ExamGecko
Search Search Login
Home Home / ISC / CISSP-ISSEP

ISC CISSP-ISSEP Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support
Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities
Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system
Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply.
You work as a systems engineer for BlueWell Inc. You want to communicate the quantitative and qualitative system characteristics to all stakeholders. Which of the following documents will you use to achieve the above task
Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy
Which of the following is the application of statistical methods to the monitoring and control of a process to ensure that it operates at its full potential to produce conforming product
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event
Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package
Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one

Question 21

Report
Export
Collapse

DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires basic integrity and availability

A.
MAC I
A.
MAC I
Answers
B.
MAC II
B.
MAC II
Answers
C.
MAC IV
C.
MAC IV
Answers
D.
MAC III
D.
MAC III
Answers
Suggested answer: D

Question 22

Report
Export
Collapse

What are the responsibilities of a system owner Each correct answer represents a complete solution. Choose all that apply.

A.
Integrates security considerations into application and system purchasing decisions and development projects.
A.
Integrates security considerations into application and system purchasing decisions and development projects.
Answers
B.
Ensures that the necessary security controls are in place.
B.
Ensures that the necessary security controls are in place.
Answers
C.
Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on.
C.
Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on.
Answers
D.
Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.
D.
Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.
Answers
Suggested answer: A, C, D

Question 23

Report
Export
Collapse

Which of the following Registration Tasks sets up the business or operational functional description and system identification

A.
Registration Task 2
A.
Registration Task 2
Answers
B.
Registration Task 1
B.
Registration Task 1
Answers
C.
Registration Task 3
C.
Registration Task 3
Answers
D.
Registration Task 4
D.
Registration Task 4
Answers
Suggested answer: B

Question 24

Report
Export
Collapse

SIMULATION

Fill in the blank with an appropriate section name. _________________ is a section of the SEMP template, which specifies the methods and reasoning planned to build the requisite trade-offs between functionality, performance, cost, and risk.

A.
System Analysis
A.
System Analysis
Answers
Suggested answer: A

Question 25

Report
Export
Collapse

Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems

A.
National Security AgencyCentral Security Service (NSACSS)
A.
National Security AgencyCentral Security Service (NSACSS)
Answers
B.
National Institute of Standards and Technology (NIST)
B.
National Institute of Standards and Technology (NIST)
Answers
C.
United States Congress
C.
United States Congress
Answers
D.
Committee on National Security Systems (CNSS)
D.
Committee on National Security Systems (CNSS)
Answers
Suggested answer: D

Question 26

Report
Export
Collapse

Which of the following statements is true about residual risks

A.
It can be considered as an indicator of threats coupled with vulnerability.
A.
It can be considered as an indicator of threats coupled with vulnerability.
Answers
B.
It is a weakness or lack of safeguard that can be exploited by a threat.
B.
It is a weakness or lack of safeguard that can be exploited by a threat.
Answers
C.
It is the probabilistic risk after implementing all security measures.
C.
It is the probabilistic risk after implementing all security measures.
Answers
D.
It is the probabilistic risk before implementing all security measures.
D.
It is the probabilistic risk before implementing all security measures.
Answers
Suggested answer: C

Question 27

Report
Export
Collapse

According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD Each correct answer represents a complete solution. Choose all that apply.

A.
DC Security Design & Configuration
A.
DC Security Design & Configuration
Answers
B.
EC Enclave and Computing Environment
B.
EC Enclave and Computing Environment
Answers
C.
VI Vulnerability and Incident Management
C.
VI Vulnerability and Incident Management
Answers
D.
Information systems acquisition, development, and maintenance
D.
Information systems acquisition, development, and maintenance
Answers
Suggested answer: A, B, C

Question 28

Report
Export
Collapse

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.

A.
Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
A.
Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
Answers
B.
Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
B.
Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
Answers
C.
Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
C.
Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
Answers
D.
Certification is the official management decision given by a senior agency official to authorize operation of an information system.
D.
Certification is the official management decision given by a senior agency official to authorize operation of an information system.
Answers
Suggested answer: B, C

Question 29

Report
Export
Collapse

Which of the following protocols is built in the Web server and browser to encrypt data traveling over the Internet

A.
UDP
A.
UDP
Answers
B.
SSL
B.
SSL
Answers
C.
IPSec
C.
IPSec
Answers
D.
HTTP
D.
HTTP
Answers
Suggested answer: B

Question 30

Report
Export
Collapse

Which of the following configuration management system processes defines which items will be configuration managed, how they are to be identified, and how they are to be documented

A.
Configuration verification and audit
A.
Configuration verification and audit
Answers
B.
Configuration control
B.
Configuration control
Answers
C.
Configuration status accounting
C.
Configuration status accounting
Answers
D.
Configuration identification
D.
Configuration identification
Answers
Suggested answer: D
Total 214 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms