CISSP-ISSEP Exam Questions
220 real CISSP-ISSEP exam questions with expert-verified answers and explanations. Page 1 of 5.
- Question #1Risk Management
Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information...
Security control assessmentAssessment planningDocumentationNIST frameworks - Question #2Security Operations
Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process?
Configuration ManagementNIST RMF RolesCommon ControlsSecurity Operations - Question #3Risk Management
Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls?
Certification and AccreditationSystem ApprovalSecurity ControlsRisk Acceptance - Question #4Risk Management
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing s...
Certification and Accreditation (C&A)AccreditationCertificationRisk Management Framework (RMF) - Question #5Security Planning and Design
Which of the following protocols is built in the Web server and browser to encrypt data traveling over the Internet?
Web securityNetwork protocolsEncryptionSSL/TLS - Question #6Systems Development and Acquisition
Which of the following configuration management system processes defines which items will be configuration managed, how they are to be identified, and how they are to be documented...
Configuration ManagementConfiguration IdentificationSystem Security EngineeringSecurity Baselines - Question #7Risk Management
What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process? Each correct answer represents a complete solution. Choose all that apply.
DIACAPCertification and AccreditationInformation AssuranceProcess Planning - Question #8Risk Management
You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation of Federal Information S...
NIST PublicationsRisk Management Framework (RMF)Certification & Accreditation (C&A)Federal Information Security - Question #9Risk Management
Which of the following documents is described in the statement below It is developed along with all processes of the risk management. It contains the results of the qualitative ris...
Risk RegisterRisk Management ProcessQualitative Risk AnalysisQuantitative Risk Analysis - Question #10Risk Management
Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should...
Risk ManagementRisk ResponseRisk OwnershipProject Roles - Question #11Governance and Training
Which of the following refers to a process that is used for implementing information security?
Certification and Accreditation (C&A)Information Security GovernanceSystem Authorization - Question #12Systems Development and Acquisition
In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47, do the organizations build and execute a plan for establishing the interconnection,...
NIST SP 800-47Interconnection life cycleSecurity controls implementationNetwork security - Question #13Governance and Training
Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior adm...
Quality ManagementISO 9001Executive LeadershipBusiness Integration - Question #14Governance and Training
Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats?
Information Protection PolicySecurity DocumentationThreatsSecurity Controls - Question #15Security Planning and Design
Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document? Each correct answer repres...
Security DesignISSEP RoleSecurity EngineeringCOTS/GOTS - Question #16Governance and Training
Which of the following individuals is responsible for the oversight of a program that is supported by a team of people that consists of, or be exclusively comprised of contractors?
Program ManagementRoles and ResponsibilitiesContractor ManagementOversight - Question #17Systems Development and Acquisition
Which of the following agencies serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related info...
Government AgenciesDoDResearch & DevelopmentTechnology Innovation - Question #18Systems Development and Acquisition
You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of th...
Functional testingSoftware testingRequirements verificationSystem development life cycle - Question #19Systems Development and Acquisition
You work as a system engineer for BlueWell Inc. Which of the following documents will help you to describe the detailed plans, procedures, and schedules to guide the transition pro...
Transition planningSystems engineering documentationProject managementSystem lifecycle - Question #20Governance and Training
Which of the following policies describes the national policy on the secure electronic messaging service?
NSTISSPElectronic Messaging SecurityNational Policy - Question #21Security Operations
The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it
DDoS attacksNetwork securityThreat detectionAttack characteristics - Question #22Security Planning and Design
During a fingerprint verification process, which of the following is used to verify identity and authentication?
BiometricsFingerprint authenticationMinutiaeAuthentication mechanisms - Question #23Security Planning and Design
Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)?
Role-Based Access Control (RBAC)Separation of Duties (SoD)Privilege AggregationAccess Control - Question #24Governance and Training
Which of the following is required to determine classification and ownership?
Data ClassificationData OwnershipAsset IdentificationInformation Governance - Question #25Security Operations
Which of the following describes the BEST configuration management practice?
Configuration ManagementSecurity BaselinesSystem HardeningSecurity Best Practices - Question #26Risk Management
What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process? Each correct answer represents a complete solution. Choose all that ap...
DIACAPIA ControlsValidationImplementation - Question #27Governance and Training
Which of the following memorandums reminds the Federal agencies that it is required by law and policy to establish clear privacy policies for Web activities and to comply with thos...
