Massive Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ISC CISSP-ISSEP ISSEP Information Systems Security Engineering Professional Exam Practice Test

Demo: 31 questions
Total 213 questions

ISSEP Information Systems Security Engineering Professional Questions and Answers

Question 1

Which of the following are the benefits of SE as stated by MIL-STD-499B Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It develops work breakdown structures and statements of work.

B.

It establishes and maintains configuration management of the system.

C.

It develops needed user training equipment, procedures, and data.

D.

It provides high-quality products and services, with the correct people and performance features, at an affordable price, and on time.

Question 2

Which of the following individuals is an upper-level manager who has the power and capability to evaluate the mission, business case, and budgetary needs of the system while also considering the security risks

Options:

A.

User Representative

B.

Program Manager

C.

Certifier

D.

DAA

Question 3

Which of the following approaches can be used to build a security program Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Right-Up Approach

B.

Left-Up Approach

C.

Bottom-Up Approach

D.

Top-Down Approach

Question 4

Which of the following is the application of statistical methods to the monitoring and control of a process to ensure that it operates at its full potential to produce conforming product

Options:

A.

Information Assurance (IA)

B.

Statistical process control (SPC)

C.

Information Protection Policy (IPP)

D.

Information management model (IMM)

Question 5

You work as a systems engineer for BlueWell Inc. You want to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. Which of the following processes will you use to accomplish the task

Options:

A.

Information Assurance (IA)

B.

Risk Management

C.

Risk Analysis

D.

Information Systems Security Engineering (ISSE)

Question 6

Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart

Options:

A.

Risk response plan

B.

Quantitative analysis

C.

Risk response

D.

Contingency reserve

Question 7

Which of the following federal agencies coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produces foreign intelligence information

Options:

A.

National Institute of Standards and Technology (NIST)

B.

National Security AgencyCentral Security Service (NSACSS)

C.

Committee on National Security Systems (CNSS)

D.

United States Congress

Question 8

Which of the following is a subset discipline of Corporate Governance focused on information security systems and their performance and risk management

Options:

A.

Computer Misuse Act

B.

Clinger-Cohen Act

C.

ISG

D.

Lanham Act

Question 9

According to which of the following DoD policies, the implementation of DITSCAP is mandatory for all the systems that process both DoD classified and unclassified information?

Options:

A.

DoD 8500.2

B.

DoDI 5200.40

C.

DoD 8510.1-M DITSCAP

D.

DoD 8500.1 (IAW)

Question 10

Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which of the following is the correct order of C&A phases in a DITSCAP assessment

Options:

A.

Definition, Validation, Verification, and Post Accreditation

B.

Verification, Definition, Validation, and Post Accreditation

C.

Verification, Validation, Definition, and Post Accreditation

D.

Definition, Verification, Validation, and Post Accreditation

Question 11

Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system

Options:

A.

Security Control Assessment Task 4

B.

Security Control Assessment Task 3

C.

Security Control Assessment Task 1

D.

Security Control Assessment Task 2

Question 12

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident

Options:

A.

Corrective controls

B.

Safeguards

C.

Detective controls

D.

Preventive controls

Question 13

Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information

Options:

A.

Federal Information Processing Standard (FIPS)

B.

Special Publication (SP)

C.

NISTIRs (Internal Reports)

D.

DIACAP by the United States Department of Defense (DoD)

Question 14

The Concept of Operations (CONOPS) is a document describing the characteristics of a proposed system from the viewpoint of an individual who will use that system. Which of the following points are included in CONOPS Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Strategies, tactics, policies, and constraints affecting the system

B.

Organizations, activities, and interactions among participants and stakeholders

C.

Statement of the structure of the system

D.

Clear statement of responsibilities and authorities delegated

E.

Statement of the goals and objectives of the system

Question 15

Which of the following processes provides guidance to the system designers and form the basis of major events in the acquisition phases, such as testing the products for system integration

Options:

A.

Operational scenarios

B.

