CISSP-ISSEP Exam - Information Systems Security Engineering Professional

NEW QUESTION 1
Which of the following cooperative programs carried out by NIST encourages performance excellence among U.S. manufacturers, service companies, educational institutions, and healthcare providers

• A. Manufacturing Extension Partnership
• B. Baldrige National Quality Program
• C. Advanced Technology Program
• D. NIST Laboratories

Answer: B

NEW QUESTION 2
You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control

• A. Quantitative risk analysis
• B. Risk audits
• C. Requested changes
• D. Qualitative risk analysis

Answer: C

NEW QUESTION 3
Fill in the blanks with an appropriate phrase. The is the process of translating system requirements into detailed function criteri a.

• A. functional analysis

Answer: A

NEW QUESTION 4
Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process

• A. Chief Information Officer
• B. Authorizing Official
• C. Common Control Provider
• D. Senior Agency Information Security Officer

Answer: C

NEW QUESTION 5
Which of the following are the phases of the Certification and Accreditation (C&A) process Each correct answer represents a complete solution. Choose two.

• A. Auditing
• B. Initiation
• C. Continuous Monitoring
• D. Detection

Answer: BC

NEW QUESTION 6
Which of the following statements is true about residual risks

• A. It can be considered as an indicator of threats coupled with vulnerability.
• B. It is a weakness or lack of safeguard that can be exploited by a threat.
• C. It is the probabilistic risk after implementing all security measures.
• D. It is the probabilistic risk before implementing all security measures.

Answer: C

NEW QUESTION 7
Which of the following terms describes the security of an information system against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users or the provision of service to unauthorized users

• A. Information Assurance (IA)
• B. Information Systems Security Engineering (ISSE)
• C. Information Protection Policy (IPP)
• D. Information systems security (InfoSec)

Answer: D

NEW QUESTION 8
Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information

• A. NSTISSP N
• B. 11
• C. NSTISSP N
• D. 101
• E. NSTISSP N
• F. 7
• G. NSTISSP N
• H. 6

Answer: D

NEW QUESTION 9
Which of the following assessment methodologies defines a six-step technical security evaluation

• A. FITSAF
• B. OCTAVE
• C. FIPS 102
• D. DITSCAP

Answer: C

NEW QUESTION 10
Which of the following firewall types operates at the Network layer of the OSI model and can filter data by port, interface address, source address, and destination address

• A. Circuit-level gateway
• B. Application gateway
• C. Proxy server
• D. Packet Filtering

Answer: D

NEW QUESTION 11
Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States

• A. Lanham Act
• B. FISMA
• C. Computer Fraud and Abuse Act
• D. Computer Misuse Act

Answer: B

NEW QUESTION 12
Fill in the blank with an appropriate phrase. is used to verify and accredit systems by making a standard process, set of activities, general tasks, and management structure.

• A. DITSCAPNIACAP

Answer: A

NEW QUESTION 13
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires high integrity and medium availability

• A. MAC I
• B. MAC II
• C. MAC III
• D. MAC IV

Answer: B

NEW QUESTION 14
Certification and Accreditation (C&A or CnA) is a process for implementing information
security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.

• A. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• B. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
• C. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• D. Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Answer: BC

NEW QUESTION 15
Which of the following CNSS policies describes the national policy on securing voice communications

• A. NSTISSP N
• B. 6
• C. NSTISSP N
• D. 7
• E. NSTISSP N
• F. 101
• G. NSTISSP N
• H. 200

Answer: C

NEW QUESTION 16
You work as a security engineer for BlueWell Inc. According to you, which of the following DITSCAPNIACAP model phases occurs at the initiation of the project, or at the initial C&A effort of a legacy system

• A. Post Accreditation
• B. Definition
• C. Verification
• D. Validation

Answer: B

NEW QUESTION 17
Which of the following security controls will you use for the deployment phase of the SDLC to build secure software Each correct answer represents a complete solution. Choose all that apply.

• A. Risk Adjustments
• B. Security Certification and Accreditation (C&A)
• C. Vulnerability Assessment and Penetration Testing
• D. Change and Configuration Control

Answer: ABC