ExamGecko
Search Search Login
Home Home / ISC / CISSP-ISSEP

ISC CISSP-ISSEP Practice Test - Questions Answers, Page 2

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support
Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities
You work as a systems engineer for BlueWell Inc. You want to communicate the quantitative and qualitative system characteristics to all stakeholders. Which of the following documents will you use to achieve the above task
Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy
Which of the following is the application of statistical methods to the monitoring and control of a process to ensure that it operates at its full potential to produce conforming product
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event
Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package
Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one
Which of the following federal laws is designed to protect computer data from theft
Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system

Question 11

Report
Export
Collapse

Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information

A.
Federal Information Processing Standard (FIPS)
A.
Federal Information Processing Standard (FIPS)
Answers
B.
Special Publication (SP)
B.
Special Publication (SP)
Answers
C.
NISTIRs (Internal Reports)
C.
NISTIRs (Internal Reports)
Answers
D.
DIACAP by the United States Department of Defense (DoD)
D.
DIACAP by the United States Department of Defense (DoD)
Answers
Suggested answer: B

Question 12

Report
Export
Collapse

Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system

A.
Security Control Assessment Task 4
A.
Security Control Assessment Task 4
Answers
B.
Security Control Assessment Task 3
B.
Security Control Assessment Task 3
Answers
C.
Security Control Assessment Task 1
C.
Security Control Assessment Task 1
Answers
D.
Security Control Assessment Task 2
D.
Security Control Assessment Task 2
Answers
Suggested answer: C

Question 13

Report
Export
Collapse

Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process

A.
Chief Information Officer
A.
Chief Information Officer
Answers
B.
Authorizing Official
B.
Authorizing Official
Answers
C.
Common Control Provider
C.
Common Control Provider
Answers
D.
Senior Agency Information Security Officer
D.
Senior Agency Information Security Officer
Answers
Suggested answer: C

Question 14

Report
Export
Collapse

Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls

A.
Certification and accreditation (C&A)
A.
Certification and accreditation (C&A)
Answers
B.
Risk Management
B.
Risk Management
Answers
C.
Information systems security engineering (ISSE)
C.
Information systems security engineering (ISSE)
Answers
D.
Information Assurance (IA)
D.
Information Assurance (IA)
Answers
Suggested answer: A

Question 15

Report
Export
Collapse

The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.

A.
Security operations
A.
Security operations
Answers
B.
Continue to review and refine the SSAA
B.
Continue to review and refine the SSAA
Answers
C.
Change management
C.
Change management
Answers
D.
Compliance validation
D.
Compliance validation
Answers
E.
System operations
E.
System operations
Answers
F.
Maintenance of the SSAA
F.
Maintenance of the SSAA
Answers
Suggested answer: A, C, D, E, F

Question 16

Report
Export
Collapse

Which of the following email lists is written for the technical audiences, and provides weekly summaries of security issues, new vulnerabilities, potential impact, patches and workarounds, as well as the actions recommended to mitigate risk

A.
Cyber Security Tip
A.
Cyber Security Tip
Answers
B.
Cyber Security Alert
B.
Cyber Security Alert
Answers
C.
Cyber Security Bulletin
C.
Cyber Security Bulletin
Answers
D.
Technical Cyber Security Alert
D.
Technical Cyber Security Alert
Answers
Suggested answer: C

Question 17

Report
Export
Collapse

Which of the following tasks obtains the customer agreement in planning the technical effort

A.
Task 9
A.
Task 9
Answers
B.
Task 11
B.
Task 11
Answers
C.
Task 8
C.
Task 8
Answers
D.
Task 10
D.
Task 10
Answers
Suggested answer: B

Question 18

Report
Export
Collapse

Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A) Each correct answer represents a complete solution. Choose all that apply.

A.
NIST Special Publication 800-59
A.
NIST Special Publication 800-59
Answers
B.
NIST Special Publication 800-60
B.
NIST Special Publication 800-60
Answers
C.
NIST Special Publication 800-37A
C.
NIST Special Publication 800-37A
Answers
D.
NIST Special Publication 800-37
D.
NIST Special Publication 800-37
Answers
E.
NIST Special Publication 800-53
E.
NIST Special Publication 800-53
Answers
F.
NIST Special Publication 800-53A
F.
NIST Special Publication 800-53A
Answers
Suggested answer: A, B, D, E, F

Question 19

Report
Export
Collapse

Which of the following elements are described by the functional requirements task Each correct answer represents a complete solution. Choose all that apply.

A.
Coverage
A.
Coverage
Answers
B.
Accuracy
B.
Accuracy
Answers
C.
Quality
C.
Quality
Answers
D.
Quantity
D.
Quantity
Answers
Suggested answer: A, C, D

Question 20

Report
Export
Collapse

Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality

A.
Information Protection Policy (IPP)
A.
Information Protection Policy (IPP)
Answers
B.
IMM
B.
IMM
Answers
C.
System Security Context
C.
System Security Context
Answers
D.
CONOPS
D.
CONOPS
Answers
Suggested answer: A
Total 214 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms