CISSP-ISSEP - Information Systems Security Engineering Professional

Go back to ISC2

Example Questions

You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation of Federal Information Systems Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology systems and architectures and of the decision criteria which is used to evaluate security for information systems investments Which of the following individuals reviews and approves project deliverables from a QA perspective Which of the following certification levels requires the completion of the minimum security checklist and more in-depth, independent analysis Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which of the following is the correct order of C&A phases in a DITSCAP assessment DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires high integrity and medium availability Which of the following are the most important tasks of the Information Management Plan (IMP) Each correct answer represents a complete solution. Choose all that apply. Which of the following NIST documents describes that minimizing negative impact on an organization and a need for sound basis in decision making are the fundamental reasons organizations implement a risk management process for their IT systems Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response. Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created Which of the following acts promote a risk-based policy for cost effective security Each correct answer represents a part of the solution. Choose all that apply. Which of the following are the ways of sending secure e-mail messages over the Internet Each correct answer represents a complete solution. Choose two. A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies Each correct answer represents a complete solution. Choose all that apply. Which of the following categories of system specification describes the technical, performance, operational, maintenance, and support characteristics for the entire system Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package You work as an ISSE for BlueWell Inc. You want to break down user roles, processes, and information until ambiguity is reduced to a satisfactory degree. Which of the following tools will help you to perform the above task Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques and measures selected or developed Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators Which of the following are the functional analysis and allocation tools Each correct answer represents a complete solution. Choose all that apply. Which of the following elements of Registration task 4 defines the operating system, database management system, and software applications, and how they will be used Which of the following protocols is built in the Web server and browser to encrypt data traveling over the Internet Which of the following Net-Centric Data Strategy goals are required to increase enterprise and community data over private user and system data Each correct answer represents a complete solution. Choose all that apply. Which of the following responsibilities are executed by the federal program manager Which of the following Registration Tasks sets up the system architecture description, and describes the C&A boundary Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information Which of the following is a 1996 United States federal law, designed to improve the way the federal government acquires, uses, and disposes information technology TQM recognizes that quality of all the processes within an organization contribute to the quality of the product. Which of the following are the most important activities in the Total Quality Management Each correct answer represents a complete solution. Choose all that apply. Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense Which of the following protocols is used to establish a secure terminal to a remote network device Which of the following acts assigns the Chief Information Officers (CIO) with the responsibility to develop Information Technology Architectures (ITAs) and is also referred to as the Information Technology Management Reform Act (ITMRA) Which of the following cooperative programs carried out by NIST conducts research to advance the nation's technology infrastructure Which of the following documents is described in the statement below It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning. Which of the following organizations is a USG initiative designed to meet the security testing, evaluation, and assessment needs of both information technology (IT) producers and consumers Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support Which of the following acts is endorsed to provide a clear statement of the proscribed activity concerning computers to the law enforcement community, those who own and operate computers, and those tempted to commit crimes by unauthorized access to computers The DoD 8500 policy series represents the Department's information assurance strategy. Which of the following objectives are defined by the DoD 8500 series Each correct answer represents a complete solution. Choose all that apply. Which of the following DoD policies establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply. Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation Each correct answer represents a complete solution. Choose all that apply. Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States Which of the following sections of the SEMP template defines the project constraints, to include constraints on funding, personnel, facilities, manufacturing capability and capacity, critical resources, and other constraints The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment Each correct answer represents a part of the solution. Choose all that apply. Which of the following federal laws establishes roles and responsibilities for information security, risk management, testing, and training, and authorizes NIST and NSA to provide guidance for security planning and implementation Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information In which of the following phases of the interconnection life cycle as defined by NIST SP 800- 47 does the participating organizations perform the following tasks Perform preliminary activities. Examine all relevant technical, security and administrative issues. Form an agreement governing the management, operation, and use of the interconnection. Which of the following is NOT used in the practice of Information Assurance (IA) to define assurance requirements Which of the of following departments protects and supports DoD information, information systems, and information networks that are critical to the department and the armed forces during the day-to-day operations, and in the time of crisis Which of the following assessment methodologies defines a six-step technical security evaluation

Study Guides