Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through the filter

Stateful packet filter firewall

Stateless packet filter firewall

Stateful packet filter firewall

Which of the following federal laws is designed to protect computer data from theft

Computer Fraud and Abuse Act (CFAA)

Federal Information Security Management Act (FISMA)

Computer Fraud and Abuse Act (CFAA)

Government Information Security Reform Act (GISRA)

Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one

Configuration Verification and Auditing

Configuration Status Accounting

Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process

Chief Information Officer (CIO)

Which of the following security controls is a set of layered security services that address communications and data security problems in the emerging Internet and intranet application space

Common data security architecture (CDSA)

Internet Protocol Security (IPSec)

Common data security architecture (CDSA)

Application program interface (API)

Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information

Federal Information Processing Standard (FIPS)

DIACAP by the United States Department of Defense (DoD)

Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system

Security Control Assessment Task 1

Security Control Assessment Task 4

Security Control Assessment Task 3

Security Control Assessment Task 1

Security Control Assessment Task 2

Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process

Senior Agency Information Security Officer

Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls

Certification and accreditation (C&A)

Information systems security engineering (ISSE)

The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.

Continue to review and refine the SSAA

Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A) Each correct answer represents a complete solution. Choose all that apply.

NIST Special Publication 800-59

NIST Special Publication 800-60

NIST Special Publication 800-37

NIST Special Publication 800-53

NIST Special Publication 800-53A

NIST Special Publication 800-59

NIST Special Publication 800-60

NIST Special Publication 800-37A

NIST Special Publication 800-37

NIST Special Publication 800-53

NIST Special Publication 800-53A

Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality

Information Protection Policy (IPP)

What are the responsibilities of a system owner Each correct answer represents a complete solution. Choose all that apply.

Integrates security considerations into application and system purchasing decisions and development projects.

Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on.

Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.

Integrates security considerations into application and system purchasing decisions and development projects.

Ensures that the necessary security controls are in place.

Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on.

Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.

Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems

Committee on National Security Systems (CNSS)

National Security AgencyCentral Security Service (NSACSS)

National Institute of Standards and Technology (NIST)

Committee on National Security Systems (CNSS)

Which of the following statements is true about residual risks

It is the probabilistic risk after implementing all security measures.

It can be considered as an indicator of threats coupled with vulnerability.

It is a weakness or lack of safeguard that can be exploited by a threat.

It is the probabilistic risk after implementing all security measures.

It is the probabilistic risk before implementing all security measures.

According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD Each correct answer represents a complete solution. Choose all that apply.

DC Security Design & Configuration

EC Enclave and Computing Environment

VI Vulnerability and Incident Management

DC Security Design & Configuration

EC Enclave and Computing Environment

VI Vulnerability and Incident Management

Information systems acquisition, development, and maintenance

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.

Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.

Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.

Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.

Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.

Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.

Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Which of the following configuration management system processes defines which items will be configuration managed, how they are to be identified, and how they are to be documented

Configuration verification and audit

Configuration status accounting

What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

Initiate IA implementation plan.

Register system with DoD Component IA Program.

Initiate IA implementation plan.

Register system with DoD Component IA Program.

You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation ofFederal Information Systems

NIST Special Publication 800-37

NIST Special Publication 800-59

NIST Special Publication 800-37

NIST Special Publication 800-60

NIST Special Publication 800-53

Which of the following refers to a process that is used for implementing information security

Certification and Accreditation (C&A)

Classic information security model

Certification and Accreditation (C&A)

In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47, do the organizations build and execute a plan for establishing the interconnection, including executing or configuring appropriate security controls

Establishing the interconnection

Disconnecting the interconnection

Maintaining the interconnection

Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats

Information Protection Policy (IPP)

Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document Each correct answer represents a complete solution. Choose all that apply.

It allocates security mechanisms to system security design elements.

It identifies custom security products.

It identifies candidate commercial off-the-shelf (COTS)government off-the-shelf (GOTS) security products.

It identifies the information protection problems that needs to be solved.

It allocates security mechanisms to system security design elements.

It identifies custom security products.

It identifies candidate commercial off-the-shelf (COTS)government off-the-shelf (GOTS) security products.

ISC CISSP-ISSEP Practice Test 1 - Free Online Exam Prep & Questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems.

Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed

A.

Level 4

B.

Level 5

C.

Level 1

D.

Level 2

E.

Level 3

ISC CISSP-ISSEP Practice Test 1

Question

ISC CISSP-ISSEP Practice Tests

Practice Tests