ExamGecko
Search Search Login
Home Home / ISC / CISSP-ISSEP

ISC CISSP-ISSEP Practice Test - Questions Answers, Page 12

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support
You work as a systems engineer for BlueWell Inc. You want to communicate the quantitative and qualitative system characteristics to all stakeholders. Which of the following documents will you use to achieve the above task
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event
Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package
Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities
Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system
Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply.
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies Each correct answer represents a complete solution. Choose all that apply.
Which of the following agencies provides command and control capabilities and enterprise infrastructure to continuously operate and assure a global net-centric enterprise in direct support to joint warfighters, National level leaders, and other mission and coalition partners across the full spectrum of operations
Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy

Question 111

Report
Export
Collapse

Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which of the following is the correct order of C&A phases in a

DITSCAP assessment

A.
Definition, Validation, Verification, and Post Accreditation
A.
Definition, Validation, Verification, and Post Accreditation
Answers
B.
Verification, Definition, Validation, and Post Accreditation
B.
Verification, Definition, Validation, and Post Accreditation
Answers
C.
Verification, Validation, Definition, and Post Accreditation
C.
Verification, Validation, Definition, and Post Accreditation
Answers
D.
Definition, Verification, Validation, and Post Accreditation
D.
Definition, Verification, Validation, and Post Accreditation
Answers
Suggested answer: D

Question 112

Report
Export
Collapse

Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life

A.
National Institute of Standards and Technology (NIST)
A.
National Institute of Standards and Technology (NIST)
Answers
B.
National Security Agency (NSA)
B.
National Security Agency (NSA)
Answers
C.
Committee on National Security Systems (CNSS)
C.
Committee on National Security Systems (CNSS)
Answers
D.
United States Congress
D.
United States Congress
Answers
Suggested answer: A

Question 113

Report
Export
Collapse

SIMULATION

Fill in the blank with an appropriate phrase. The ____________ helps the customer understand and document the information management needs that support the business or mission.

A.
systems engineer
A.
systems engineer
Answers
Suggested answer:

Question 114

Report
Export
Collapse

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the international information security standards Each correct answer represents a complete solution.

Choose all that apply.

A.
Organization of information security
A.
Organization of information security
Answers
B.
Human resources security
B.
Human resources security
Answers
C.
Risk assessment and treatment
C.
Risk assessment and treatment
Answers
D.
AU audit and accountability
D.
AU audit and accountability
Answers
Suggested answer: A, B, C

Question 115

Report
Export
Collapse

Which of the following certification levels requires the completion of the minimum security checklist, and the system user or an independent certifier can complete the checklist

A.
CL 2
A.
CL 2
Answers
B.
CL 3
B.
CL 3
Answers
C.
CL 1
C.
CL 1
Answers
D.
CL 4
D.
CL 4
Answers
Suggested answer: C

Question 116

Report
Export
Collapse

Which of the following cooperative programs carried out by NIST provides a nationwide network of local centers offering technical and business assistance to small manufacturers

A.
NIST Laboratories
A.
NIST Laboratories
Answers
B.
Advanced Technology Program
B.
Advanced Technology Program
Answers
C.
Manufacturing Extension Partnership
C.
Manufacturing Extension Partnership
Answers
D.
Baldrige National Quality Program
D.
Baldrige National Quality Program
Answers
Suggested answer: C

Question 117

Report
Export
Collapse

Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense

A.
DoD 5200.22-M
A.
DoD 5200.22-M
Answers
B.
DoD 8910.1
B.
DoD 8910.1
Answers
C.
DoD 5200.40
C.
DoD 5200.40
Answers
D.
DoD 8000.1
D.
DoD 8000.1
Answers
Suggested answer: C

Question 118

Report
Export
Collapse

You work as a security engineer for BlueWell Inc. According to you, which of the following statements determines the main focus of the ISSE process

A.
Design information systems that will meet the certification and accreditation documentation.
A.
Design information systems that will meet the certification and accreditation documentation.
Answers
B.
Identify the information protection needs.
B.
Identify the information protection needs.
Answers
C.
Ensure information systems are designed and developed with functional relevance.
C.
Ensure information systems are designed and developed with functional relevance.
Answers
D.
Instruct systems engineers on availability, integrity, and confidentiality.
D.
Instruct systems engineers on availability, integrity, and confidentiality.
Answers
Suggested answer: B

Question 119

Report
Export
Collapse

Which of the following is NOT an objective of the security program

A.
Security education
A.
Security education
Answers
B.
Information classification
B.
Information classification
Answers
C.
Security organization
C.
Security organization
Answers
D.
Security plan
D.
Security plan
Answers
Suggested answer: D

Question 120

Report
Export
Collapse

The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer Each correct answer represents a complete solution. Choose all that apply.

A.
Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan
A.
Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan
Answers
B.
Preserving high-level communications and working group relationships in an organization
B.
Preserving high-level communications and working group relationships in an organization
Answers
C.
Establishing effective continuous monitoring program for the organization
C.
Establishing effective continuous monitoring program for the organization
Answers
D.
Facilitating the sharing of security risk-related information among authorizing officials
D.
Facilitating the sharing of security risk-related information among authorizing officials
Answers
Suggested answer: A, B, C
Total 214 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms