Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. CISSP-ISSMP

ISC CISSP-ISSMP Exam
CISSP-ISSMP Information Systems Security Management Professional (Page 7 )

Updated On: 12-Feb-2026
Page 7 of 45
PDF with 218 Questions

Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

  1. Monitor and Control Risks
  2. Identify Risks
  3. Perform Qualitative Risk Analysis
  4. Perform Quantitative Risk Analysis

Answer(s): A



Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

  1. Project contractual relationship with the vendor
  2. Project management plan
  3. Project communications plan
  4. Project scope statement

Answer(s): B



You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

  1. Risk management plan
  2. Lessons learned documentation
  3. Risk register
  4. Stakeholder management strategy

Answer(s): C



Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.

  1. Vulnerability Assessment and Penetration Testing
  2. Security Certification and Accreditation (C&A)
  3. Change and Configuration Control
  4. Risk Adjustments

Answer(s): A,B,D



Which of the following can be prevented by an organization using job rotation and separation of duties policies?

  1. Collusion
  2. Eavesdropping
  3. Buffer overflow
  4. Phishing

Answer(s): A






Post your Comments and Discuss ISC CISSP-ISSMP exam prep with other Community members:

Join the CISSP-ISSMP Discussion