ISSEP by ISC Actual Free Exam Questions And Answers

Question 1

Which of the following NIST Special Publication documents provides a guideline on network security testing

A. NIST SP 800-59

B. NIST SP 800-53

C. NIST SP 800-60

D. NIST SP 800-42

E. NIST SP 800-53A

F. NIST SP 800-37

Discussion 0

Correct Answer: D Vote an answer

Question 2

Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology systems and architectures and of the decision criteria which is used to evaluate security for information systems investments

A. OMB M-03-19

B. OMB M-00-13

C. OMB M-00-07

D. OMB M-99-18

Discussion 0

Correct Answer: C Vote an answer

Question 3

Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs

A. User representative

B. Certification Agent

C. DAA

D. IS program manager

Discussion 0

Correct Answer: D Vote an answer

Question 4

Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy

A. Application program interface (API)

B. Trusted computing base (TCB)

C. Internet Protocol Security (IPSec)

D. Common data security architecture (CDSA)

Discussion 0

Correct Answer: B Vote an answer

Question 5

You work as a security engineer for BlueWell Inc. You are working on the ISSE model. In which of the following phases of the ISSE model is the system defined in terms of what security is needed

A. Define system security architecture

B. Discover information protection needs

C. Develop detailed security design

D. Define system security requirements

Discussion 0

Correct Answer: D Vote an answer

Question 6

Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response. Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created

A. The level of detail must define exactly the risk response for each identified risk.

B. The level of detail should correspond with the priority ranking.

C. The level of detail is set of project risk governance.

D. The level of detail is set by historical information.

Discussion 0

Correct Answer: B Vote an answer

Question 7

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.

A. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.

B. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.

C. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.

D. Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Discussion 0

Correct Answer: A,B Vote an answer

Question 8

Which of the following cooperative programs carried out by NIST speed ups the development of modern technologies for broad, national benefit by co-funding research and development partnerships with the private sector

A. Advanced Technology Program

B. NIST Laboratories

C. Manufacturing Extension Partnership

D. Baldrige National Quality Program

Discussion 0

Correct Answer: A Vote an answer

Question 9

The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on behalf of the performing organization. Which one of the following is NOT an example of the transference risk response

A. Life cycle costing

B. Performance bonds

C. Warranties

D. Use of insurance

Discussion 0

Correct Answer: A Vote an answer

Question 10

Della works as a systems engineer for BlueWell Inc. She wants to convert system requirements into a comprehensive function standard, and break the higher-level functions into lower-level functions. Which of the following processes will Della use to accomplish the task

A. Functional baseline

B. Risk analysis

C. Functional allocation

D. Functional analysis

Discussion 0

Correct Answer: D Vote an answer

ISC Information Systems Security Engineering Professional Practice Test - ISSEP Exam Practice Test

Contact Us

Useful Links

Latest Updated