CISSP-ISSEP Practice Questions
221 real CISSP-ISSEP exam questions with expert-verified answers and explanations. Page 3 of 5.
- Question #101Systems Development and Acquisition
The Concept of Operations (CONOPS) is a document describing the characteristics of a proposed system from the viewpoint of an individual who will use that system. Which of the foll...
CONOPSSystem DocumentationOperational PlanningSecurity Engineering - Question #102Systems Development and Acquisition
Which of the following processes describes the elements such as quantity, quality, coverage, timelines, and availability, and categorizes the different functions that the system wi...
Requirements engineeringFunctional requirementsSystem specificationBusiness needs analysis - Question #103Governance and Training
Which of the following DoD policies establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels?
DoD PoliciesInformation AssuranceIA ControlsMAC Levels - Question #104Risk Management
Fill in the blank with an appropriate phrase. _________________ is used to verify and accredit systems by making a standard process, set of activities, general tasks, and managemen...
Certification and AccreditationDITSCAPNIACAPInformation Assurance - Question #105Security Planning and Design
Fill in the blank with an appropriate phrase. The ______________ process is used for allocating performance and designing the requirements to each function.
functional allocationrequirements engineeringsystem designperformance allocation - Question #106Security Planning and Design
Which of the following tasks describes the processes required to ensure that the project includes all the work required, and only the work required, to complete the project success...
project managementscope managementproject planningproject initiation - Question #107Risk Management
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the diffe...
System Authorization ProcessCertification and Accreditation (C&A)Risk Management Framework (RMF)Authorization Phases - Question #108Governance and Training
Which of the following CNSS policies describes the national policy on securing voice ?communications
CNSS policiesNSTISSPVoice communications securityNational policy - Question #109Risk Management
Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package?
NIST SP 800-37Risk Management FrameworkSecurity AccreditationResidual Risk - Question #110Risk Management
Which of the following are the phases of the Certification and Accreditation (C&A) process? Each correct answer represents a complete solution. Choose two.
Certification and Accreditation (C&A)Risk Management Framework (RMF)Security AuthorizationInformation System Lifecycle - Question #111Systems Development and Acquisition
Which of the following DITSCAPNIACAP model phases is used to confirm that the evolving system development and integration complies with the agreements between role players document...
DITSCAPNIACAPCertification & AccreditationVerification - Question #112Security Planning and Design
Which of the following are the ways of sending secure e-mail messages over the Internet? Each correct answer represents a complete solution. Choose two.
Email securityPGPS/MIMECryptographic protocols - Question #113Governance and Training
Which of the following memorandums directs the Departments and Agencies to post clear privacy policies on World Wide Web sites, and provides guidance for doing it?
OMB MemorandumsPrivacy PolicyGovernment RegulationsWeb Privacy - Question #114Systems Development and Acquisition
Which of the following categories of system specification describes the technical, performance, operational, maintenance, and support characteristics for the entire system?
System SpecificationsRequirements EngineeringSystem Documentation - Question #115Security Planning and Design
You have been tasked with finding an encryption methodology that will encrypt most types of email attachments. The requirements are that your solution must use the RSA algorithm. W...
Email encryptionS/MIMERSA algorithmHybrid cryptography - Question #116Security Planning and Design
Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of whi...
Trusted Computing Base (TCB)Security ArchitectureSystem SecuritySecurity Controls - Question #117Governance and Training
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required...
Security PolicyPolicy DesignSecurity GovernanceRisk Management - Question #118Governance and Training
Which of the following organizations assists the President in overseeing the preparation of the federal budget and to supervise its administration in Executive Branch agencies?
OMBFederal BudgetGovernment OversightExecutive Branch - Question #119Risk Management
Which of the following describes a residual risk as the risk remaining after a risk mitigation has occurred?
Residual RiskRisk MitigationDIACAPCertification and Accreditation - Question #120Systems Development and Acquisition
Della works as a systems engineer for BlueWell Inc. She wants to convert system requirements into a comprehensive function standard, and break the higher-level functions into lower...
Systems EngineeringFunctional AnalysisRequirements DecompositionSystem Development Life Cycle - Question #121Systems Development and Acquisition
Fill in the blanks with an appropriate phrase. The______________ is the process of translating system requirements into detailed function criteri a.
Functional AnalysisSystem RequirementsSystems Development - Question #122Risk Management
Which of the CNSS policies describes the national policy on certification and accreditation of national security telecommunications and information systems?
CNSS PoliciesCertification and Accreditation (C&A)National Security SystemsInformation Assurance - Question #123Systems Development and Acquisition
Which of the following cooperative programs carried out by NIST speed ups the development of modern technologies for broad, national benefit by co-funding research and development...