Functional requirements

C.

Human factors

D.

Performance requirements

Question 16

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control

Options:

A.

Quantitative risk analysis

B.

Risk audits

C.

Requested changes

D.

Qualitative risk analysis

Question 17

Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through the filter

Options:

A.

Stateless packet filter firewall

B.

PIX firewall

C.

Stateful packet filter firewall

D.

Virtual firewall

Question 18

Which of the following federal laws establishes roles and responsibilities for information security, risk management, testing, and training, and authorizes NIST and NSA to provide guidance for security planning and implementation

Options:

A.

Computer Fraud and Abuse Act

B.

Government Information Security Reform Act (GISRA)

C.

Federal Information Security Management Act (FISMA)

D.

Computer Security Act

Question 19

Which of the following are the phases of the Certification and Accreditation (C&A) process Each correct answer represents a complete solution. Choose two.

Options:

A.

Auditing

B.

Initiation

C.

Continuous Monitoring

D.

Detection

Question 20

Which of the following statements is true about residual risks

Options:

A.

It can be considered as an indicator of threats coupled with vulnerability.

B.

It is a weakness or lack of safeguard that can be exploited by a threat.

C.

It is the probabilistic risk after implementing all security measures.

D.

It is the probabilistic risk before implementing all security measures.

Question 21

Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life

Options:

A.

National Institute of Standards and Technology (NIST)

B.

National Security Agency (NSA)

C.

Committee on National Security Systems (CNSS)

D.

United States Congress

Question 22

The principle of the SEMP is not to repeat the information, but rather to ensure that there are processes in place to conduct those functions. Which of the following sections of the SEMP template describes the work authorization procedures as well as change management approval processes

Options:

A.

Section 3.1.8

B.

Section 3.1.9

C.

Section 3.1.5

D.

Section 3.1.7

Question 23

Which of the following cooperative programs carried out by NIST speed ups the development of modern technologies for broad, national benefit by co-funding research and development partnerships with the private sector

Options:

A.

Baldrige National Quality Program

B.

Advanced Technology Program

C.

Manufacturing Extension Partnership

D.

NIST Laboratories

Question 24

Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats

Options:

A.

System Security Context

B.

Information Protection Policy (IPP)

C.

CONOPS

D.

IMM

Question 25

FIPS 199 defines the three levels of potential impact on organizations. Which of the following potential impact levels shows limited adverse effects on organizational operations, organizational assets, or individuals

Options:

A.

Moderate

B.

Medium

C.

High

D.

Low

Question 26

Which of the following cooperative programs carried out by NIST provides a nationwide network of local centers offering technical and business assistance to small manufacturers

Options:

A.

NIST Laboratories

B.

Advanced Technology Program

C.

Manufacturing Extension Partnership

D.

Baldrige National Quality Program

Question 27

Which of the following categories of system specification describes the technical, performance, operational, maintenance, and support characteristics for the entire system

Options:

A.

Process specification

B.

Product specification

C.

Development specification

D.

System specification

Question 28

Fill in the blank with an appropriate phrase. The ____________ helps the customer understand and document the information management needs that support the business or mission.

Options:

A.

systems engineer

Question 29

Which of the following configuration management system processes keeps track of the changes so that the latest acceptable configuration specifications are readily available

Options:

A.

Configuration Identification

B.

Configuration Verification and Audit

C.

Configuration Status and Accounting

D.

Configuration Control

Question 30

Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It identifies the information protection problems that needs to be solved.

B.

It allocates security mechanisms to system security design elements.

C.

It identifies custom security products.

D.

It identifies candidate commercial off-the-shelf (COTS)government off-the-shelf (GOTS) security products.

Question 31

Which of the following certification levels requires the completion of the minimum security checklist, and the system user or an independent certifier can complete the checklist

Options:

A.

CL 2

B.

CL 3

C.

CL 1

D.

CL 4

Demo: 31 questions
Total 213 questions