ISSMP Online Practice Questions and Answers

Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT Service Management (ITSM) process. Configuration Management is used for which of the following? 1.To account for all IT assets 2.To provide precise information support to other ITIL disciplines 3.To provide a solid base only for Incident and Problem Management 4.To verify configuration records and correct any exceptions

A. 1, 3, and 4 only

B. 2 and 4 only

C. 1, 2, and 4 only

D. 2, 3, and 4 only

Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

A. Risk register

B. Risk management plan

C. Quality management plan

D. Project charter

Which of the following backup sites takes the longest recovery time?

A. Cold site

B. Hot site

C. Warm site

D. Mobile backup site

Which of the following attacks can be mitigated by providing proper training to the employees in an organization?

A. Social engineering

B. Smurf

C. Denial-of-Service

D. Man-in-the-middle

You work as a Forensic Investigator. Which of the following rules will you follow while working on a case? Each correct answer represents a part of the solution. Choose all that apply.

A. Prepare a chain of custody and handle the evidence carefully.

B. Examine original evidence and never rely on the duplicate evidence.

C. Never exceed the knowledge base of the forensic investigation.

D. Follow the rules of evidence and never temper with the evidence.

DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.

A. System Definition

B. Accreditation

C. Verification

D. Re-Accreditation

E. Validation

F. Identification

Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?

A. Initial analysis, request for service, data collection, data reporting, data analysis

B. Initial analysis, request for service, data collection, data analysis, data reporting

C. Request for service, initial analysis, data collection, data analysis, data reporting

D. Request for service, initial analysis, data collection, data reporting, data analysis

You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location. However, budget is an issue. Which of the following is most appropriate for this client?

A. Cold site

B. Off site

C. Hot site

D. Warm site

Which of the following statements best explains how encryption works on the Internet?

A. Encryption encodes information using specific algorithms with a string of numbers known as a key.

B. Encryption validates a username and password before sending information to the Web server.

C. Encryption allows authorized users to access Web sites that offer online shopping.

D. Encryption helps in transaction processing by e-commerce servers on the Internet.

Which of the following security models deal only with integrity? Each correct answer represents a complete solution. Choose two.

A. Biba-Wilson

B. Clark-Wilson

C. Bell-LaPadula

D. Biba