NIST programsTechnology developmentGovernment partnershipsResearch and Development - Question #124Governance and Training
The DoD 8500 policy series represents the Department's information assurance strategy. Which of the following objectives are defined by the DoD 8500 series? Each correct answer rep...
DoD 8500Information Assurance (IA)Security ObjectivesPolicy Frameworks - Question #125Security Planning and Design
Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting sensitive, un...
Cryptography TypesFIPS 185NSA StandardsGovernment Information Security - Question #126Risk Management
Which of the following characteristics are described by the DIAP Information Readiness Assessment function? Each correct answer represents a complete solution. Choose all that appl...
DIAPInformation Readiness AssessmentVulnerability AnalysisIA Requirements - Question #127Systems Development and Acquisition
The functional analysis process is used for translating system requirements into detailed function criteria. Which of the following are the elements of functional analysis process?...
Functional AnalysisSystem RequirementsSystems EngineeringDesign Principles - Question #128Governance and Training
Which of the following acts is endorsed to provide a clear statement of the proscribed activity concerning computers to the law enforcement community, those who own and operate com...
Computer LawCybercrime LegislationCFAA - Question #129Security Planning and Design
In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47 does the participating organizations perform the following tasks Perform preliminary...
NIST SP 800-47Interconnection SecuritySecurity AgreementsSystem Interconnection Lifecycle - Question #130Governance and Training
Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment?
DITSCAPCertification and AccreditationSecurity ValidationSystem Authorization - Question #131Security Planning and Design
Which of the following terms describes the security of an information system against unauthorized access to or modification of information, whether in storage, processing, or trans...
Information Security ConceptsDefinitionsCIA TriadInformation Systems Security - Question #132Risk Management
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk r...
Risk ManagementRisk ResponseCorrective ActionProject Risk - Question #133Governance and Training
Which of the following CNSS policies describes the national policy on use of cryptomaterial by activities operating in high risk environments?
CNSS PoliciesCryptomaterial UsageNational PolicyHigh Risk Environments - Question #134Systems Development and Acquisition
Which of the following sections of the SEMP template defines the project constraints, to include constraints on funding, personnel, facilities, manufacturing capability and capacit...
SEMPProject ConstraintsSystems EngineeringSecurity Engineering Management - Question #135Risk Management
Which of the following certification levels requires the completion of the minimum security checklist and more in-depth, independent analysis?
Security Certification LevelsSecurity AssessmentIndependent ValidationRisk Management Framework - Question #136Systems Development and Acquisition
Which of the following individuals reviews and approves project deliverables from a QA perspective?
Quality assuranceProject rolesDeliverable reviewSystem development process - Question #137Governance and Training
Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology syst...
OMB MemorandumsSecurity GovernanceIT InvestmentFederal Regulations - Question #138Governance and Training
Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specif...
NIST SP 800-26Security AssessmentCompliance EvaluationInformation System Security - Question #139Security Planning and Design
Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security cont...
NIST SP 800-53Security ControlsFederal StandardsControl Families - Question #140Systems Development and Acquisition
Which of the following is the acronym of RTM?
Requirements Traceability MatrixProject ManagementRequirements ManagementSDLC - Question #141Risk Management
Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accred...
Roles and ResponsibilitiesInformation System OwnerAccreditationSecurity Monitoring - Question #142Systems Development and Acquisition
Which of the following is the application of statistical methods to the monitoring and control of a process to ensure that it operates at its full potential to produce conforming p...
Statistical process controlQuality controlProcess monitoring - Question #143Governance and Training
Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?
DoD DirectivesAutomation ResourcesManagement ManualsFederal Compliance - Question #144Risk Management
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a...
Risk Management FrameworkRisk MitigationSecurity ControlsRMF Phases - Question #145Security Planning and Design
Which of the following elements of Registration task 4 defines the operating system, database management system, and software applications, and how they will be used?
System SoftwareOperating SystemsDatabase Management SystemsSoftware Applications - Question #146Security Operations
Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the inf...
Configuration ManagementNIST RMFContinuous MonitoringInformation System Changes - Question #147Governance and Training
Which of the following types of CNSS issuances establishes or describes policy and programs, provides authority, or assigns responsibilities?
CNSS issuancesCNSS DirectivesInformation Security Governance - Question #148Governance and Training
Which of the following are the subtasks of the Define Life-Cycle Process Concepts task? Each correct answer represents a complete solution. Choose all that apply.
Life-cycle processesProcess definitionProgram management elementsISSEP concepts - Question #149Governance and Training
You work as a systems engineer for BlueWell Inc. You want to protect and defend information and information systems by ensuring their availability, integrity, authentication, confi...
Information AssuranceSecurity PrinciplesAvailabilityIntegrityConfidentiality - Question #150Security Operations
Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?
Security controlsCorrective controlsIncident responseDamage limitation