OMB MemorandumsPrivacy PolicyFederal AgenciesWeb Activities - Question #28Risk Management
Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to r...
Risk Management ProcessRisk RegisterRisk Response PlanningRisk Prioritization - Question #29Risk Management
You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A methodology, which is based on four well defined phases. In which of the following pha...
NIST SP 800-37Risk Management Framework (RMF)Security CategorizationCertification & Accreditation (C&A) - Question #30Systems Development and Acquisition
You work as a systems engineer for BlueWell Inc. You are working on translating system requirements into detailed function criteria. Which of the following diagrams will help you t...
System requirementsFunctional decompositionModeling diagramsSystems engineering - Question #31Security Operations
Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for add...
DITSCAPCertification and AccreditationContinuous MonitoringSystem Life Cycle - Question #32Risk Management
Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques a...
Security Control AssessmentNIST RMFControl EvaluationAssessment Tasks - Question #33Systems Development and Acquisition
The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process...
DITSCAPCertification & Accreditation (C&A)Security VerificationSystem Development Life Cycle (SDLC) Security - Question #34Security Planning and Design
You work as a Network Administrator for PassGuide Inc. You need to secure web services of your company in order to have secure transactions. Which of the following will you recomme...
Web securitySSL/TLSSecure transactionsSecurity protocols - Question #35Governance and Training
Which of the following processes illustrate the study of a technical nature of interest to focused audience, and consist of interim or final reports on work made by NIST for extern...
NIST PublicationsNISTIRsInformation SourcesGovernment Standards - Question #36Governance and Training
Fill in the blank with an appropriate phrase. __________ seeks to improve the quality of process outputs by identifying and removing the causes of defects and variability in manufa...
Six SigmaProcess ImprovementQuality ManagementDefect Reduction - Question #37Security Planning and Design
You work as a security engineer for BlueWell Inc. You are working on the ISSE model. In which of the following phases of the ISSE model is the system defined in terms of what secur...
ISSE modelSecurity requirementsSecurity engineeringSDLC phases - Question #38Governance and Training
TQM recognizes that quality of all the processes within an organization contribute to the quality of the product. Which of the following are the most important activities in the To...
Total Quality Management (TQM)Quality AssuranceProcess ImprovementOrganizational Quality - Question #39Risk Management
Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after the implementation of new or enhanced controls.
residual riskrisk managementsecurity controlsrisk mitigation - Question #40Security Operations
Which of the following is designed to detect unwanted attempts at accessing, manipulating, and disabling of computer systems through the Internet?
Intrusion Detection SystemsSecurity MonitoringDetection MechanismsNetwork Security - Question #41Security Planning and Design
Which of the following security controls is standardized by the Internet Engineering Task Force (IETF) as the primary network layer protection mechanism?
IPSecNetwork SecurityIETF StandardsOSI Model - Question #42Governance and Training
Which of the following DoD policies provides assistance on how to implement policy, assign responsibilities, and prescribe procedures for applying integrated, layered protection of...
DoD PoliciesInformation Assurance (IA)Policy ImplementationDoD 8500.2 - Question #43Systems Development and Acquisition
Which of the following is a document, usually in the form of a table, that correlates any two baseline documents that require a many-to-many relationship to determine the completen...
Traceability matrixRequirements managementSystem documentationSecurity baselines - Question #44Governance and Training
The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statem...
ISSO rolesISSE rolesSystem authorizationSecurity advisory - Question #45Security Planning and Design
For interactive and self-paced preparation of exam ISSEP, try our practice exams. Practice exams also include self assessment and reporting features! Fill in the blank with an appr...
Netcentric ArchitectureNetwork Design PrinciplesSecure InterconnectionDistributed Systems - Question #46Security Operations
Which of the following configuration management system processes keeps track of the changes so that the latest acceptable configuration specifications are readily available?
Configuration ManagementChange TrackingVersion ControlSystem Integrity - Question #47Systems Development and Acquisition
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
DoD SecurityAccreditationC&A (Certification & Accreditation)Information Security Documentation - Question #48Risk Management
Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacki...
Risk transferInsuranceRisk management techniquesInformation security risks - Question #49Governance and Training
Which of the following responsibilities are executed by the federal program manager?
Program ManagementFederal Program ManagerRoles and ResponsibilitiesFinancial Oversight - Question #50Governance and Training
Which of the following approaches can be used to build a security program? Each correct answer represents a complete solution. Choose all that apply.
Security programProgram developmentSecurity strategyManagement approaches