Free CISSP-ISSMP Practice Test – 2025 Updated

Which of the following is the correct order of digital investigations Standard Operating
Procedure (SOP)?

Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

Against which of the following does SSH provide protection? Each correct answer represents a complete solution. Choose two.

What is a stakeholder analysis chart?

Which of the following contract types is described in the statement below? "This contract type provides no incentive for the contractor to control costs and hence is rarely utilized."

Which of the following acts is a specialized privacy bill that affects any educational institution to accept any form of funding from the federal government?

A contract cannot have provisions for which one of the following?

You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. One of the employees of your organization asks you the purpose of the security awareness, training and education program. What will be your answer?

What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?

What are the purposes of audit records on an information system? Each correct answer represents a complete solution. Choose two.

Which of the following analysis provides a foundation for measuring investment of time, money and human resources required to achieve a particular outcome?

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

Which of the following security models dictates that subjects can only access objects through applications?

You work as a Network Administrator for ABC Inc. The company uses a secure wireless network. John complains to you that his computer is not working properly.
What type of security audit do you need to conduct to resolve the problem?

Which of the following is the best method to stop vulnerability attacks on a Web server?

Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?

Which of the following penetration testing phases involves reconnaissance or data gathering?

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

You work as a Senior Marketing Manger for Umbrella Inc. You find out that some of the software applications on the systems were malfunctioning and also you were not able to access your remote desktop session. You suspected that some malicious attack was performed on the network of the company. You immediately called the incident response team to handle the situation who enquired the Network Administrator to acquire all relevant information regarding the malfunctioning.
The Network Administrator informed the incident response team that he was reviewing the security of the network which caused all these problems. Incident response team announced that this was a controlled event not an incident. Which of the following steps of an incident handling process was performed by the incident response team?

Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?

Which of the following are the ways of sending secure e-mail messages over the Internet? Each correct answer represents a complete solution. Choose two.

Ned is the program manager for his organization and he's considering some new materials for his program. He and his team have never worked with these materials before and he wants to ask the vendor for some additional information, a demon, and even some samples. What type of a document should Ned send to the vendor?

Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?

You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agreement is an example of what risk response?

Which of the following steps is the initial step in developing an information security strategy?

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

You are responsible for network and information security at a metropolitan police station. The most important concern is that unauthorized parties are not able to access data. What is this called?

Which of the following types of evidence is considered as the best evidence?

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

Which of the following can be prevented by an organization using job rotation and separation of duties policies?

Fill in the blank with an appropriate phrase.________ models address specifications, requirements, and design, verification and validation, and maintenance activities.

Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems?

You are the project manager of the GHE Project. You have identified the following risks with the characteristics as shown in the following figure:

How much capital should the project set aside for the risk contingency reserve?

Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster?

Which of the following relies on a physical characteristic of the user to verify his identity?

Joseph works as a Software Developer for Web Tech Inc. He wants to protect the algorithms and the techniques of programming that he uses in developing an application. Which of the following laws are used to protect a part of software?

Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?

Which of the following protocols is used with a tunneling protocol to provide security?

Which of the following fields of management focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?

Which of the following is the process performed between organizations that have unique hardware or software that cannot be maintained at a hot or warm site?