ISSEP ISSEP Information Systems Security Engineering Professional Questions and Answers

Choose and reorder the steps to built the system security architectures in accordance with the DoDAF.

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the international information security standards Each correct answer represents a complete solution. Choose all that apply.

Which of the following elements of Registration task 4 defines the operating system, database management system, and software applications, and how they will be used

Which of the following is the acronym of RTM

Which of the following terms describes the measures that protect and support information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system

Which of the following is NOT used in the practice of Information Assurance (IA) to define assurance requirements

Which of the following tasks prepares the technical management plan in planning the technical effort

Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions

Which of the following memorandums reminds the Federal agencies that it is required by law and policy to establish clear privacy policies for Web activities and to comply with those policies

The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on behalf of the performing organization. Which one of the following is NOT an example of the transference risk response

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.

What NIACAP certification levels are recommended by the certifier Each correct answer represents a complete solution. Choose all that apply.

Choose and reorder the steps involved in the trade-off analysis.

Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators

What are the responsibilities of a system owner Each correct answer represents a complete solution. Choose all that apply.

Which of the following processes provides guidance to the system designers and form the basis of major events in the acquisition phases, such as testing the products for system integration

Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment

Which of the following Registration Tasks sets up the system architecture description, and describes the C&A boundary

Which of the following is a document, usually in the form of a table, that correlates any two baseline documents that require a many-to-many relationship to determine the completeness of the relationship

Which of the following tasks describes the processes required to ensure that the project includes all the work required, and only the work required, to complete the project successfully

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment Each correct answer represents a part of the solution. Choose all that apply.

Fill in the blank with the appropriate phrase. __________ provides instructions and directions for completing the Systems Security Authorization Agreement (SSAA).

Which of the following DITSCAPNIACAP model phases is used to confirm that the evolving system development and integration complies with the agreements between role players documented in the first phase

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed

Which of the following tasks obtains the customer agreement in planning the technical effort

You work as an ISSE for BlueWell Inc. You want to break down user roles, processes, and information until ambiguity is reduced to a satisfactory degree. Which of the following tools will help you to perform the above task

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan Each correct answer represents a part of the solution. Choose all that apply.

Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation