CISSP-ISSEP Exam - Information Systems Security Engineering Professional

NEW QUESTION 1
Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment

• A. Phase 4
• B. Phase 2
• C. Phase 1
• D. Phase 3

Answer: D

NEW QUESTION 2
Fill in the blank with the appropriate phrase. provides instructions and directions for completing the Systems Security Authorization Agreement (SSAA).

• A. DoDI 5200.40

Answer: A

NEW QUESTION 3
Which of the following is a document, usually in the form of a table, that correlates any two baseline documents that require a many-to-many relationship to determine the completeness of the relationship

• A. FIPS 200
• B. NIST SP 800-50
• C. Traceability matrix
• D. FIPS 199

Answer: C

NEW QUESTION 4
Which of the following DoD policies establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels

• A. DoD 8500.1 Information Assurance (IA)
• B. DoD 8500.2 Information Assurance Implementation
• C. DoDI 5200.40
• D. DoD 8510.1-M DITSCAP

Answer: B

NEW QUESTION 5
What are the responsibilities of a system owner Each correct answer represents a complete solution. Choose all that apply.

• A. Integrates security considerations into application and system purchasing decisions and development projects.
• B. Ensures that the necessary security controls are in place.
• C. Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on.
• D. Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.

Answer: ACD

NEW QUESTION 6
What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

• A. Conduct activities related to the disposition of the system data and objects.
• B. Combine validation results in DIACAP scorecard.
• C. Conduct validation activities.
• D. Execute and update IA implementation plan.

Answer: BCD

NEW QUESTION 7
Which of the following categories of system specification describes the technical, performance, operational, maintenance, and support characteristics for the entire system

• A. Process specification
• B. Product specification
• C. Development specification
• D. System specification

Answer: D

NEW QUESTION 8
Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task

• A. Security Certification
• B. Security Accreditation
• C. Initiation
• D. Continuous Monitoring

Answer: D

NEW QUESTION 9
Which of the following security controls is a set of layered security services that address communications and data security problems in the emerging Internet and intranet application space

• A. Internet Protocol Security (IPSec)
• B. Common data security architecture (CDSA)
• C. File encryptors
• D. Application program interface (API)

Answer: B

NEW QUESTION 10
Which of the following NIST Special Publication documents provides a guideline on network security testing

• A. NIST SP 800-60
• B. NIST SP 800-37
• C. NIST SP 800-59
• D. NIST SP 800-42
• E. NIST SP 800-53A
• F. NIST SP 800-53

Answer: D

NEW QUESTION 11
You work as a system engineer for BlueWell Inc. Which of the following documents will help you to describe the detailed plans, procedures, and schedules to guide the transition process

• A. Configuration management plan
• B. Transition plan
• C. Systems engineering management plan (SEMP)
• D. Acquisition plan

Answer: B

NEW QUESTION 12
Which of the following Net-Centric Data Strategy goals are required to increase enterprise and community data over private user and system data Each correct answer represents a complete solution. Choose all that apply.

• A. Understandability
• B. Visibility
• C. Interoperability
• D. Accessibility

Answer: BD

NEW QUESTION 13
Which of the following DoD policies provides assistance on how to implement policy,
assign responsibilities, and prescribe procedures for applying integrated, layered protection of the DoD information systems and networks

• A. DoD 8500.1 Information Assurance (IA)
• B. DoDI 5200.40
• C. DoD 8510.1-M DITSCAP
• D. DoD 8500.2 Information Assurance Implementation

Answer: D

NEW QUESTION 14
Which of the following DoD policies establishes policies and assigns responsibilities to achieve DoD IA through a defense-in-depth approach that integrates the capabilities of personnel, operations, and technology, and supports the evolution to network-centric warfare

• A. DoD 8500.2 Information Assurance Implementation
• B. DoD 8510.1-M DITSCAP
• C. DoDI 5200.40
• D. DoD 8500.1 Information Assurance (IA)

Answer: D

NEW QUESTION 15
Which of the following is the acronym of RTM

• A. Resource tracking method
• B. Requirements Testing Matrix
• C. Requirements Traceability Matrix
• D. Resource timing method

Answer: C

NEW QUESTION 16
Fill in the blank with an appropriate phrase. The helps the customer understand and document the information management needs that support the business or mission.

• A. systems engineer

Answer: A

NEW QUESTION 17
Which of the following cooperative programs carried out by NIST speed ups the development of modern technologies for broad, national benefit by co-funding research and development partnerships with the private sector

• A. Baldrige National Quality Program
• B. Advanced Technology Program
• C. Manufacturing Extension Partnership
• D. NIST Laboratories

Answer: B