CISSP-ISSEP Practice Questions
221 real CISSP-ISSEP exam questions with expert-verified answers and explanations. Page 1 of 5.
- Question #1Risk Management
Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information...
Security Control AssessmentAssessment PreparationNIST RMFDocumentation Gathering - Question #2Security Operations
Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process?
Security RolesCommon Control ProviderConfiguration ManagementMonitoring - Question #3Risk Management
Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls?
Certification and Accreditation (C&A)System AuthorizationRisk AcceptanceSecurity Controls - Question #4Risk Management
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing s...
Certification and AccreditationAccreditationCertificationRisk Management Framework - Question #5Security Planning and Design
Which of the following protocols is built in the Web server and browser to encrypt data traveling over the Internet?
Network SecurityWeb SecurityEncryptionSSL/TLS - Question #6Governance and Training
Which of the following configuration management system processes defines which items will be configuration managed, how they are to be identified, and how they are to be documented...
Configuration ManagementConfiguration IdentificationSecurity BaselinesIT Governance - Question #7Security Planning and Design
What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process? Each correct answer represents a complete solution. Choose all that apply.
DIACAPCertification and Accreditation (C&A)Information Assurance (IA)System Lifecycle - Question #8Risk Management
You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation of Federal Information S...
NIST SP 800-37Risk Management Framework (RMF)Certification & Accreditation (C&A)Federal Information Security - Question #9Risk Management
Which of the following documents is described in the statement below It is developed along with all processes of the risk management. It contains the results of the qualitative ris...
Risk RegisterRisk AnalysisRisk Response PlanningRisk Management Process - Question #10Risk Management
Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should...
Risk management rolesRisk ownerRisk response executionProject risk management - Question #11Risk Management
Which of the following refers to a process that is used for implementing information security?
Certification and AccreditationSecurity AuthorizationSecurity Implementation Process - Question #12Security Planning and Design
In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47, do the organizations build and execute a plan for establishing the interconnection,...
NIST SP 800-47Interconnection Life CycleSecurity Controls ImplementationEstablishing Interconnection - Question #13Governance and Training
Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior adm...
Quality ManagementISO 9001Executive LeadershipBusiness Process Integration - Question #14Security Planning and Design
Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats?
Information Protection PolicySecurity PolicyThreat ManagementSecurity Controls - Question #15Security Planning and Design
Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document? Each correct answer repres...
ISSEP RoleDetailed Security DesignSecurity MechanismsCOTS/GOTS Security - Question #16Supply Chain Security
Which of the following individuals is responsible for the oversight of a program that is supported by a team of people that consists of, or be exclusively comprised of contractors?
Program ManagementContractor ManagementSupply Chain SecurityRoles and Responsibilities - Question #17Systems Development and Acquisition
Which of the following agencies serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related info...
Government AgenciesDoD AgenciesResearch & DevelopmentTechnical Information - Question #18Systems Development and Acquisition
You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of th...
Software testingFunctional testingRequirements verificationQuality assurance - Question #19Systems Development and Acquisition
You work as a system engineer for BlueWell Inc. Which of the following documents will help you to describe the detailed plans, procedures, and schedules to guide the transition pro...
Transition planningSystem engineering documentsProject managementDeployment planning - Question #20Governance and Training
Which of the following policies describes the national policy on the secure electronic messaging service?
National PolicySecure MessagingNSTISSPInformation Security Policy - Question #21Security Operations
The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it
DDoSDenial of ServiceAttack CharacteristicsNetwork Security - Question #22Security Planning and Design
During a fingerprint verification process, which of the following is used to verify identity and authentication?
BiometricsFingerprint recognitionAuthenticationMinutiae - Question #23Security Planning and Design
Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)?
Role Based Access Control (RBAC)Separation of Duties (SoD)Privilege AggregationAccess Control - Question #24Governance and Training
Which of the following is required to determine classification and ownership?
Data ClassificationData OwnershipAsset IdentificationInformation Governance - Question #25Security Planning and Design
Which of the following describes the BEST configuration management practice?
Configuration ManagementSecurity BaselinesSystem HardeningSecurity Engineering - Question #26Risk Management
What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process? Each correct answer represents a complete solution. Choose all that ap...
DIACAPIA ControlsValidationCertification & Accreditation - Question #27Governance and Training
Which of the following memorandums reminds the Federal agencies that it is required by law and policy to establish clear privacy policies for Web activities and to comply with thos...
