CISSP-ISSEP Exam - Information Systems Security Engineering Professional

NEW QUESTION 1
Which of the following are the functional analysis and allocation tools Each correct answer represents a complete solution. Choose all that apply.

• A. Functional flow block diagram (FFBD)
• B. Activity diagram
• C. Timeline analysis diagram
• D. Functional hierarchy diagram

Answer: ACD

NEW QUESTION 2
The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.

• A. Security operations
• B. Continue to review and refine the SSAA
• C. Change management
• D. Compliance validation
• E. System operations
• F. Maintenance of the SSAA

Answer: ACDEF

NEW QUESTION 3
Which of the following certification levels requires the completion of the minimum security checklist and more in-depth, independent analysis

• A. CL 3
• B. CL 4
• C. CL 2
• D. CL 1

Answer: A

NEW QUESTION 4
The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE Each correct answer represents a complete solution. Choose all that apply.

• A. An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
• B. An ISSE provides advice on the impacts of system changes.
• C. An ISSE provides advice on the continuous monitoring of the information system.
• D. An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
• E. An ISSO takes part in the development activities that are required to implement system changes.

Answer: BCD

NEW QUESTION 5
Which of the following cooperative programs carried out by NIST conducts research to advance the nation's technology infrastructure

• A. Manufacturing Extension Partnership
• B. NIST Laboratories
• C. Baldrige National Quality Program
• D. Advanced Technology Program

Answer: B

NEW QUESTION 6
You have been tasked with finding an encryption methodology that will encrypt most types of email attachments. The requirements are that your solution must use the RSA algorithm. Which of the following is your best choice

• A. PGP
• B. SMIME
• C. DES
• D. Blowfish

Answer: B

NEW QUESTION 7
Which of the following NIST documents describes that minimizing negative impact on an organization and a need for sound basis in decision making are the fundamental reasons organizations implement a risk management process for their IT systems

• A. NIST SP 800-37
• B. NIST SP 800-30
• C. NIST SP 800-53
• D. NIST SP 800-60

Answer: B

NEW QUESTION 8
Which of the following acts promote a risk-based policy for cost effective security Each correct answer represents a part of the solution. Choose all that apply.

• A. Clinger-Cohen Act
• B. Lanham Act
• C. Paperwork Reduction Act (PRA)
• D. Computer Misuse Act

Answer: AC

NEW QUESTION 9
Which of the following processes illustrate the study of a technical nature of interest to focused audience, and consist of interim or final reports on work made by NIST for external
sponsors, including government and non-government sponsors

• A. Federal Information Processing Standards (FIPS)
• B. Special Publication (SP)
• C. NISTIRs (Internal Reports)
• D. DIACAP

Answer: C

NEW QUESTION 10
Which of the following are the ways of sending secure e-mail messages over the Internet Each correct answer represents a complete solution. Choose two.

• A. PGP
• B. SMIME
• C. TLS
• D. IPSec

Answer: AB

NEW QUESTION 11
Which of the following roles is also known as the accreditor

• A. Data owner
• B. Chief Information Officer
• C. Chief Risk Officer
• D. Designated Approving Authority

Answer: D

NEW QUESTION 12
Which of the following individuals reviews and approves project deliverables from a QA perspective

• A. Information systems security engineer
• B. System owner
• C. Quality assurance manager
• D. Project manager

Answer: C

NEW QUESTION 13
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy Each correct answer represents a part of the solution. Choose all that apply.

• A. What is being secured
• B. Who is expected to comply with the policy
• C. Where is the vulnerability, threat, or risk
• D. Who is expected to exploit the vulnerability

Answer: ABC

NEW QUESTION 14
You work as a systems engineer for BlueWell Inc. You are working on translating system requirements into detailed function criteria. Which of the following diagrams will help you to show all of the function requirements and their groupings in one diagram

• A. Activity diagram
• B. Functional flow block diagram (FFBD)
• C. Functional hierarchy diagram
• D. Timeline analysis diagram

Answer: C

NEW QUESTION 15
NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews

• A. Abbreviated
• B. Significant
• C. Substantial
• D. Comprehensive

Answer: A

NEW QUESTION 16
Which of the following elements of Registration task 4 defines the system's external interfaces as well as the purpose of each external interface, and the relationship between the interface and the system

• A. System firmware
• B. System software
• C. System interface
• D. System hardware

Answer: C

NEW QUESTION 17
Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems

• A. Computer Fraud and Abuse Act
• B. Computer Security Act
• C. Gramm-Leach-Bliley Act
• D. Digital Millennium Copyright Act

Answer: A