New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium ISC ISSEP Dumps Questions Answers

Page: 1 / 8
Total 221 questions

ISSEP Information Systems Security Engineering Professional Questions and Answers

Question 1

Which of the following DITSCAPNIACAP model phases is used to show the required evidence to support the DAA in accreditation process and conclude in an Approval To Operate (ATO)

Options:

A.

Verification

B.

Validation

C.

Post accreditation

D.

Definition

Buy Now
Question 2

Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event

Options:

A.

Earned value management

B.

Risk audit

C.

Corrective action

D.

Technical performance measurement

Question 3

Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality

Options:

A.

Information Protection Policy (IPP)

B.

IMM

C.

System Security Context

D.

CONOPS

Question 4

Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions

Options:

A.

DTIC

B.

NSA IAD

C.

DIAP

D.

DARPA

Question 5

Which of the following terms describes the measures that protect and support information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

Options:

A.

Information Systems Security Engineering (ISSE)

B.

Information Protection Policy (IPP)

C.

Information systems security (InfoSec)

D.

Information Assurance (IA)

Question 6

Which of the following tasks prepares the technical management plan in planning the technical effort

Options:

A.

Task 10

B.

Task 9

C.

Task 7

D.

Task 8

Question 7

Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation

Options:

A.

Chief Information Officer

B.

Chief Information Security Officer

C.

Chief Risk Officer

D.

Information System Owner

Question 8

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information

Options:

A.

Type III cryptography

B.

Type III (E) cryptography

C.

Type II cryptography

D.

Type I cryptography

Question 9

Fill in the blanks with an appropriate phrase. A ________ is an approved build of the product, and can be a single component or a combination of components.

Options:

A.

development baseline

Question 10

In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47, do the organizations build and execute a plan for establishing the interconnection, including executing or configuring appropriate security controls

Options:

A.

Establishing the interconnection

B.

Planning the interconnection

C.

Disconnecting the interconnection

D.

Maintaining the interconnection

Question 11

Which of the following memorandums reminds the Federal agencies that it is required by law and policy to establish clear privacy policies for Web activities and to comply with those policies

Options:

A.

OMB M-01-08

B.

OMB M-03-19

C.

OMB M-00-07

D.

OMB M-00-13

Question 12

Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States

Options:

A.

Lanham Act

B.

FISMA

C.

Computer Fraud and Abuse Act

D.

Computer Misuse Act

Question 13

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

CA Certification, Accreditation, and Security Assessments

B.

Information systems acquisition, development, and maintenance

C.

IR Incident Response

D.

SA System and Services Acquisition

Question 14

Fill in the blank with an appropriate phrase. The ______________ process is used for allocating performance and designing the requirements to each function.

Options:

A.

functional allocation

Question 15

Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions

Options:

A.

DTIC

B.

NSA IAD

C.

DIAP

D.

DARPA

Question 16

Which of the CNSS policies describes the national policy on certification and accreditation of national security telecommunications and information systems

Options:

A.

NSTISSP No. 7

B.

NSTISSP No. 11

C.

NSTISSP No. 6

D.

NSTISSP No. 101

Question 17

Which of the following individuals reviews and approves project deliverables from a QA perspective

Options:

A.

Information systems security engineer

B.

System owner

C.

Quality assurance manager

D.

Project manager

Question 18

Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support

Options:

A.

Registration Task 4

B.

Registration Task 1

C.

Registration Task 3

D.

Registration Task 2

Question 19

Which of the following cooperative programs carried out by NIST provides a nationwide network of local centers offering technical and business assistance to small manufacturers

Options:

A.

NIST Laboratories

B.

Advanced Technology Program

C.

Manufacturing Extension Partnership

D.

Baldrige National Quality Program

Question 20

Which of the following security controls will you use for the deployment phase of the SDLC to build secure software Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Risk Adjustments

B.

Security Certification and Accreditation (C&A)

C.

Vulnerability Assessment and Penetration Testing

D.

Change and Configuration Control

Question 21

Which of the following processes provides guidance to the system designers and form the basis of major events in the acquisition phases, such as testing the products for system integration

Options:

A.

Operational scenarios

B.

Functional requirements

C.

Human factors

D.

Performance requirements

Question 22

Which of the following firewall types operates at the Network layer of the OSI model and can filter data by port, interface address, source address, and destination address

Options:

A.

Circuit-level gateway

B.

Application gateway

C.

Proxy server

D.

Packet Filtering

Question 23

Which of the following statements is true about residual risks

Options:

A.

It can be considered as an indicator of threats coupled with vulnerability.

B.

It is a weakness or lack of safeguard that can be exploited by a threat.

C.

It is the probabilistic risk after implementing all security measures.

D.

It is the probabilistic risk before implementing all security measures.

Question 24

Which of the following cooperative programs carried out by NIST encourages performance excellence among U.S. manufacturers, service companies, educational institutions, and healthcare providers

Options:

A.

Manufacturing Extension Partnership

B.

Baldrige National Quality Program

C.

Advanced Technology Program

D.

NIST Laboratories

Question 25

Which of the following are the benefits of SE as stated by MIL-STD-499B Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It develops work breakdown structures and statements of work.

B.

It establishes and maintains configuration management of the system.

C.

It develops needed user training equipment, procedures, and data.

D.

It provides high-quality products and services, with the correct people and performance features, at an affordable price, and on time.

Question 26

Which of the following processes illustrate the study of a technical nature of interest to focused audience, and consist of interim or final reports on work made by NIST for external sponsors, including government and non-government sponsors

Options:

A.

Federal Information Processing Standards (FIPS)

B.

Special Publication (SP)

C.

NISTIRs (Internal Reports)

D.

DIACAP

Question 27

Which of the following characteristics are described by the DIAP Information Readiness Assessment function Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It performs vulnerabilitythreat analysis assessment.

B.

It provides for entry and storage of individual system data.

C.

It provides data needed to accurately assess IA readiness.

D.

It identifies and generates IA requirements.

Question 28

Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology systems and architectures and of the decision criteria which is used to evaluate security for information systems investments

Options:

A.

OMB M-00-13

B.

OMB M-99-18

C.

OMB M-00-07

D.

OMB M-03-19

Question 29

You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation of Federal Information Systems

Options:

A.

NIST Special Publication 800-59

B.

NIST Special Publication 800-37

C.

NIST Special Publication 800-60

D.

NIST Special Publication 800-53

Question 30

Which of the following certification levels requires the completion of the minimum security checklist and more in-depth, independent analysis

Options:

A.

CL 3

B.

CL 4

C.

CL 2

D.

CL 1

Question 31

What NIACAP certification levels are recommended by the certifier Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Basic System Review

B.

Basic Security Review

C.

Maximum Analysis

D.

Comprehensive Analysis

E.

Detailed Analysis

F.

Minimum Analysis

Question 32

There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event

Options:

A.

Acceptance

B.

Enhance

C.

Share

D.

Exploit

Page: 1 / 8
Total 221 questions