CISSP-ISSEP Practice Questions
221 real CISSP-ISSEP exam questions with expert-verified answers and explanations. Page 4 of 5.
- Question #151Security Planning and Design
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels require...
DoD MAC levelsInformation AssuranceIntegrityAvailability - Question #152Risk Management
There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event?
Risk responseNegative riskRisk treatment - Question #153Systems Development and Acquisition
You work as a systems engineer for BlueWell Inc. You want to communicate the quantitative and qualitative system characteristics to all stakeholders. Which of the following documen...
Systems EngineeringCONOPSStakeholder CommunicationSystem Characteristics - Question #154Security Operations
Which of the following agencies provides command and control capabilities and enterprise infrastructure to continuously operate and assure a global net-centric enterprise in direct...
Government AgenciesDoD InfrastructureCommand and Control (C2)Enterprise Architecture - Question #155Governance and Training
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of poli...
Security PolicyPolicy TypesGovernanceRegulatory Compliance - Question #156Governance and Training
Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States?
FISMAUS Federal LawInformation Security GovernanceRegulatory Compliance - Question #157Risk Management
Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information?
CNSS PoliciesNIACAPCertification and AccreditationGovernment Security Regulations - Question #158Governance and Training
Which of the following terms describes the measures that protect and support information and information systems by ensuring their availability, integrity, authentication, confiden...
Information Assurance (IA)Security PrinciplesAICANInformation Protection - Question #159Security Planning and Design
Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authenticatio...
Information AssuranceSecurity ModelsFive Pillars of IACIA-AN - Question #160Systems Development and Acquisition
You work as an ISSE for BlueWell Inc. You want to break down user roles, processes, and information until ambiguity is reduced to a satisfactory degree. Which of the following tool...
Information Management ModelSystems AnalysisRequirements EngineeringAmbiguity Reduction - Question #161Risk Management
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecomm...
NIACAPAccreditationCertification and Accreditation (C&A)Information Assurance - Question #162Risk Management
FIPS 199 defines the three levels of potential impact on organizations low, moderate, and high. Which of the following are the effects of loss of confidentiality, integrity, or ava...
FIPS 199Impact LevelsSecurity CategorizationCIA Triad - Question #163Governance and Training
Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing secur...
Security RolesSenior Management ResponsibilitiesAuthorization ProcessOrganizational Governance - Question #164Governance and Training
Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems?
Cybersecurity LawComputer CrimeMalicious CodeLegal Compliance - Question #165Governance and Training
Which of the following DoD policies establishes policies and assigns responsibilities to achieve DoD IA through a defense-in-depth approach that integrates the capabilities of pers...
DoD IA PolicyInformation AssuranceDefense-in-depthDoD Directives - Question #166Systems Development and Acquisition
Which of the following are the functional analysis and allocation tools? Each correct answer represents a complete solution. Choose all that apply.
Systems EngineeringFunctional AnalysisFunctional AllocationEngineering Diagrams - Question #167Governance and Training
Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted as a Federal Information Processing Standard?
FIPS standardsCryptography types (I, II, III)FIPS 185Government crypto policy - Question #168Systems Development and Acquisition
Which of the following are the benefits of SE as stated by MIL-STD-499B? Each correct answer represents a complete solution. Choose all that apply.
Systems EngineeringMIL-STD-499BConfiguration ManagementWork Breakdown Structure - Question #169Governance and Training
Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into productio...
FISMACertification and Accreditation (C&A)Assessment and Authorization (A&A)Government Compliance - Question #170Systems Development and Acquisition
John works as a security engineer for BlueWell Inc. He wants to identify the different functions that the system will need to perform to meet the documented missionbusiness needs....
Functional requirementsSystem requirementsRequirements analysis - Question #171Security Planning and Design
Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system?
System Security RequirementsData ClassificationInformation Security PlanningSystem Registration - Question #172Systems Development and Acquisition
Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all...
SDLCDeployment PhaseSecurity ControlsCertification and Accreditation - Question #173Governance and Training
Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities?
CNSS issuancesSecurity PolicySecurity GovernanceOrganizational Documents - Question #174Security Planning and Design
Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified in...
Cryptography TypesNSA CertificationClassified Information ProtectionGovernment Cryptography - Question #175Risk Management
Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two.
