Information Systems Security Engineering Professional v1.0 (CISSP-ISSEP)

Page:    1 / 15   
Total 220 questions

You work as a security engineer for BlueWell Inc. You are working on the ISSE model. In which of the following phases of the ISSE model is the system defined in terms of what security is needed

  • A. Define system security architecture
  • B. Develop detailed security design
  • C. Discover information protection needs
  • D. Define system security requirements


Answer : D

TQM recognizes that quality of all the processes within an organization contribute to the quality of the product. Which of the following are the most important activities in the Total Quality Management Each correct answer represents a complete solution. Choose all that apply.

  • A. Quality renewal
  • B. Maintenance of quality
  • C. Quality costs
  • D. Quality improvements


Answer : BDA

SIMULATION -
Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after the implementation of new or enhanced controls.



Answer : residual risk

Which of the following is designed to detect unwanted attempts at accessing, manipulating, and disabling of computer systems through the Internet

  • A. DAS
  • B. IDS
  • C. ACL
  • D. Ipsec


Answer : B

Which of the following security controls is standardized by the Internet Engineering Task Force (IETF) as the primary network layer protection mechanism

  • A. Internet Key Exchange (IKE) Protocol
  • B. SMIME
  • C. Internet Protocol Security (IPSec)
  • D. Secure Socket Layer (SSL)


Answer : C

Which of the following DoD policies provides assistance on how to implement policy, assign responsibilities, and prescribe procedures for applying integrated, layered protection of the DoD information systems and networks

  • A. DoD 8500.1 Information Assurance (IA)
  • B. DoDI 5200.40
  • C. DoD 8510.1-M DITSCAP
  • D. DoD 8500.2 Information Assurance Implementation


Answer : D

Which of the following is a document, usually in the form of a table, that correlates any two baseline documents that require a many-to-many relationship to determine the completeness of the relationship

  • A. FIPS 200
  • B. NIST SP 800-50
  • C. Traceability matrix
  • D. FIPS 199


Answer : C

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE Each correct answer represents a complete solution. Choose all that apply.

  • A. An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
  • B. An ISSE provides advice on the impacts of system changes.
  • C. An ISSE provides advice on the continuous monitoring of the information system.
  • D. An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
  • E. An ISSO takes part in the development activities that are required to implement system changes.


Answer : DBC

SIMULATION -
For interactive and self-paced preparation of exam ISSEP, try our practice exams.
Practice exams also include self assessment and reporting features!
Fill in the blank with an appropriate word. _______ has the goal to securely interconnect people and systems independent of time or location.



Answer : Netcentric

Which of the following configuration management system processes keeps track of the changes so that the latest acceptable configuration specifications are readily available

  • A. Configuration Identification
  • B. Configuration Verification and Audit
  • C. Configuration Status and Accounting
  • D. Configuration Control


Answer : C

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems

  • A. SSAA
  • B. FITSAF
  • C. FIPS
  • D. TCSEC


Answer : A

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using

  • A. Risk acceptance
  • B. Risk mitigation
  • C. Risk avoidance
  • D. Risk transfer


Answer : D

Which of the following responsibilities are executed by the federal program manager

  • A. Ensure justification of expenditures and investment in systems engineering activities.
  • B. Coordinate activities to obtain funding.
  • C. Review project deliverables.
  • D. Review and approve project plans.


Answer : ABD

Which of the following approaches can be used to build a security program Each correct answer represents a complete solution. Choose all that apply.

  • A. Right-Up Approach
  • B. Left-Up Approach
  • C. Bottom-Up Approach
  • D. Top-Down Approach


Answer : DC

SIMULATION -
Fill in the blank with the appropriate phrase. __________ provides instructions and directions for completing the Systems Security Authorization Agreement
(SSAA).



Answer : DoDI 5200.40

Page:    1 / 15   
Total 220 questions