ISC CISSP-ISSMP Actual Free Exam Questions & Community Discussion

Exam Code/Number: CISSP-ISSMP
Exam Name/Title: CISSP-ISSMP - Information Systems Security Management Professional
Certification Provider: ISC
Corresponding Certification: CISSP Concentrations

Exam Questions: 218
Updated On: May 30, 2026

Question #19

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

A. Risk register

B. Risk management plan

C. Stakeholder management strategy

D. Lessons learned documentation

Discussion 0

Correct Answer: A Vote an answer

Question #20

You work as a project manager for SoftTech Inc. A threat with a dollar value of $150,000 is expected to happen in your project and the frequency of threat occurrence per year is 0.001. What will be the annualized loss expectancy in your project?

A. $100

B. $150

C. $180.25

D. $120

Discussion 0

Correct Answer: B Vote an answer

Question #21

In which of the following contract types, the seller is reimbursed for all allowable costs for performing the contract work and receives a fixed fee payment which is calculated as a percentage of the initial estimated project costs?

A. Cost Plus Incentive Fee Contracts

B. Cost Plus Fixed Fee Contracts

C. Fixed Price Incentive Fee Contracts

D. Firm Fixed Price Contracts

Discussion 0

Correct Answer: B Vote an answer

Question #22

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

A. Continuity of Operations Plan

B. Business continuity plan

C. Disaster recovery plan

D. Contingency plan

Discussion 0

Correct Answer: D Vote an answer

Question #23

Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.

A. Network logons and logoffs

B. Printer access

C. Data downloading from the Internet

D. File and object access

Discussion 0

Correct Answer: A,B,D Vote an answer

Question #24

Which of the following is the process performed between organizations that have unique hardware or software that cannot be maintained at a hot or warm site?

A. Duplicate processing facilities

B. Cold sites arrangement

C. Reciprocal agreements

D. Business impact analysis

Discussion 0

Correct Answer: C Vote an answer

Question #25

Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation?

A. Contingency Plan

B. Business Continuity Plan

C. Disaster Recovery Plan

D. Continuity Of Operations Plan

Discussion 0

Correct Answer: A Vote an answer

Question #26

Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

A. Integrity

B. Authenticity

C. Confidentiality

D. Availability

Discussion 0

Correct Answer: C Vote an answer

Question #27

Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two.

A. Risk control

B. Building Risk free systems

C. Risk identification

D. Assuring the integrity of organizational data

Discussion 0

Correct Answer: A,C Vote an answer

Download Free ISC CISSP-ISSMP Demo

Simply submit your e-mail address below to get started with our free demo of your ISC CISSP-ISSMP exam.