Download ISC2 CISSP-ISSEP Actual Test Online

NEW QUESTION 1
Which of the following DoD policies provides assistance on how to implement policy,
assign responsibilities, and prescribe procedures for applying integrated, layered protection of the DoD information systems and networks

• A. DoD 8500.1 Information Assurance (IA)
• B. DoDI 5200.40
• C. DoD 8510.1-M DITSCAP
• D. DoD 8500.2 Information Assurance Implementation

Answer: D

NEW QUESTION 2
Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats

• A. System Security Context
• B. Information Protection Policy (IPP)
• C. CONOPS
• D. IMM

Answer: B

NEW QUESTION 3
Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems

• A. National Security AgencyCentral Security Service (NSACSS)
• B. National Institute of Standards and Technology (NIST)
• C. United States Congress
• D. Committee on National Security Systems (CNSS)

Answer: D

NEW QUESTION 4
Which of the following sections of the SEMP template defines the project constraints, to include constraints on funding, personnel, facilities, manufacturing capability and capacity, critical resources, and other constraints

• A. Section 3.1.5
• B. Section 3.1.8
• C. Section 3.1.9
• D. Section 3.1.7

Answer: B

NEW QUESTION 5
Which of the following individuals is responsible for the oversight of a program that is supported by a team of people that consists of, or be exclusively comprised of contractors

• A. Quality Assurance Manager
• B. Senior Analyst
• C. System Owner
• D. Federal program manager

Answer: D

NEW QUESTION 6
Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system

• A. Data security requirement
• B. Network connection rule
• C. Applicable instruction or directive
• D. Security concept of operation

Answer: A

NEW QUESTION 7
The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on behalf of the performing organization. Which one of the following is NOT an example of the transference risk response

• A. Warranties
• B. Performance bonds
• C. Use of insurance
• D. Life cycle costing

Answer: D

NEW QUESTION 8
The Concept of Operations (CONOPS) is a document describing the characteristics of a proposed system from the viewpoint of an individual who will use that system. Which of the following points are included in CONOPS Each correct answer represents a complete solution. Choose all that apply.

• A. Strategies, tactics, policies, and constraints affecting the system
• B. Organizations, activities, and interactions among participants and stakeholders
• C. Statement of the structure of the system
• D. Clear statement of responsibilities and authorities delegated
• E. Statement of the goals and objectives of the system

Answer: ABDE

NEW QUESTION 9
Which of the following is designed to detect unwanted attempts at accessing, manipulating, and disabling of computer systems through the Internet

• A. DAS
• B. IDS
• C. ACL
• D. Ipsec

Answer: B

NEW QUESTION 10
Which of the following is a 1996 United States federal law, designed to improve the way the federal government acquires, uses, and disposes information technology

• A. Lanham Act
• B. Clinger-Cohen Act
• C. Computer Misuse Act
• D. Paperwork Reduction Act

Answer: B

NEW QUESTION 11
Which of the following characteristics are described by the DIAP Information Readiness Assessment function Each correct answer represents a complete solution. Choose all that apply.

• A. It performs vulnerabilitythreat analysis assessment.
• B. It provides for entry and storage of individual system data.
• C. It provides data needed to accurately assess IA readiness.
• D. It identifies and generates IA requirements.

Answer: ACD

NEW QUESTION 12
Which of the following DoD policies establishes policies and assigns responsibilities to achieve DoD IA through a defense-in-depth approach that integrates the capabilities of personnel, operations, and technology, and supports the evolution to network-centric warfare

• A. DoD 8500.2 Information Assurance Implementation
• B. DoD 8510.1-M DITSCAP
• C. DoDI 5200.40
• D. DoD 8500.1 Information Assurance (IA)

Answer: D

NEW QUESTION 13
Which of the following are the benefits of SE as stated by MIL-STD-499B Each correct answer represents a complete solution. Choose all that apply.

• A. It develops work breakdown structures and statements of work.
• B. It establishes and maintains configuration management of the system.
• C. It develops needed user training equipment, procedures, and data.
• D. It provides high-quality products and services, with the correct people and performance features, at an affordable price, and on time.

Answer: ABC

NEW QUESTION 14
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3 Each correct answer represents a complete solution. Choose all that apply.

