CISSP-ISSEP ISSEP Information Systems Security Engineering Professional Questions and Answers

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production Each correct answer represents a part of the solution. Choose all that apply.

Which of the following refers to a process that is used for implementing information security

Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system

You work as a security engineer for BlueWell Inc. According to you, which of the following statements determines the main focus of the ISSE process

Which of the following federal laws establishes roles and responsibilities for information security, risk management, testing, and training, and authorizes NIST and NSA to provide guidance for security planning and implementation

Which of the following phases of the ISSE model is used to determine why the system needs to be built and what information needs to be protected

Which of the following documents is described in the statement below It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning.

In which of the following DIACAP phases is residual risk analyzed

Which of the following Registration Tasks sets up the system architecture description, and describes the C&A boundary

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives

The principle of the SEMP is not to repeat the information, but rather to ensure that there are processes in place to conduct those functions. Which of the following sections of the SEMP template describes the work authorization procedures as well as change management approval processes

Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should respond to the risk with the preplanned risk response

Which of the following acts promote a risk-based policy for cost effective security Each correct answer represents a part of the solution. Choose all that apply.

Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation

Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment

Which of the following agencies is responsible for funding the development of many technologies such as computer networking, as well as NLS

The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer Each correct answer represents a complete solution. Choose all that apply.

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed

Which of the following tasks prepares the technical management plan in planning the technical effort

Which of the following are the major tasks of risk management Each correct answer represents a complete solution. Choose two.

Which of the following DoD policies establishes policies and assigns responsibilities to achieve DoD IA through a defense-in-depth approach that integrates the capabilities of personnel, operations, and technology, and supports the evolution to network-centric warfare

Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system

You work as a systems engineer for BlueWell Inc. You are working on translating system requirements into detailed function criteria. Which of the following diagrams will help you to show all of the function requirements and their groupings in one diagram

Which of the following agencies provides command and control capabilities and enterprise infrastructure to continuously operate and assure a global net-centric enterprise in direct support to joint warfighters, National level leaders, and other mission and coalition partners across the full spectrum of operations

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation Each correct answer represents a complete solution. Choose all that apply.

Which of the following tasks describes the processes required to ensure that the project includes all the work required, and only the work required, to complete the project successfully

Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques and measures selected or developed