Risk Management ProcessRisk IdentificationRisk Control - Question #176Risk Management
You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activ...
Risk monitoringRisk controlProject risk managementChange requests - Question #177Risk Management
Continuous Monitoring is the fourth phase of the security certification and accreditation process. What activities are performed in the Continuous Monitoring process? Each correct...
Continuous MonitoringCertification and AccreditationRisk Management FrameworkSecurity Operations - Question #178Systems Development and Acquisition
Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronic...
Government AgenciesSecure CommunicationsTrusted HardwareInformation Assurance - Question #179Security Operations
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF...
FITSAFSecurity Assessment FrameworksControl TestingSecurity Assessment Levels - Question #180Security Operations
Which of the following is a type of security management for computers and networks in order to identify security breaches?
Intrusion Detection System (IDS)Security MonitoringBreach DetectionNetwork Security - Question #181Security Planning and Design
Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through t...
Firewall typesStateful inspectionNetwork securityPacket filtering - Question #182Governance and Training
Which of the following federal laws is designed to protect computer data from theft?
Federal LawsComputer CrimeData ProtectionCFAA - Question #183Systems Development and Acquisition
Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media?
Software ReleaseRTMSDLCQuality Assurance - Question #184Systems Development and Acquisition
Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration managem...
Configuration ManagementChange ManagementSDLC - Question #185Risk Management
Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process?
C&A processRMFInformation system ownerRoles and responsibilities - Question #186Systems Development and Acquisition
Which of the following security controls is a set of layered security services that address communications and data security problems in the emerging Internet and intranet applicat...
Common Data Security Architecture (CDSA)Security ArchitectureApplication SecurityData Security - Question #187Security Operations
Which of the following protocols is used to establish a secure terminal to a remote network device?
SSHSecure Remote AccessNetwork Protocols - Question #188Systems Development and Acquisition
Which of the following elements of Registration task 4 defines the system's external interfaces as well as the purpose of each external interface, and the relationship between the...
System interfacesExternal interfacesSystem definitionSystem documentation - Question #189Governance and Training
Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) informat...
NIST Special PublicationsInformation Security GuidelinesControlled Unclassified Information (CUI)Federal Information Security - Question #190Risk Management
Which of the following individuals is an upper-level manager who has the power and capability to evaluate the mission, business case, and budgetary needs of the system while also c...
DAAAuthorizing OfficialRisk AcceptanceAuthorization to Operate - Question #191Security Planning and Design
Which of the following rated systems of the Orange book has mandatory protection of the TCB?
Orange BookTCSECMandatory Access ControlTrusted Computing Base - Question #192Systems Development and Acquisition
Which of the following categories of system specification describes the technical requirements that cover a service, which is performed on a component of the system?
System specificationsProcess specificationRequirements engineering - Question #193Risk Management
Which of the following DITSCAPNIACAP model phases is used to show the required evidence to support the DAA in accreditation process and conclude in an Approval To Operate (ATO) ?
Accreditation ProcessApproval To Operate (ATO)DITSCAP/NIACAPSecurity Frameworks - Question #194Systems Development and Acquisition
Which of the following is a 1996 United States federal law, designed to improve the way the federal government acquires, uses, and disposes information technology?
Clinger-Cohen ActFederal IT AcquisitionGovernment RegulationsIT Governance - Question #195Risk Management
An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official? Each correct answer represents a complete solution. Choose all that...
Authorizing Official (AO)Risk Management Framework (RMF)Authorization to Operate (ATO)Security Governance - Question #196Security Planning and Design
Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, th...
Information Assurance FrameworksEnclavesNetwork SegmentationSecurity Zones - Question #197Systems Development and Acquisition
Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs?
C&A / RMFRoles and ResponsibilitiesInformation System Program ManagerSystem Life Cycle - Question #198Risk Management
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represen...
FIPS 199Security CategorizationImpact LevelsCertification & Accreditation - Question #199Governance and Training
Which of the following federal agencies coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produces foreign intelligence infor...
National Security AgencyIntelligence CommunityInformation AssuranceFederal Agencies - Question #200Security Planning and Design
Which of the following firewall types operates at the Network layer of the OSI model and can filter data by port, interface address, source address, and destination address?
Firewall typesPacket filteringOSI modelNetwork security