• A. Agree on a strategy to mitigate risks.
• B. Evaluate mitigation progress and plan next assessment.
• C. Identify threats, vulnerabilities, and controls that will be evaluated.
• D. Document and implement a mitigation plan.

Answer: ABD

NEW QUESTION 15
You work as a security engineer for BlueWell Inc. You are working on the ISSE model. In
which of the following phases of the ISSE model is the system defined in terms of what security is needed

• A. Define system security architecture
• B. Develop detailed security design
• C. Discover information protection needs
• D. Define system security requirements

Answer: D

NEW QUESTION 16
Fill in the blank with an appropriate phrase. A is defined as any activity that has an effect on defining, designing, building, or executing a task, requirement, or procedure.

• A. technical effort

Answer: A

NEW QUESTION 17
What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

• A. Conduct activities related to the disposition of the system data and objects.
• B. Combine validation results in DIACAP scorecard.
• C. Conduct validation activities.
• D. Execute and update IA implementation plan.

Answer: BCD

NEW QUESTION 18
You work as a security manager for BlueWell Inc. You are going through the NIST SP 800- 37 C&A methodology, which is based on four well defined phases. In which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occur

• A. Continuous Monitoring
• B. Initiation
• C. Security Certification
• D. Security Accreditation

Answer: B

NEW QUESTION 19
You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of the following tests will help you to perform the above task

• A. Functional test
• B. Reliability test
• C. Performance test
• D. Regression test

Answer: A

NEW QUESTION 20
Which of the following firewall types operates at the Network layer of the OSI model and can filter data by port, interface address, source address, and destination address

• A. Circuit-level gateway
• B. Application gateway
• C. Proxy server
• D. Packet Filtering

Answer: D

NEW QUESTION 21
Which of the following are the major tasks of risk management Each correct answer represents a complete solution. Choose two.

• A. Risk identification
• B. Building Risk free systems
• C. Assuring the integrity of organizational data
• D. Risk control

Answer: AD

NEW QUESTION 22
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires basic integrity and availability

• A. MAC I
• B. MAC II
• C. MAC IV
• D. MAC III

Answer: D

NEW QUESTION 23
Certification and Accreditation (C&A or CnA) is a process for implementing information
security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.

• A. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• B. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
• C. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• D. Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Answer: BC

NEW QUESTION 24
Which of the following agencies is responsible for funding the development of many technologies such as computer networking, as well as NLS

• A. DARPA
• B. DTIC
• C. DISA
• D. DIAP

Answer: A

NEW QUESTION 25
Which of the following responsibilities are executed by the federal program manager

• A. Ensure justification of expenditures and investment in systems engineering activities.
• B. Coordinate activities to obtain funding.
• C. Review project deliverables.
• D. Review and approve project plans.

Answer: ABD

NEW QUESTION 26
You work as a system engineer for BlueWell Inc. Which of the following documents will help you to describe the detailed plans, procedures, and schedules to guide the transition process

• A. Configuration management plan
• B. Transition plan
• C. Systems engineering management plan (SEMP)
• D. Acquisition plan

Answer: B

NEW QUESTION 27
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event

• A. Earned value management
• B. Risk audit
• C. Corrective action
• D. Technical performance measurement

Answer: C

NEW QUESTION 28
Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply.

• A. Chief Information Officer
• B. AO Designated Representative
• C. Senior Information Security Officer
• D. User Representative
• E. Authorizing Official

Answer: ABCE

NEW QUESTION 29
Continuous Monitoring is the fourth phase of the security certification and accreditation process. What activities are performed in the Continuous Monitoring process Each correct answer represents a complete solution. Choose all that apply.

• A. Status reporting and documentation
• B. Security control monitoring and impact analyses of changes to the information system
• C. Configuration management and control
• D. Security accreditation documentation
• E. Security accreditation decision

Answer: ABC

NEW QUESTION 30
Which of the following individuals is responsible for monitoring the information system
environment for factors that can negatively impact the security of the system and its accreditation

• A. Chief Information Officer
• B. Chief Information Security Officer
• C. Chief Risk Officer
• D. Information System Owner

Answer: D

NEW QUESTION 31
......