New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

ISSEP ISSEP Information Systems Security Engineering Professional Questions and Answers

Questions 4

Della works as a systems engineer for BlueWell Inc. She wants to convert system requirements into a comprehensive function standard, and break the higher-level functions into lower-level functions. Which of the following processes will Della use to accomplish the task

Options:

A.

Risk analysis

B.

Functional allocation

C.

Functional analysis

D.

Functional baseline

Buy Now
Questions 5

Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls

Options:

A.

Certification and accreditation (C&A)

B.

Risk Management

C.

Information systems security engineering (ISSE)

D.

Information Assurance (IA)

Buy Now
Questions 6

You work as a security engineer for BlueWell Inc. According to you, which of the following statements determines the main focus of the ISSE process

Options:

A.

Design information systems that will meet the certification and accreditation documentation.

B.

Identify the information protection needs.

C.

Ensure information systems are designed and developed with functional relevance.

D.

Instruct systems engineers on availability, integrity, and confidentiality.

Buy Now
Questions 7

Which of the following configuration management system processes keeps track of the changes so that the latest acceptable configuration specifications are readily available

Options:

A.

Configuration Identification

B.

Configuration Verification and Audit

C.

Configuration Status and Accounting

D.

Configuration Control

Buy Now
Questions 8

Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation

Options:

A.

Chief Information Officer

B.

Chief Information Security Officer

C.

Chief Risk Officer

D.

Information System Owner

Buy Now
Questions 9

According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

DC Security Design & Configuration

B.

EC Enclave and Computing Environment

C.

VI Vulnerability and Incident Management

D.

Information systems acquisition, development, and maintenance

Buy Now
Questions 10

Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media

Options:

A.

ATM

B.

RTM

C.

CRO

D.

DAA

Buy Now
Questions 11

Which of the following security controls will you use for the deployment phase of the SDLC to build secure software Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Risk Adjustments

B.

Security Certification and Accreditation (C&A)

C.

Vulnerability Assessment and Penetration Testing

D.

Change and Configuration Control

Buy Now
Questions 12

You work as a system engineer for BlueWell Inc. Which of the following documents will help you to describe the detailed plans, procedures, and schedules to guide the transition process

Options:

A.

Configuration management plan

B.

Transition plan

C.

Systems engineering management plan (SEMP)

D.

Acquisition plan

Buy Now
Questions 13

Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques and measures selected or developed

Options:

A.

Security Control Assessment Task 3

B.

Security Control Assessment Task 1

C.

Security Control Assessment Task 4

D.

Security Control Assessment Task 2

Buy Now
Questions 14

Which of the following memorandums reminds the Federal agencies that it is required by law and policy to establish clear privacy policies for Web activities and to comply with those policies

Options:

A.

OMB M-01-08

B.

OMB M-03-19

C.

OMB M-00-07

D.

OMB M-00-13

Buy Now
Questions 15

Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems

Options:

A.

Computer Fraud and Abuse Act

B.

Computer Security Act

C.

Gramm-Leach-Bliley Act

D.

Digital Millennium Copyright Act

Buy Now
Questions 16

Which of the following NIST Special Publication documents provides a guideline on network security testing

Options:

A.

NIST SP 800-60

B.

NIST SP 800-37

C.

NIST SP 800-59

D.

NIST SP 800-42

E.

NIST SP 800-53A

F.

NIST SP 800-53

Buy Now
Questions 17

What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Develop DIACAP strategy.

B.

Initiate IA implementation plan.

C.

Conduct validation activity.

D.

Assemble DIACAP team.

E.

Register system with DoD Component IA Program.

F.

Assign IA controls.

Buy Now
Questions 18

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Regulatory

B.

Advisory

C.

Systematic

D.

Informative

Buy Now
Questions 19

Which of the following are the major tasks of risk management Each correct answer represents a complete solution. Choose two.

Options:

A.

Risk identification

B.

Building Risk free systems

C.

Assuring the integrity of organizational data

D.

Risk control

Buy Now
Questions 20

Which of the following refers to a process that is used for implementing information security

Options:

A.

Classic information security model

B.

Certification and Accreditation (C&A)

C.

Information Assurance (IA)

D.

Five Pillars model

Buy Now
Questions 21

Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package

Options:

A.

Initiation

B.

Security Certification

C.

Continuous Monitoring

D.

Security Accreditation

Buy Now
Questions 22

John works as a security engineer for BlueWell Inc. He wants to identify the different functions that the system will need to perform to meet the documented missionbusiness needs. Which of the following processes will John use to achieve the task

Options:

A.

Modes of operation

B.

Performance requirement

C.

Functional requirement

D.

Technical performance measures

Buy Now
Questions 23

Which of the following protocols is used to establish a secure terminal to a remote network device

Options:

A.

WEP

B.

SMTP

C.

SSH

D.

IPSec

Buy Now
Questions 24

Which of the following is a subset discipline of Corporate Governance focused on information security systems and their performance and risk management

Options:

A.

Computer Misuse Act

B.

Clinger-Cohen Act

C.

ISG

D.

Lanham Act

Buy Now
Questions 25

Choose and reorder the steps to built the system security architectures in accordance with the DoDAF.

Options:

A.

Buy Now
Questions 26

Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information

Options:

A.

NSTISSP No. 11

B.

NSTISSP No. 101

C.

NSTISSP No. 7

D.

NSTISSP No. 6

Buy Now
Questions 27

Drag and drop the correct DoD Policy Series at their appropriate places.

Options:

A.

Buy Now
Questions 28

Which of the following CNSS policies describes the national policy on use of cryptomaterial by activities operating in high risk environments

Options:

A.

CNSSP No. 14

B.

NCSC No. 5

C.

NSTISSP No. 6

D.

NSTISSP No. 7

Buy Now
Questions 29

Which of the following certification levels requires the completion of the minimum security checklist and more in-depth, independent analysis

Options:

A.

CL 3

B.

CL 4

C.

CL 2

D.

CL 1

Buy Now
Questions 30

Fill in the blank with an appropriate phrase. A ____________________ is defined as any activity that has an effect on defining, designing, building, or executing a task, requirement, or procedure.

Options:

A.

technical effort

Buy Now
Questions 31

There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event

Options:

A.

Acceptance

B.

Enhance

C.

Share

D.

Exploit

Buy Now
Questions 32

Which of the following is NOT an objective of the security program

Options:

A.

Security education

B.

Information classification

C.

Security organization

D.

Security plan

Buy Now
Exam Code: ISSEP
Exam Name: ISSEP Information Systems Security Engineering Professional
Last Update: Dec 26, 2024
Questions: 221
ISSEP pdf

ISSEP PDF

$25.5  $84.99
ISSEP Engine

ISSEP Testing Engine

$30  $99.99
ISSEP PDF + Engine

ISSEP PDF + Testing Engine

$40.5  $134.99