OMB MemorandumsPrivacy PoliciesFederal AgenciesWeb Activity Compliance - Question #28Risk Management
Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to r...
Risk ManagementRisk RegisterRisk Response PlanningRisk Prioritization - Question #29Risk Management
You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A methodology, which is based on four well defined phases. In which of the following pha...
NIST SP 800-37RMFSecurity CategorizationInitiation Phase - Question #30Systems Development and Acquisition
You work as a systems engineer for BlueWell Inc. You are working on translating system requirements into detailed function criteria. Which of the following diagrams will help you t...
Systems EngineeringRequirements AnalysisFunctional DecompositionDiagramming - Question #31Governance and Training
Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for add...
DITSCAPCertification & AccreditationPost-AccreditationSystem Life Cycle - Question #32Risk Management
Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques a...
Security Control AssessmentNIST RMFNIST SP 800-53AControl Evaluation - Question #33Systems Development and Acquisition
The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process...
DITSCAPCertification and AccreditationSecurity verificationSystem lifecycle security - Question #34Security Planning and Design
You work as a Network Administrator for PassGuide Inc. You need to secure web services of your company in order to have secure transactions. Which of the following will you recomme...
Web SecuritySSL/TLSNetwork ProtocolsSecure Transactions - Question #35Governance and Training
Which of the following processes illustrate the study of a technical nature of interest to focused audience, and consist of interim or final reports on work made by NIST for extern...
NISTNISTIRsNIST PublicationsInformation Security Reports - Question #36Governance and Training
Fill in the blank with an appropriate phrase. __________ seeks to improve the quality of process outputs by identifying and removing the causes of defects and variability in manufa...
Six SigmaQuality ManagementProcess ImprovementDefect Reduction - Question #37Security Planning and Design
You work as a security engineer for BlueWell Inc. You are working on the ISSE model. In which of the following phases of the ISSE model is the system defined in terms of what secur...
ISSE ModelSecurity RequirementsSecurity PlanningSDLC - Question #38Governance and Training
TQM recognizes that quality of all the processes within an organization contribute to the quality of the product. Which of the following are the most important activities in the To...
Total Quality ManagementQuality ManagementContinuous Improvement - Question #39Risk Management
Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after the implementation of new or enhanced controls.
Residual riskRisk managementSecurity controlsRisk mitigation - Question #40Security Operations
Which of the following is designed to detect unwanted attempts at accessing, manipulating, and disabling of computer systems through the Internet?
Intrusion Detection SystemThreat DetectionNetwork SecuritySecurity Controls - Question #41Security Planning and Design
Which of the following security controls is standardized by the Internet Engineering Task Force (IETF) as the primary network layer protection mechanism?
IPSecNetwork SecurityIETF StandardsOSI Model - Question #42Governance and Training
Which of the following DoD policies provides assistance on how to implement policy, assign responsibilities, and prescribe procedures for applying integrated, layered protection of...
DoD PoliciesInformation AssurancePolicy ImplementationLayered Security - Question #43Security Planning and Design
Which of the following is a document, usually in the form of a table, that correlates any two baseline documents that require a many-to-many relationship to determine the completen...
Traceability matrixRequirements managementSecurity documentationDesign verification - Question #44Risk Management
The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statem...
ISSO responsibilitiesISSE responsibilitiesSystem AuthorizationSecurity lifecycle management - Question #45Security Planning and Design
For interactive and self-paced preparation of exam ISSEP, try our practice exams. Practice exams also include self assessment and reporting features! Fill in the blank with an appr...
NetcentricitySecure interconnectionDistributed systemsSystem architecture - Question #46Systems Development and Acquisition
Which of the following configuration management system processes keeps track of the changes so that the latest acceptable configuration specifications are readily available?
Configuration ManagementConfiguration Status AccountingChange TrackingSystem Lifecycle - Question #47Risk Management
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
DoD SecurityAccreditationSSAAInformation Security Documents - Question #48Risk Management
Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacki...
Risk transferRisk management techniquesCyber liability insuranceInformation security risk - Question #49Governance and Training
Which of the following responsibilities are executed by the federal program manager?
Program managementFederal program responsibilitiesFinancial oversightStrategic planning - Question #50Governance and Training
Which of the following approaches can be used to build a security program? Each correct answer represents a complete solution. Choose all that apply.
Security Program ManagementSecurity StrategyTop-Down ApproachBottom-Up Approach