New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > ISC > ISC certification > ISSEP

ISSEP ISSEP Information Systems Security Engineering Professional Question and Answers

Question # 4

Which of the following NIST documents describes that minimizing negative impact on an organization and a need for sound basis in decision making are the fundamental reasons organizations implement a risk management process for their IT systems

A.

NIST SP 800-37

B.

NIST SP 800-30

C.

NIST SP 800-53

D.

NIST SP 800-60

Full Access
Question # 5

Which of the following federal agencies coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produces foreign intelligence information

A.

National Institute of Standards and Technology (NIST)

B.

National Security AgencyCentral Security Service (NSACSS)

C.

Committee on National Security Systems (CNSS)

D.

United States Congress

Full Access
Question # 6

In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47 does the participating organizations perform the following tasks Perform preliminary activities. Examine all relevant technical, security and administrative issues. Form an agreement governing the management, operation, and use of the interconnection.

A.

Establishing the interconnection

B.

Disconnecting the interconnection

C.

Planning the interconnection

D.

Maintaining the interconnection

Full Access
Question # 7

You work as a security engineer for BlueWell Inc. According to you, which of the following DITSCAPNIACAP model phases occurs at the initiation of the project, or at the initial C&A effort of a legacy system

A.

Post Accreditation

B.

Definition

C.

Verification

D.

Validation

Full Access
Question # 8

Which of the following memorandums reminds the Federal agencies that it is required by law and policy to establish clear privacy policies for Web activities and to comply with those policies

A.

OMB M-01-08

B.

OMB M-03-19

C.

OMB M-00-07

D.

OMB M-00-13

Full Access
Question # 9

Which of the following cooperative programs carried out by NIST encourages performance excellence among U.S. manufacturers, service companies, educational institutions, and healthcare providers

A.

Manufacturing Extension Partnership

B.

Baldrige National Quality Program

C.

Advanced Technology Program

D.

NIST Laboratories

Full Access
Question # 10

Della works as a systems engineer for BlueWell Inc. She wants to convert system requirements into a comprehensive function standard, and break the higher-level functions into lower-level functions. Which of the following processes will Della use to accomplish the task

A.

Risk analysis

B.

Functional allocation

C.

Functional analysis

D.

Functional baseline

Full Access
Question # 11

Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media

A.

ATM

B.

RTM

C.

CRO

D.

DAA

Full Access
Question # 12

Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs

A.

User representative

B.

DAA

C.

Certification Agent

D.

IS program manager

Full Access
Question # 13

Which of the following elements of Registration task 4 defines the system's external interfaces as well as the purpose of each external interface, and the relationship between the interface and the system

A.

System firmware

B.

System software

C.

System interface

D.

System hardware

Full Access
Question # 14

What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

A.

Develop DIACAP strategy.

B.

Initiate IA implementation plan.

C.

Conduct validation activity.

D.

Assemble DIACAP team.

E.

Register system with DoD Component IA Program.

F.

Assign IA controls.

Full Access
Question # 15

Which of the following are the subtasks of the Define Life-Cycle Process Concepts task Each correct answer represents a complete solution. Choose all that apply.

A.

Training

B.

Personnel

C.

Control

D.

Manpower

Full Access
Question # 16

You work as a systems engineer for BlueWell Inc. You want to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. Which of the following processes will you use to accomplish the task

A.

Information Assurance (IA)

B.

Risk Management

C.

Risk Analysis

D.

Information Systems Security Engineering (ISSE)

Full Access
Question # 17

For interactive and self-paced preparation of exam ISSEP, try our practice exams.

Practice exams also include self assessment and reporting features!

Fill in the blank with an appropriate word. _______ has the goal to securely interconnect people and systems independent of time or location.

A.

Netcentric

Full Access
Question # 18

John works as a security engineer for BlueWell Inc. He wants to identify the different functions that the system will need to perform to meet the documented missionbusiness needs. Which of the following processes will John use to achieve the task

A.

Modes of operation

B.

Performance requirement

C.

Functional requirement

D.

Technical performance measures

Full Access
Question # 19

You work as a Network Administrator for PassGuide Inc. You need to secure web services of your company in order to have secure transactions. Which of the following will you recommend for providing security

A.

HTTP

B.

VPN

C.

SMIME

D.

SSL

Full Access
Question # 20

Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event

A.

Earned value management

B.

Risk audit

C.

Corrective action

D.

Technical performance measurement

Full Access
Question # 21

Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through the filter

A.

Stateless packet filter firewall

B.

PIX firewall

C.

Stateful packet filter firewall

D.

Virtual firewall

Full Access
Question # 22

The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer Each correct answer represents a complete solution. Choose all that apply.

A.

Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan

B.

Preserving high-level communications and working group relationships in an organization

C.

Establishing effective continuous monitoring program for the organization

D.

Facilitating the sharing of security risk-related information among authorizing officials

Full Access
Question # 23

Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document Each correct answer represents a complete solution. Choose all that apply.

A.

It identifies the information protection problems that needs to be solved.

B.

It allocates security mechanisms to system security design elements.

C.

It identifies custom security products.

D.

It identifies candidate commercial off-the-shelf (COTS)government off-the-shelf (GOTS) security products.

Full Access
Question # 24

DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires basic integrity and availability

A.

MAC I

B.

MAC II

C.

MAC IV

D.

MAC III

Full Access
Question # 25

Which of the following rated systems of the Orange book has mandatory protection of the TCB

A.

C-rated

B.

B-rated

C.

D-rated

D.

A-rated

Full Access
Question # 26

Which of the following DoD policies establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels

A.

DoD 8500.1 Information Assurance (IA)

B.

DoD 8500.2 Information Assurance Implementation

C.

DoDI 5200.40

D.

DoD 8510.1-M DITSCAP

Full Access
Question # 27

Which of the following principles are defined by the IATF model Each correct answer represents a complete solution. Choose all that apply.

A.

The degree to which the security of the system, as it is defined, designed, and implemented, meets the security needs.

B.

The problem space is defined by the customer's mission or business needs.

C.

The systems engineer and information systems security engineer define the solution space, which is driven by the problem space.

D.

Always keep the problem and solution spaces separate.

Full Access
Question # 28

Which of the following Net-Centric Data Strategy goals are required to increase enterprise and community data over private user and system data Each correct answer represents a complete solution. Choose all that apply.

A.

Understandability

B.

Visibility

C.

Interoperability

D.

Accessibility

Full Access
Question # 29

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy Each correct answer represents a part of the solution. Choose all that apply.

A.

What is being secured

B.

Who is expected to comply with the policy

C.

Where is the vulnerability, threat, or risk

D.

Who is expected to exploit the vulnerability

Full Access
Question # 30

Which of the following characteristics are described by the DIAP Information Readiness Assessment function Each correct answer represents a complete solution. Choose all that apply.

A.

It performs vulnerabilitythreat analysis assessment.

B.

It provides for entry and storage of individual system data.

C.

It provides data needed to accurately assess IA readiness.

D.

It identifies and generates IA requirements.

Full Access
Question # 31

Choose and reorder the tasks performed in Plan the effort process.

A.

Full Access
Question # 32

Fill in the blank with an appropriate phrase. A ____________________ is defined as any activity that has an effect on defining, designing, building, or executing a task, requirement, or procedure.

A.

technical effort

Full Access