New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

Note! ISC has retired the CISSP-ISSEP Exam Contact us through Live Chat or email us for more information.

CISSP-ISSEP ISSEP Information Systems Security Engineering Professional Questions and Answers

Questions 4

Which of the following acts assigns the Chief Information Officers (CIO) with the responsibility to develop Information Technology Architectures (ITAs) and is also referred to as the Information Technology Management Reform Act (ITMRA)

Options:

A.

Paperwork Reduction Act

B.

Computer Misuse Act

C.

Lanham Act

D.

Clinger Cohen Act

Buy Now
Questions 5

Fill in the blank with an appropriate phrase. A ____________________ is defined as any activity that has an effect on defining, designing, building, or executing a task, requirement, or procedure.

Options:

A.

technical effort

Buy Now
Questions 6

Which of the following cooperative programs carried out by NIST speed ups the development of modern technologies for broad, national benefit by co-funding research and development partnerships with the private sector

Options:

A.

Baldrige National Quality Program

B.

Advanced Technology Program

C.

Manufacturing Extension Partnership

D.

NIST Laboratories

Buy Now
Questions 7

The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan

B.

Preserving high-level communications and working group relationships in an organization

C.

Establishing effective continuous monitoring program for the organization

D.

Facilitating the sharing of security risk-related information among authorizing officials

Buy Now
Questions 8

Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats

Options:

A.

System Security Context

B.

Information Protection Policy (IPP)

C.

CONOPS

D.

IMM

Buy Now
Questions 9

Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response. Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created

Options:

A.

The level of detail must define exactly the risk response for each identified risk.

B.

The level of detail is set of project risk governance.

C.

The level of detail is set by historical information.

D.

The level of detail should correspond with the priority ranking.

Buy Now
Questions 10

The DoD 8500 policy series represents the Department's information assurance strategy. Which of the following objectives are defined by the DoD 8500 series Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Providing IA Certification and Accreditation

B.

Providing command and control and situational awareness

C.

Defending systems

D.

Protecting information

Buy Now
Questions 11

Which of the following categories of system specification describes the technical, performance, operational, maintenance, and support characteristics for the entire system

Options:

A.

Process specification

B.

Product specification

C.

Development specification

D.

System specification

Buy Now
Questions 12

Which of the following CNSS policies describes the national policy on use of cryptomaterial by activities operating in high risk environments

Options:

A.

CNSSP No. 14

B.

NCSC No. 5

C.

NSTISSP No. 6

D.

NSTISSP No. 7

Buy Now
Questions 13

Which of the following CNSS policies describes the national policy on securing voice communications

Options:

A.

NSTISSP No. 6

B.

NSTISSP No. 7

C.

NSTISSP No. 101

D.

NSTISSP No. 200

Buy Now
Questions 14

Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Chief Information Officer

B.

AO Designated Representative

C.

Senior Information Security Officer

D.

User Representative

E.

Authorizing Official

Buy Now
Questions 15

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.

Options:

A.

Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.

B.

Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.

C.

Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.

D.

Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Buy Now
Questions 16

Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package

Options:

A.

Initiation

B.

Security Certification

C.

Continuous Monitoring

D.

Security Accreditation

Buy Now
Questions 17

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting sensitive, unclassified information in the systems as stated in Section 2315 of Title 10, United States Code

Options:

A.

Type I cryptography

B.

Type II cryptography

C.

Type III (E) cryptography

D.

Type III cryptography

Buy Now
Questions 18

In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47, do the organizations build and execute a plan for establishing the interconnection, including executing or configuring appropriate security controls

Options:

A.

Establishing the interconnection

B.

Planning the interconnection

C.

Disconnecting the interconnection

D.

Maintaining the interconnection

Buy Now
Questions 19

Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information

Options:

A.

Federal Information Processing Standard (FIPS)

B.

Special Publication (SP)

C.

NISTIRs (Internal Reports)

D.

DIACAP by the United States Department of Defense (DoD)

Buy Now
Questions 20

An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Ascertaining the security posture of the organization's information system

B.

Reviewing security status reports and critical security documents

C.

Determining the requirement of reauthorization and reauthorizing information systems when required

D.

Establishing and implementing the organization's continuous monitoring program

Buy Now
Questions 21

Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should respond to the risk with the preplanned risk response

Options:

A.

Project sponsor

B.

Risk owner

C.

Diane

D.

Subject matter expert

Buy Now
Questions 22

Which of the following security controls is standardized by the Internet Engineering Task Force (IETF) as the primary network layer protection mechanism

Options:

A.

Internet Key Exchange (IKE) Protocol

B.

SMIME

C.

Internet Protocol Security (IPSec)

D.

Secure Socket Layer (SSL)

Buy Now
Questions 23

Which of the following is the application of statistical methods to the monitoring and control of a process to ensure that it operates at its full potential to produce conforming product

Options:

A.

Information Assurance (IA)

B.

Statistical process control (SPC)

C.

Information Protection Policy (IPP)

D.

Information management model (IMM)

Buy Now
Questions 24

Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process

Options:

A.

Authorizing Official

B.

Information system owner

C.

Chief Information Officer (CIO)

D.

Chief Risk Officer (CRO)

Buy Now
Questions 25

Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality

Options:

A.

Information Protection Policy (IPP)

B.

IMM

C.

System Security Context

D.

CONOPS

Buy Now
Questions 26

Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States

Options:

A.

Lanham Act

B.

FISMA

C.

Computer Fraud and Abuse Act

D.

Computer Misuse Act

Buy Now
Questions 27

Which of the following cooperative programs carried out by NIST encourages performance excellence among U.S. manufacturers, service companies, educational institutions, and healthcare providers

Options:

A.

Manufacturing Extension Partnership

B.

Baldrige National Quality Program

C.

Advanced Technology Program

D.

NIST Laboratories

Buy Now
Questions 28

You work as a security engineer for BlueWell Inc. According to you, which of the following statements determines the main focus of the ISSE process

Options:

A.

Design information systems that will meet the certification and accreditation documentation.

B.

Identify the information protection needs.

C.

Ensure information systems are designed and developed with functional relevance.

D.

Instruct systems engineers on availability, integrity, and confidentiality.

Buy Now
Questions 29

Which of the following individuals is responsible for the oversight of a program that is supported by a team of people that consists of, or be exclusively comprised of contractors

Options:

A.

Quality Assurance Manager

B.

Senior Analyst

C.

System Owner

D.

Federal program manager

Buy Now
Questions 30

Which of the following sections of the SEMP template defines the project constraints, to include constraints on funding, personnel, facilities, manufacturing capability and capacity, critical resources, and other constraints

Options:

A.

Section 3.1.5

B.

Section 3.1.8

C.

Section 3.1.9

D.

Section 3.1.7

Buy Now
Questions 31

Which of the following acts promote a risk-based policy for cost effective security Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Clinger-Cohen Act

B.

Lanham Act

C.

Paperwork Reduction Act (PRA)

D.

Computer Misuse Act

Buy Now
Exam Code: CISSP-ISSEP
Exam Name: ISSEP Information Systems Security Engineering Professional
Last Update: Dec 22, 2024
Questions: 213