CISSP-ISSEP Exam - Information Systems Security Engineering Professional

NEW QUESTION 1
The functional analysis process is used for translating system requirements into detailed function criteria. Which of the following are the elements of functional analysis process Each correct answer represents a complete solution. Choose all that apply.

• A. Model possible overall system behaviors that are needed to achieve the system requirements.
• B. Develop concepts and alternatives that are not technology or component bound.
• C. Decompose functional requirements into discrete tasks or activities, the focus is still on technology not functions or components.
• D. Use a top-down with some bottom-up approach verification.

Answer: ABD

NEW QUESTION 2
Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system

• A. Security Control Assessment Task 4
• B. Security Control Assessment Task 3
• C. Security Control Assessment Task 1
• D. Security Control Assessment Task 2

Answer: C

NEW QUESTION 3
Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply.

• A. Chief Information Officer
• B. AO Designated Representative
• C. Senior Information Security Officer
• D. User Representative
• E. Authorizing Official

Answer: ABCE

NEW QUESTION 4
Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques and measures selected or developed

• A. Security Control Assessment Task 3
• B. Security Control Assessment Task 1
• C. Security Control Assessment Task 4
• D. Security Control Assessment Task 2

Answer: A

NEW QUESTION 5
Which of the following are the benefits of SE as stated by MIL-STD-499B Each correct answer represents a complete solution. Choose all that apply.

• A. It develops work breakdown structures and statements of work.
• B. It establishes and maintains configuration management of the system.
• C. It develops needed user training equipment, procedures, and data.
• D. It provides high-quality products and services, with the correct people and performance features, at an affordable price, and on time.

Answer: ABC

NEW QUESTION 6
The Concept of Operations (CONOPS) is a document describing the characteristics of a proposed system from the viewpoint of an individual who will use that system. Which of the following points are included in CONOPS Each correct answer represents a complete solution. Choose all that apply.

• A. Strategies, tactics, policies, and constraints affecting the system
• B. Organizations, activities, and interactions among participants and stakeholders
• C. Statement of the structure of the system
• D. Clear statement of responsibilities and authorities delegated
• E. Statement of the goals and objectives of the system

Answer: ABDE

NEW QUESTION 7
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment Each correct answer represents a part of the solution. Choose all that apply.

• A. Information Assurance Manager
• B. Designated Approving Authority
• C. Certification agent
• D. IS program manager
• E. User representative

Answer: BCDE

NEW QUESTION 8
Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats

• A. System Security Context
• B. Information Protection Policy (IPP)
• C. CONOPS
• D. IMM

Answer: B

NEW QUESTION 9
Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems

• A. National Security AgencyCentral Security Service (NSACSS)
• B. National Institute of Standards and Technology (NIST)
• C. United States Congress
• D. Committee on National Security Systems (CNSS)

Answer: D

NEW QUESTION 10
In which of the following DIACAP phases is residual risk analyzed

• A. Phase 2
• B. Phase 3
• C. Phase 5
• D. Phase 1
• E. Phase 4

Answer: E

NEW QUESTION 11
Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A) Each correct answer represents a complete solution. Choose all that apply.

• A. NIST Special Publication 800-59
• B. NIST Special Publication 800-60
• C. NIST Special Publication 800-37A
• D. NIST Special Publication 800-37
• E. NIST Special Publication 800-53
• F. NIST Special Publication 800-53A

Answer: ABDEF

NEW QUESTION 12
An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official Each correct answer represents a complete solution. Choose all that apply.

• A. Ascertaining the security posture of the organization's information system
• B. Reviewing security status reports and critical security documents
• C. Determining the requirement of reauthorization and reauthorizing information systems when required
• D. Establishing and implementing the organization's continuous monitoring program

Answer: ABC

NEW QUESTION 13
Which of the following federal agencies coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produces foreign intelligence information

• A. National Institute of Standards and Technology (NIST)
• B. National Security AgencyCentral Security Service (NSACSS)
• C. Committee on National Security Systems (CNSS)
• D. United States Congress

Answer: B

NEW QUESTION 14
Fill in the blanks with an appropriate phrase. A is an approved build of the product, and can be a single component or a combination of components.

• A. development baseline

Answer: A

NEW QUESTION 15
Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using

• A. Risk acceptance
• B. Risk mitigation
• C. Risk avoidance
• D. Risk transfer

Answer: D

NEW QUESTION 16
The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.

• A. Assessment of the Analysis Results
• B. Certification analysis
• C. Registration
• D. System development
• E. Configuring refinement of the SSAA

Answer: ABDE

NEW QUESTION 17
Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site

• A. ASSET
• B. NSA-IAM
• C. NIACAP
• D. DITSCAP

Answer: C