ExamGecko
Search Search Login
Home Home / ISC / CISSP-ISSEP

ISC CISSP-ISSEP Practice Test - Questions Answers, Page 18

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support
You work as a systems engineer for BlueWell Inc. You want to communicate the quantitative and qualitative system characteristics to all stakeholders. Which of the following documents will you use to achieve the above task
Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package
Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities
Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system
Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply.
Which of the following agencies provides command and control capabilities and enterprise infrastructure to continuously operate and assure a global net-centric enterprise in direct support to joint warfighters, National level leaders, and other mission and coalition partners across the full spectrum of operations
Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy
Which of the following is the application of statistical methods to the monitoring and control of a process to ensure that it operates at its full potential to produce conforming product
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event

Question 171

Report
Export
Collapse

Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST

SP 800-37 C&A methodology will define the above task

A.
Security Certification
A.
Security Certification
Answers
B.
Security Accreditation
B.
Security Accreditation
Answers
C.
Initiation
C.
Initiation
Answers
D.
Continuous Monitoring
D.
Continuous Monitoring
Answers
Suggested answer: D

Question 172

Report
Export
Collapse

Which of the following types of CNSS issuances establishes or describes policy and programs, provides authority, or assigns responsibilities

A.
Instructions
A.
Instructions
Answers
B.
Directives
B.
Directives
Answers
C.
Policies
C.
Policies
Answers
D.
Advisory memoranda
D.
Advisory memoranda
Answers
Suggested answer: B

Question 173

Report
Export
Collapse

Which of the following individuals is an upper-level manager who has the power and capability to evaluate the mission, business case, and budgetary needs of the system while also considering the security risks

A.
User Representative
A.
User Representative
Answers
B.
Program Manager
B.
Program Manager
Answers
C.
Certifier
C.
Certifier
Answers
D.
DAA
D.
DAA
Answers
Suggested answer: D

Question 174

Report
Export
Collapse

Which of the following rated systems of the Orange book has mandatory protection of the TCB

A.
C-rated
A.
C-rated
Answers
B.
B-rated
B.
B-rated
Answers
C.
D-rated
C.
D-rated
Answers
D.
A-rated
D.
A-rated
Answers
Suggested answer: B

Question 175

Report
Export
Collapse

Which of the following categories of system specification describes the technical requirements that cover a service, which is performed on a component of the system

A.
Product specification
A.
Product specification
Answers
B.
Process specification
B.
Process specification
Answers
C.
Material specification
C.
Material specification
Answers
D.
Development specification
D.
Development specification
Answers
Suggested answer: B

Question 176

Report
Export
Collapse

Which of the following DITSCAPNIACAP model phases is used to show the required evidence to support the DAA in accreditation process and conclude in an

Approval To Operate (ATO)

A.
Verification
A.
Verification
Answers
B.
Validation
B.
Validation
Answers
C.
Post accreditation
C.
Post accreditation
Answers
D.
Definition
D.
Definition
Answers
Suggested answer: B

Question 177

Report
Export
Collapse

Which of the following is a 1996 United States federal law, designed to improve the way the federal government acquires, uses, and disposes information technology

A.
Lanham Act
A.
Lanham Act
Answers
B.
Clinger-Cohen Act
B.
Clinger-Cohen Act
Answers
C.
Computer Misuse Act
C.
Computer Misuse Act
Answers
D.
Paperwork Reduction Act
D.
Paperwork Reduction Act
Answers
Suggested answer: B

Question 178

Report
Export
Collapse

An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official Each correct answer represents a complete solution.

Choose all that apply.

A.
Ascertaining the security posture of the organization's information system
A.
Ascertaining the security posture of the organization's information system
Answers
B.
Reviewing security status reports and critical security documents
B.
Reviewing security status reports and critical security documents
Answers
C.
Determining the requirement of reauthorization and reauthorizing information systems when required
C.
Determining the requirement of reauthorization and reauthorizing information systems when required
Answers
D.
Establishing and implementing the organization's continuous monitoring program
D.
Establishing and implementing the organization's continuous monitoring program
Answers
Suggested answer: A, B, C

Question 179

Report
Export
Collapse

Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy

A.
Networks and Infrastructures
A.
Networks and Infrastructures
Answers
B.
Supporting Infrastructures
B.
Supporting Infrastructures
Answers
C.
Enclave Boundaries
C.
Enclave Boundaries
Answers
D.
Local Computing Environments
D.
Local Computing Environments
Answers
Suggested answer: C

Question 180

Report
Export
Collapse

Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs

A.
User representative
A.
User representative
Answers
B.
DAA
B.
DAA
Answers
C.
Certification Agent
C.
Certification Agent
Answers
D.
IS program manager
D.
IS program manager
Answers
Suggested answer: D
Total 214 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms