Summer Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

ISC ISSEP ISSEP Information Systems Security Engineering Professional Exam Practice Test

Page: 1 / 22
Total 221 questions

ISSEP Information Systems Security Engineering Professional Questions and Answers

Question 1

Which of the following Net-Centric Data Strategy goals are required to increase enterprise and community data over private user and system data Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Understandability

B.

Visibility

C.

Interoperability

D.

Accessibility

Question 2

Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy

Options:

A.

Networks and Infrastructures

B.

Supporting Infrastructures

C.

Enclave Boundaries

D.

Local Computing Environments

Question 3

You work as a systems engineer for BlueWell Inc. You want to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. Which of the following processes will you use to accomplish the task

Options:

A.

Information Assurance (IA)

B.

Risk Management

C.

Risk Analysis

D.

Information Systems Security Engineering (ISSE)

Question 4

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199 Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

High

B.

Medium

C.

Low

D.

Moderate

Question 5

Which of the following acts promote a risk-based policy for cost effective security Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Clinger-Cohen Act

B.

Lanham Act

C.

Paperwork Reduction Act (PRA)

D.

Computer Misuse Act

Question 6

You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of the following tests will help you to perform the above task

Options:

A.

Functional test

B.

Reliability test

C.

Performance test

D.

Regression test

Question 7

The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on behalf of the performing organization. Which one of the following is NOT an example of the transference risk response

Options:

A.

Warranties

B.

Performance bonds

C.

Use of insurance

D.

Life cycle costing

Question 8

You work as a systems engineer for BlueWell Inc. You are working on translating system requirements into detailed function criteria. Which of the following diagrams will help you to show all of the function requirements and their groupings in one diagram

Options:

A.

Activity diagram

B.

Functional flow block diagram (FFBD)

C.

Functional hierarchy diagram

D.

Timeline analysis diagram

Question 9

Which of the following federal laws is designed to protect computer data from theft

Options:

A.

Federal Information Security Management Act (FISMA)

B.

Computer Fraud and Abuse Act (CFAA)

C.

Government Information Security Reform Act (GISRA)

D.

Computer Security Act

Question 10

Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy

Options:

A.

Trusted computing base (TCB)

B.

Common data security architecture (CDSA)

C.

Internet Protocol Security (IPSec)

D.

Application program interface (API)

Question 11

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted as a Federal Information Processing Standard

Options:

A.

Type III (E) cryptography

B.

Type III cryptography

C.

Type I cryptography

D.

Type II cryptography

Question 12

Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls

Options:

A.

IATO

B.

DATO

C.

ATO

D.

IATT

Question 13

Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems

Options:

A.

Computer Fraud and Abuse Act

B.

Computer Security Act

C.

Gramm-Leach-Bliley Act

D.

Digital Millennium Copyright Act

Question 14

Which of the following CNSS policies describes the national policy on use of cryptomaterial by activities operating in high risk environments

Options:

A.

CNSSP No. 14

B.

NCSC No. 5

C.

NSTISSP No. 6

D.

NSTISSP No. 7

Question 15

DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires high integrity and medium availability

Options:

A.

MAC I

B.

MAC II

C.

MAC III

D.

MAC IV

Question 16

Continuous Monitoring is the fourth phase of the security certification and accreditation process. What activities are performed in the Continuous Monitoring process Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Status reporting and documentation

B.

Security control monitoring and impact analyses of changes to the information system

C.

Configuration management and control

D.

Security accreditation documentation E. Security accreditation decision

Question 17

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident

Options:

A.

Corrective controls

B.

Safeguards

C.

Detective controls

D.

Preventive controls

Question 18

Which of the following cooperative programs carried out by NIST encourages performance excellence among U.S. manufacturers, service companies, educational institutions, and healthcare providers

Options:

A.

Manufacturing Extension Partnership

B.

Baldrige National Quality Program

C.

Advanced Technology Program

D.

NIST Laboratories

Question 19

An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Ascertaining the security posture of the organization's information system

B.

Reviewing security status reports and critical security documents

C.

Determining the requirement of reauthorization and reauthorizing information systems when required

D.

Establishing and implementing the organization's continuous monitoring program

Question 20

Which of the following certification levels requires the completion of the minimum security checklist and more in-depth, independent analysis

Options:

A.

CL 3

B.

CL 4

C.

CL 2

D.

CL 1

Question 21

Which of the following cooperative programs carried out by NIST conducts research to advance the nation's technology infrastructure

Options:

A.

Manufacturing Extension Partnership

B.

NIST Laboratories

C.

Baldrige National Quality Program

D.

Advanced Technology Program

Question 22

Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system

Options:

A.

System Owner

B.

Information Systems Security Officer (ISSO)

C.

Designated Approving Authority (DAA)

D.

Chief Information Security Officer (CISO)

Question 23

You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A methodology, which is based on four well defined phases. In which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occur

Options:

A.

Continuous Monitoring

B.

Initiation

C.

Security Certification

D.

Security Accreditation

Question 24

Which of the following processes describes the elements such as quantity, quality, coverage, timelines, and availability, and categorizes the different functions that the system will need to perform in order to gather the documented missionbusiness needs

Options:

A.

Functional requirements

B.

Operational scenarios

C.

Human factors

D.

Performance requirements

Question 25

You work as a security engineer for BlueWell Inc. According to you, which of the following DITSCAPNIACAP model phases occurs at the initiation of the project, or at the initial C&A effort of a legacy system

Options:

A.

Post Accreditation

B.

Definition

C.

Verification

D.

Validation

Question 26

Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response. Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created

Options:

A.

The level of detail must define exactly the risk response for each identified risk.

B.

The level of detail is set of project risk governance.

C.

The level of detail is set by historical information.

D.

The level of detail should correspond with the priority ranking.

Question 27

Which of the following rated systems of the Orange book has mandatory protection of the TCB

Options:

A.

C-rated

B.

B-rated

C.

D-rated

D.

A-rated

Question 28

DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires basic integrity and availability

Options:

A.

MAC I

B.

MAC II

C.

MAC IV

D.

MAC III

Question 29

Which of the following tasks prepares the technical management plan in planning the technical effort

Options:

A.

Task 10

B.

Task 9

C.

Task 7

D.

Task 8

Question 30

Which of the following organizations is a USG initiative designed to meet the security testing, evaluation, and assessment needs of both information technology (IT) producers and consumers

Options:

A.

NSA

B.

NIST

C.

CNSS

D.

NIAP

Question 31

Which of the following documents is described in the statement below It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning.

Options:

A.

Risk management plan

B.

Project charter

C.

Quality management plan

D.

Risk register

Question 32

There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event

Options:

A.

Acceptance

B.

Enhance

C.

Share

D.

Exploit

Page: 1 / 22
Total 221 questions