CISSP-ISSEP Practice Questions
221 real CISSP-ISSEP exam questions with expert-verified answers and explanations. Page 2 of 5.
- Question #51Governance and Training
Fill in the blank with the appropriate phrase. __________ provides instructions and directions for completing the Systems Security Authorization Agreement (SSAA).
DoDI 5200.40SSAADIACAPDoD Authorization - Question #52Governance and Training
Which of the following acts promote a risk-based policy for cost effective security? Each correct answer represents a part of the solution. Choose all that apply.
LegislationGovernment RegulationsRisk-based ApproachIT Governance - Question #53Systems Development and Acquisition
Which of the following tasks prepares the technical management plan in planning the technical effort?
Technical Management PlanSystems EngineeringProject PlanningSDLC - Question #54Security Operations
Which of the following NIST Special Publication documents provides a guideline on network security testing?
NIST Special PublicationsNetwork Security TestingSecurity AssessmentVulnerability Assessment - Question #55Security Planning and Design
Which of the following Registration Tasks sets up the system architecture description, and describes the C&A boundary?
RMFSystem RegistrationC&A BoundarySystem Architecture - Question #56Systems Development and Acquisition
Stella works as a system engineer for BlueWell Inc. She wants to identify the performance thresholds of each build. Which of the following tests will help Stella to achieve her tas...
Performance testingSoftware testingSystem development lifecycleQuality assurance - Question #57Governance and Training
Which of the following cooperative programs carried out by NIST encourages performance excellence among U.S. manufacturers, service companies, educational institutions, and healthc...
NIST programsQuality managementPerformance excellenceBaldrige Award - Question #58Risk Management
Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a p...
Risk ResponseOpportunity ManagementExploiting - Question #59Systems Development and Acquisition
Which of the following processes provides guidance to the system designers and form the basis of major events in the acquisition phases, such as testing the products for system int...
Operational ScenariosSystem AcquisitionSystem IntegrationSystems Engineering - Question #60Governance and Training
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecomm...
NIACAPCertification & AccreditationSecurity AssessmentSecurity Roles - Question #61Security Planning and Design
Which of the following is NOT used in the practice of Information Assurance (IA) to define assurance requirements?
Information AssuranceSecurity ModelsAssurance RequirementsProject Management - Question #62Risk Management
Which of the following NIST documents describes that minimizing negative impact on an organization and a need for sound basis in decision making are the fundamental reasons organiz...
NIST SP 800-30Risk Management ProcessRisk AssessmentOrganizational Impact - Question #63Governance and Training
Which of the following roles is also known as the accreditor?
AccreditationInformation Security RolesDesignated Approving AuthorityAuthorization to Operate (ATO) - Question #64Risk Management
In which of the following DIACAP phases is residual risk analyzed?
DIACAPResidual RiskRisk Management FrameworksCertification and Accreditation - Question #65Systems Development and Acquisition
Which of the following agencies is responsible for funding the development of many technologies such as computer networking, as well as NLS?
DARPATechnology FundingNetworking HistoryNLS - Question #66Supply Chain Security
Which of the following organizations is a USG initiative designed to meet the security testing, evaluation, and assessment needs of both information technology (IT) producers and c...
NIAPIT Security TestingCommon CriteriaGovernment Initiatives - Question #67Risk Management
The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on beha...
Risk ManagementRisk TransferenceRisk ResponseLife Cycle Costing - Question #68Risk Management
You work as a security engineer for BlueWell Inc. According to you, which of the following DITSCAPNIACAP model phases occurs at the initiation of the project, or at the initial C&A...
Certification and AccreditationDITSCAPNIACAPC&A Phases - Question #69Systems Development and Acquisition
Fill in the blank with an appropriate phrase. A ____________________ is defined as any activity that has an effect on defining, designing, building, or executing a task, requiremen...
Technical EffortSystem Development Life Cycle (SDLC)Requirements EngineeringSystem Engineering - Question #70Risk Management
According to which of the following DoD policies, the implementation of DITSCAP is mandatory for all the systems that process both DoD classified and unclassified information?
DoD PoliciesDITSCAPCertification and Accreditation (C&A)Information Assurance (IA) - Question #71Governance and Training
Which of the following federal laws are related to hacking activities? Each correct answer represents a complete solution. Choose three.
Federal LawsCybercrimeLegal ComplianceHacking Statutes - Question #72Systems Development and Acquisition
Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support?
C&A ProcessSystem AuthorizationStakeholder CommunicationRegistration Tasks - Question #73Security Planning and Design
Which of the following are the most important tasks of the Information Management Plan (IMP)? Each correct answer represents a complete solution. Choose all that apply.
Information Management Plan (IMP)Information Protection Policy (IPP)Organizational PlanningInformation Governance - Question #74Risk Management
FIPS 199 defines the three levels of potential impact on organizations. Which of the following potential impact levels shows limited adverse effects on organizational operations, o...
