ExamGecko
Search Search Login
Home Home / ISC / CISSP-ISSEP

ISC CISSP-ISSEP Practice Test - Questions Answers, Page 17

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support
You work as a systems engineer for BlueWell Inc. You want to communicate the quantitative and qualitative system characteristics to all stakeholders. Which of the following documents will you use to achieve the above task
Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package
Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities
Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system
Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply.
Which of the following agencies provides command and control capabilities and enterprise infrastructure to continuously operate and assure a global net-centric enterprise in direct support to joint warfighters, National level leaders, and other mission and coalition partners across the full spectrum of operations
Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy
Which of the following is the application of statistical methods to the monitoring and control of a process to ensure that it operates at its full potential to produce conforming product
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event

Question 161

Report
Export
Collapse

Which of the following individuals reviews and approves project deliverables from a QA perspective

A.
Information systems security engineer
A.
Information systems security engineer
Answers
B.
System owner
B.
System owner
Answers
C.
Quality assurance manager
C.
Quality assurance manager
Answers
D.
Project manager
D.
Project manager
Answers
Suggested answer: C

Question 162

Report
Export
Collapse

Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology systems and architectures and of the decision criteria which is used to evaluate security for information systems investments

A.
OMB M-00-13
A.
OMB M-00-13
Answers
B.
OMB M-99-18
B.
OMB M-99-18
Answers
C.
OMB M-00-07
C.
OMB M-00-07
Answers
D.
OMB M-03-19
D.
OMB M-03-19
Answers
Suggested answer: C

Question 163

Report
Export
Collapse

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives

A.
NIST SP 800-53A
A.
NIST SP 800-53A
Answers
B.
NIST SP 800-37
B.
NIST SP 800-37
Answers
C.
NIST SP 800-53
C.
NIST SP 800-53
Answers
D.
NIST SP 800-26
D.
NIST SP 800-26
Answers
E.
NIST SP 800-59
E.
NIST SP 800-59
Answers
F.
NIST SP 800-60
F.
NIST SP 800-60
Answers
Suggested answer: D

Question 164

Report
Export
Collapse

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards Each correct answer represents a complete solution. Choose all that apply.

A.
CA Certification, Accreditation, and Security Assessments
A.
CA Certification, Accreditation, and Security Assessments
Answers
B.
Information systems acquisition, development, and maintenance
B.
Information systems acquisition, development, and maintenance
Answers
C.
IR Incident Response
C.
IR Incident Response
Answers
D.
SA System and Services Acquisition
D.
SA System and Services Acquisition
Answers
Suggested answer: A, C, D

Question 165

Report
Export
Collapse

Which of the following is the acronym of RTM

A.
Resource tracking method
A.
Resource tracking method
Answers
B.
Requirements Testing Matrix
B.
Requirements Testing Matrix
Answers
C.
Requirements Traceability Matrix
C.
Requirements Traceability Matrix
Answers
D.
Resource timing method
D.
Resource timing method
Answers
Suggested answer: C

Question 166

Report
Export
Collapse

Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation

A.
Chief Information Officer
A.
Chief Information Officer
Answers
B.
Chief Information Security Officer
B.
Chief Information Security Officer
Answers
C.
Chief Risk Officer
C.
Chief Risk Officer
Answers
D.
Information System Owner
D.
Information System Owner
Answers
Suggested answer: D

Question 167

Report
Export
Collapse

Which of the following is the application of statistical methods to the monitoring and control of a process to ensure that it operates at its full potential to produce conforming product

A.
Information Assurance (IA)
A.
Information Assurance (IA)
Answers
B.
Statistical process control (SPC)
B.
Statistical process control (SPC)
Answers
C.
Information Protection Policy (IPP)
C.
Information Protection Policy (IPP)
Answers
D.
Information management model (IMM)
D.
Information management model (IMM)
Answers
Suggested answer: B

Question 168

Report
Export
Collapse

Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual

A.
DoD 8910.1
A.
DoD 8910.1
Answers
B.
DoD 7950.1-M
B.
DoD 7950.1-M
Answers
C.
DoD 5200.22-M
C.
DoD 5200.22-M
Answers
D.
DoD 5200.1-R
D.
DoD 5200.1-R
Answers
E.
DoDD 8000.1
E.
DoDD 8000.1
Answers
Suggested answer: B

Question 169

Report
Export
Collapse

The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3 Each correct answer represents a complete solution. Choose all that apply.

A.
Agree on a strategy to mitigate risks.
A.
Agree on a strategy to mitigate risks.
Answers
B.
Evaluate mitigation progress and plan next assessment.
B.
Evaluate mitigation progress and plan next assessment.
Answers
C.
Identify threats, vulnerabilities, and controls that will be evaluated.
C.
Identify threats, vulnerabilities, and controls that will be evaluated.
Answers
D.
Document and implement a mitigation plan.
D.
Document and implement a mitigation plan.
Answers
Suggested answer: A, B, D

Question 170

Report
Export
Collapse

Which of the following elements of Registration task 4 defines the operating system, database management system, and software applications, and how they will be used

A.
System firmware
A.
System firmware
Answers
B.
System interface
B.
System interface
Answers
C.
System software
C.
System software
Answers
D.
System hardware
D.
System hardware
Answers
Suggested answer: C
Total 214 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms