Massive Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ISC ISSEP ISSEP Information Systems Security Engineering Professional Exam Practice Test

Demo: 32 questions
Total 221 questions

ISSEP Information Systems Security Engineering Professional Questions and Answers

Question 1

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using

Options:

A.

Risk acceptance

B.

Risk mitigation

C.

Risk avoidance

D.

Risk transfer

Question 2

Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task

Options:

A.

Security Certification

B.

Security Accreditation

C.

Initiation

D.

Continuous Monitoring

Question 3

The Concept of Operations (CONOPS) is a document describing the characteristics of a proposed system from the viewpoint of an individual who will use that system. Which of the following points are included in CONOPS Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Strategies, tactics, policies, and constraints affecting the system

B.

Organizations, activities, and interactions among participants and stakeholders

C.

Statement of the structure of the system

D.

Clear statement of responsibilities and authorities delegated

E.

Statement of the goals and objectives of the system

Question 4

Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system

Options:

A.

Security Control Assessment Task 4

B.

Security Control Assessment Task 3

C.

Security Control Assessment Task 1

D.

Security Control Assessment Task 2

Question 5

Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems

Options:

A.

National Security AgencyCentral Security Service (NSACSS)

B.

National Institute of Standards and Technology (NIST)

C.

United States Congress

D.

Committee on National Security Systems (CNSS)

Question 6

You have been tasked with finding an encryption methodology that will encrypt most types of email attachments. The requirements are that your solution must use the RSA algorithm. Which of the following is your best choice

Options:

A.

PGP

B.

SMIME

C.

DES

D.

Blowfish

Question 7

Which of the following Registration Tasks sets up the system architecture description, and describes the C&A boundary

Options:

A.

Registration Task 3

B.

Registration Task 4

C.

Registration Task 2

D.

Registration Task 1

Question 8

Which of the following responsibilities are executed by the federal program manager

Options:

A.

Ensure justification of expenditures and investment in systems engineering activities.

B.

Coordinate activities to obtain funding.

C.

Review project deliverables.

D.

Review and approve project plans.

Question 9

Which of the following statements is true about residual risks

Options:

A.

It can be considered as an indicator of threats coupled with vulnerability.

B.

It is a weakness or lack of safeguard that can be exploited by a threat.

C.

It is the probabilistic risk after implementing all security measures.

D.

It is the probabilistic risk before implementing all security measures.

Question 10

Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions

Options:

A.

DTIC

B.

NSA IAD

C.

DIAP

D.

DARPA

Question 11

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199 Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

High

B.

Medium

C.

Low

D.

Moderate

Question 12

Which of the following types of CNSS issuances establishes or describes policy and programs, provides authority, or assigns responsibilities

Options:

A.

Instructions

B.

Directives

C.

Policies

D.

Advisory memoranda

Question 13

Which of the following elements of Registration task 4 defines the operating system, database management system, and software applications, and how they will be used

Options:

A.

System firmware

B.

System interface

C.

System software

D.

System hardware

Question 14

Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States

Options:

A.

Lanham Act

B.

FISMA

C.

Computer Fraud and Abuse Act

D.

Computer Misuse Act

Question 15

Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information

Options:

A.

Federal Information Processing Standard (FIPS)

B.

Special Publication (SP)

C.

NISTIRs (Internal Reports)

D.

DIACAP by the United States Department of Defense (DoD)

Question 16

DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires basic integrity and availability

Options:

A.

MAC I

B.

MAC II

C.

MAC IV

D.

MAC III

Question 17

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

CA Certification, Accreditation, and Security Assessments

B.

Information systems acquisition, development, and maintenance

C.

IR Incident Response

D.

SA System and Services Acquisition

Question 18

Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual

Options:

A.

DoD 8910.1

B.

DoD 7950.1-M

C.

DoD 5200.22-M

D.

DoD 5200.1-R

E.

DoDD 8000.1

Question 19

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident

Options:

A.

Corrective controls

B.

Safeguards

C.

Detective controls

D.

Preventive controls

Question 20

According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

DC Security Design & Configuration

B.

EC Enclave and Computing Environment

C.

VI Vulnerability and Incident Management

D.

Information systems acquisition, development, and maintenance

Question 21

Which of the following configuration management system processes keeps track of the changes so that the latest acceptable configuration specifications are readily available

Options:

A.

Configuration Identification

B.

Configuration Verification and Audit

C.

Configuration Status and Accounting

D.

Configuration Control

Question 22

Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation

Options:

A.

Chief Information Officer

B.

Chief Information Security Officer

C.

Chief Risk Officer

D.

Information System Owner

Question 23

Which of the following are the phases of the Certification and Accreditation (C&A) process Each correct answer represents a complete solution. Choose two.

Options:

A.

Auditing

B.

Initiation

C.

Continuous Monitoring

D.

Detection

Question 24

Which of the following are the major tasks of risk management Each correct answer represents a complete solution. Choose two.

Options:

A.

Risk identification

B.

Building Risk free systems

C.

Assuring the integrity of organizational data

D.

Risk control

Question 25

Which of the following individuals is an upper-level manager who has the power and capability to evaluate the mission, business case, and budgetary needs of the system while also considering the security risks

Options:

A.

User Representative

B.

Program Manager

C.

Certifier

D.

DAA

Question 26

Fill in the blank with an appropriate phrase. _________________ is used to verify and accredit systems by making a standard process, set of activities, general tasks, and management structure.

Options:

A.

DITSCAPNIACAP

Question 27

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Certification

B.

Authorization

C.

Post-certification

D.

Post-Authorization

E.

Pre-certification

Question 28

Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators

Options:

A.

ISO 90012000

B.

Benchmarking

C.

SEI-CMM

D.

Six Sigma

Question 29

Which of the following cooperative programs carried out by NIST encourages performance excellence among U.S. manufacturers, service companies, educational institutions, and healthcare providers

Options:

A.

Manufacturing Extension Partnership

B.

Baldrige National Quality Program

C.

Advanced Technology Program

D.

NIST Laboratories

Question 30

Choose and reorder the steps to built the system security architectures in accordance with the DoDAF.

Options:

A.

Question 31

Choose and reorder the tasks performed in Plan the effort process.

Options:

A.

Question 32

Which of the following federal laws are related to hacking activities Each correct answer represents a complete solution. Choose three.

Options:

A.

18 U.S.C. 1030

B.

18 U.S.C. 1029

C.

18 U.S.C. 2510

D.

18 U.S.C. 1028

Demo: 32 questions
Total 221 questions