FIPS 199Impact LevelsSecurity CategorizationRisk Assessment - Question #75Systems Development and Acquisition
The principle of the SEMP is not to repeat the information, but rather to ensure that there are processes in place to conduct those functions. Which of the following sections of th...
SEMPWork AuthorizationChange ManagementProject Management - Question #76Security Operations
Which of the of following departments protects and supports DoD information, information systems, and information networks that are critical to the department and the armed forces...
DoD AgenciesInformation ProtectionNetwork SecurityNational Security Systems - Question #77Systems Development and Acquisition
Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronic...
NSA IADSecure CommunicationsTrusted MicroelectronicsTamper Protection - Question #78Governance and Training
Which of the following federal laws establishes roles and responsibilities for information security, risk management, testing, and training, and authorizes NIST and NSA to provide...
Federal LegislationInformation Security GovernanceRisk Management FrameworksAgency Responsibilities - Question #79Risk Management
Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system?
DITSCAPCertification & Accreditation (C&A)System Security Authorization Agreement (SSAA)Security Authorization - Question #80Systems Development and Acquisition
Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?
Security StandardsTCSECSecurity Control AssessmentTrusted Systems - Question #81Risk Management
What NIACAP certification levels are recommended by the certifier? Each correct answer represents a complete solution. Choose all that apply.
NIACAPCertification and AccreditationSecurity Assessment LevelsISSEP - Question #82Governance and Training
NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc i...
NIST SP 800-53ASecurity AssessmentInterview TechniquesAssessment Methods - Question #83Systems Development and Acquisition
Fill in the blanks with an appropriate phrase. A ________ is an approved build of the product, and can be a single component or a combination of components.
Configuration ManagementDevelopment BaselinesSystem Development Life CycleSoftware Engineering - Question #84Risk Management
Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk even...
Quantitative Risk AnalysisRisk Financial QuantificationContingency ReserveRisk Budgeting - Question #85Risk Management
Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information as...
Certification and Accreditation (C&A)Information AssuranceSecurity FrameworksNIACAP - Question #86Systems Development and Acquisition
Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which of the following is the correct order of C&A phases in a DITSCAP assessment?
C&ADITSCAPSecurity AssessmentInformation System Security - Question #87Governance and Training
Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the q...
NISTFederal AgenciesStandards DevelopmentInformation Security Governance - Question #88Systems Development and Acquisition
Fill in the blank with an appropriate phrase. The ____________ helps the customer understand and document the information management needs that support the business or mission.
Systems engineering roleRequirements analysisInformation managementBusiness needs - Question #89Governance and Training
Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security cont...
Information Security StandardsISO 27000 SeriesSecurity FrameworksRisk Management - Question #90Systems Development and Acquisition
Which of the following certification levels requires the completion of the minimum security checklist, and the system user or an independent certifier can complete the checklist?
Certification LevelsSecurity ChecklistsSecurity Assurance - Question #91Governance and Training
Which of the following cooperative programs carried out by NIST provides a nationwide network of local centers offering technical and business assistance to small manufacturers?
NIST ProgramsManufacturing Extension PartnershipSmall Business AssistanceGovernment Programs - Question #92Governance and Training
Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense?
DITSCAPC&ADoD DirectivesSecurity Frameworks - Question #93Systems Development and Acquisition
You work as a security engineer for BlueWell Inc. According to you, which of the following statements determines the main focus of the ISSE process?
ISSESecurity Engineering ProcessRequirements AnalysisInformation Protection Needs - Question #94Governance and Training
Which of the following is NOT an objective of the security program?
Security programGovernanceSecurity organizationSecurity education - Question #95Governance and Training
The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibili...
CIO RolesIT GovernanceExecutive ManagementContinuous Monitoring - Question #96Risk Management
Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls?
Authorization To Operate (ATO)Interim Authorization To Operate (IATO)Assessment and Authorization (A&A)Risk Management Framework (RMF) - Question #97Security Planning and Design
Which of the following phases of the ISSE model is used to determine why the system needs to be built and what information needs to be protected?
ISSE ModelSecurity PlanningNeeds AssessmentInformation Protection - Question #98Governance and Training
Which of the following Net-Centric Data Strategy goals are required to increase enterprise and community data over private user and system data? Each correct answer represents a co...
Net-Centric Data StrategyData SharingInformation ManagementData Governance - Question #99Governance and Training
Which of the following acts assigns the Chief Information Officers (CIO) with the responsibility to develop Information Technology Architectures (ITAs) and is also referred to as t...
Clinger-Cohen ActITMRACIO responsibilitiesIT Architectures - Question #100Governance and Training
Which of the following types of CNSS issuances describes how to implement the policy or prescribes the manner of a policy?
CNSS IssuancesPolicy ImplementationGovernment Security StandardsSecurity Governance