright. Is she guilty under copyright laws?
Sarah is guilty under copyright laws because pleading ignorance of copyright infringement is not an excuse.
What is copyright?
A copyright is a form of intellectual property, which secures to its holder the exclusive right to produce copies of his or her works of original expression, such as a literary work, movie, musical work or sound recording, painting, photograph, computer program, or industrial design, for a defined, yet extendable, period of time. It does not cover ideas or facts. Copyright laws protect intellectual property from misuse by other individuals.
Tomas is the project manager of the QWS Project and is worried that the project stakeholders will want to change the project scope frequently. His fear is based on the many open issues in the project and how the resolution of the issues may lead to additional project changes. On what document are Tomas and the stakeholders working in this scenario?
The change management plan defines how the change control system works and the proper channels and procedures manages changes within the project. Change control system, a part of the configuration management system, is a collection of formal documented procedures that
define how project deliverables and documentation will be controlled, changed, and approved.
Answer option C is incorrect. The issue log is a document that records all issues, their characteristics, and status.
Answer option A is incorrect. The communications management plan defines who needs what information, when the information is needed, and the modality the information is to be communicated in.
Answer option D is incorrect. The risk management plan defines how risk will be managed within the project.
You work as the Senior Project manager in Dotcoiss Inc. Your company has started a software project using configuration management and has completed 70% of it. You need to ensure that the network infrastructure devices and networking standards used in this project are installed in accordance with the requirements of its detailed project design documentation. Which of the following procedures will you employ to accomplish the task?
Physical Configuration Audit (PCA) is one of the practices used in Software Configuration Management for Software Configuration Auditing. The purpose of the software PCA is to ensure that the design and reference documentation is consistent with the as-built software product. PCA checks and matches the really implemented layout with the documented layout.
Answer option D is incorrect. Functional Configuration Audit or FCA is one of the practices used in Software Configuration Management for Software Configuration Auditing. FCA occurs either at delivery or at the moment of effecting the change. A Functional Configuration Audit ensures that functional and performance attributes of a configuration item are achieved.
Answer option C is incorrect. Configuration control is a procedure of the Configuration management. Configuration control is a set of processes and approval stages required to change a configuration item's attributes and to re-baseline them. It supports the change of the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes.
Answer option A is incorrect. Configuration identification is the process of identifying the attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Submit Cancel