ISC ISSMP Exam Questions

Questions for the ISSMP were updated on : Dec 26 ,2025

Page 1 out of 15. Viewing questions 1-15 out of 218

Question 1

Which of the following access control models are used in the commercial sector? Each correct
answer represents a complete solution. Choose two.

  • A. Clark-Biba model
  • B. Clark-Wilson model
  • C. Bell-LaPadula model
  • D. Biba model
Answer:

B, D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

In which of the following mechanisms does an authority, within limitations, specify what objects can
be accessed by a subject?

  • A. Role-Based Access Control
  • B. Discretionary Access Control
  • C. Task-based Access Control
  • D. Mandatory Access Control
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

You work as the Senior Project manager in Dotcoiss Inc. Your company has started a software project
using configuration management and has completed 70% of it. You need to ensure that the network
infrastructure devices and networking standards used in this project are installed in accordance with
the requirements of its detailed project design documentation. Which of the following procedures
will you employ to accomplish the task?

  • A. Configuration identification
  • B. Physical configuration audit
  • C. Configuration control
  • D. Functional configuration audit
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which of the following can be done over telephone lines, e-mail, instant messaging, and any other
method of communication considered private.

  • A. Shielding
  • B. Spoofing
  • C. Eavesdropping
  • D. Packaging
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which of the following concepts represent the three fundamental principles of information security?
Each correct answer represents a complete solution. Choose three.

  • A. Confidentiality
  • B. Integrity
  • C. Availability
  • D. Privacy
Answer:

A, B, C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Which of the following plans is designed to protect critical business processes from natural or man-
made failures or disasters and the resultant loss of capital due to the unavailability of normal
business processes?

  • A. Business continuity plan
  • B. Crisis communication plan
  • C. Contingency plan
  • D. Disaster recovery plan
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which of the following models uses a directed graph to specify the rights that a subject can transfer
to an object or that a subject can take from another subject?

  • A. Take-Grant Protection Model
  • B. Bell-LaPadula Model
  • C. Biba Integrity Model
  • D. Access Matrix
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Sarah has created a site on which she publishes a copyrighted material. She is ignorant that she is
infringing copyright. Is she guilty under copyright laws?

  • A. No
  • B. Yes
Answer:

B

User Votes:
A
50%
B
50%
Discussions
vote your answer:
A
B
0 / 1000

Question 9

An organization monitors the hard disks of its employees' computers from time to time. Which policy
does this pertain to?

  • A. Network security policy
  • B. Backup policy
  • C. Privacy policy
  • D. User password policy
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of the following is a name, symbol, or slogan with which a product is identified?

  • A. Copyright
  • B. Trademark
  • C. Trade secret
  • D. Patent
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Which of the following processes is used by remote users to make a secure connection to internal
resources after establishing an Internet connection?

  • A. Packet filtering
  • B. Tunneling
  • C. Packet sniffing
  • D. Spoofing
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

In which of the following alternative processing sites is the backup facility maintained in a constant
order, with a full complement of servers, workstations, and communication links ready to assume
the primary operations responsibility?

  • A. Mobile Site
  • B. Cold Site
  • C. Warm Site
  • D. Hot Site
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Which of the following are known as the three laws of OPSEC? Each correct answer represents a part
of the solution. Choose three.

  • A. If you don't know the threat, how do you know what to protect?
  • B. If you don't know what to protect, how do you know you are protecting it?
  • C. If you are not protecting it (the critical and sensitive information), the adversary wins!
  • D. If you don't know about your security resources you cannot protect your network.
Answer:

A, B, C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Fill in the blank with an appropriate word. _________ are used in information security to formalize
security policies.

  • A. Models.
Answer:

A

User Votes:
A
50%
Discussions
vote your answer:
A
0 / 1000

Question 15

You work as the project manager for Bluewell Inc. You are working on NGQQ Project for your
company. You have completed the risk analysis processes for the risk events. You and the project
team have created risk responses for most of the identified project risks. Which of the following risk
response planning techniques will you use to shift the impact of a threat to a third party, together
with the responses?

  • A. Risk mitigation
  • B. Risk acceptance
  • C. Risk avoidance
  • D. Risk transference
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2