ExamGecko
Search Search Login
Home Home / ISC / CISSP-ISSEP

ISC CISSP-ISSEP Practice Test - Questions Answers, Page 20

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support
You work as a systems engineer for BlueWell Inc. You want to communicate the quantitative and qualitative system characteristics to all stakeholders. Which of the following documents will you use to achieve the above task
Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package
Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities
Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system
Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply.
Which of the following agencies provides command and control capabilities and enterprise infrastructure to continuously operate and assure a global net-centric enterprise in direct support to joint warfighters, National level leaders, and other mission and coalition partners across the full spectrum of operations
Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy
Which of the following is the application of statistical methods to the monitoring and control of a process to ensure that it operates at its full potential to produce conforming product
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event

Question 191

Report
Export
Collapse

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies Each correct answer represents a complete solution. Choose all that apply.

A.
Regulatory
A.
Regulatory
Answers
B.
Advisory
B.
Advisory
Answers
C.
Systematic
C.
Systematic
Answers
D.
Informative
D.
Informative
Answers
Suggested answer: A, B, D

Question 192

Report
Export
Collapse

Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States

A.
Lanham Act
A.
Lanham Act
Answers
B.
FISMA
B.
FISMA
Answers
C.
Computer Fraud and Abuse Act
C.
Computer Fraud and Abuse Act
Answers
D.
Computer Misuse Act
D.
Computer Misuse Act
Answers
Suggested answer: B

Question 193

Report
Export
Collapse

Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information

A.
NSTISSP No. 11
A.
NSTISSP No. 11
Answers
B.
NSTISSP No. 101
B.
NSTISSP No. 101
Answers
C.
NSTISSP No. 7
C.
NSTISSP No. 7
Answers
D.
NSTISSP No. 6
D.
NSTISSP No. 6
Answers
Suggested answer: D

Question 194

Report
Export
Collapse

Which of the following terms describes the measures that protect and support information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

A.
Information Systems Security Engineering (ISSE)
A.
Information Systems Security Engineering (ISSE)
Answers
B.
Information Protection Policy (IPP)
B.
Information Protection Policy (IPP)
Answers
C.
Information systems security (InfoSec)
C.
Information systems security (InfoSec)
Answers
D.
Information Assurance (IA)
D.
Information Assurance (IA)
Answers
Suggested answer: D

Question 195

Report
Export
Collapse

Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

A.
Parkerian Hexad
A.
Parkerian Hexad
Answers
B.
Five Pillars model
B.
Five Pillars model
Answers
C.
Capability Maturity Model (CMM)
C.
Capability Maturity Model (CMM)
Answers
D.
Classic information security model
D.
Classic information security model
Answers
Suggested answer: B

Question 196

Report
Export
Collapse

You work as an ISSE for BlueWell Inc. You want to break down user roles, processes, and information until ambiguity is reduced to a satisfactory degree. Which of the following tools will help you to perform the above task

A.
PERT Chart
A.
PERT Chart
Answers
B.
Gantt Chart
B.
Gantt Chart
Answers
C.
Functional Flow Block Diagram
C.
Functional Flow Block Diagram
Answers
D.
Information Management Model (IMM)
D.
Information Management Model (IMM)
Answers
Suggested answer: D

Question 197

Report
Export
Collapse

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation Each correct answer represents a complete solution. Choose all that apply.

A.
Type accreditation
A.
Type accreditation
Answers
B.
Site accreditation
B.
Site accreditation
Answers
C.
System accreditation
C.
System accreditation
Answers
D.
Secure accreditation
D.
Secure accreditation
Answers
Suggested answer: A, B, C

Question 198

Report
Export
Collapse

FIPS 199 defines the three levels of potential impact on organizations low, moderate, and high. Which of the following are the effects of loss of confidentiality, integrity, or availability in a high level potential impact

A.
The loss of confidentiality, integrity, or availability might cause severe degradation in or loss of mission capability to an extent.
A.
The loss of confidentiality, integrity, or availability might cause severe degradation in or loss of mission capability to an extent.
Answers
B.
The loss of confidentiality, integrity, or availability might result in major financial losses.
B.
The loss of confidentiality, integrity, or availability might result in major financial losses.
Answers
C.
The loss of confidentiality, integrity, or availability might result in a major damage to organizational assets.
C.
The loss of confidentiality, integrity, or availability might result in a major damage to organizational assets.
Answers
D.
The loss of confidentiality, integrity, or availability might result in severe damages like life threatening injuries or loss of life.
D.
The loss of confidentiality, integrity, or availability might result in severe damages like life threatening injuries or loss of life.
Answers
Suggested answer: A, B, C, D

Question 199

Report
Export
Collapse

Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution.

Choose all that apply.

A.
Chief Information Officer
A.
Chief Information Officer
Answers
B.
AO Designated Representative
B.
AO Designated Representative
Answers
C.
Senior Information Security Officer
C.
Senior Information Security Officer
Answers
D.
User Representative
D.
User Representative
Answers
E.
Authorizing Official
E.
Authorizing Official
Answers
Suggested answer: A, B, C, E

Question 200

Report
Export
Collapse

Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems

A.
Computer Fraud and Abuse Act
A.
Computer Fraud and Abuse Act
Answers
B.
Computer Security Act
B.
Computer Security Act
Answers
C.
Gramm-Leach-Bliley Act
C.
Gramm-Leach-Bliley Act
Answers
D.
Digital Millennium Copyright Act
D.
Digital Millennium Copyright Act
Answers
Suggested answer: A
Total 214 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms