CISSP-ISSEP Practice Questions
221 real CISSP-ISSEP exam questions with expert-verified answers and explanations. Page 5 of 5.
- Question #201Risk Management
The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase? Each co...
DITSCAPCertification & AccreditationPost AccreditationSecurity Operations - Question #202Security Operations
Which of the following email lists is written for the technical audiences, and provides weekly summaries of security issues, new vulnerabilities, potential impact, patches and work...
Cybersecurity communicationVulnerability managementThreat intelligenceSecurity awareness - Question #203Systems Development and Acquisition
Which of the following tasks obtains the customer agreement in planning the technical effort?
Systems EngineeringCustomer AgreementTechnical PlanningDevelopment Lifecycle - Question #204Risk Management
Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)? Each correct answer represents a complete solution. Choose all that appl...
NIST Special PublicationsCertification & Accreditation (C&A)Risk Management Framework (RMF)Information Security Assessment - Question #205Systems Development and Acquisition
Which of the following elements are described by the functional requirements task? Each correct answer represents a complete solution. Choose all that apply.
Functional RequirementsRequirements EngineeringSystems Development Life CycleRequirement Attributes - Question #206Security Planning and Design
Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality?
Information Protection PolicySecurity RequirementsISSE RolePolicy Document - Question #207Security Planning and Design
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels require...
MAC LevelsDoD IA ControlsIntegrityAvailability - Question #208Governance and Training
What are the responsibilities of a system owner? Each correct answer represents a complete solution. Choose all that apply.
System ownerSecurity governanceSecurity responsibilitiesAcquisition security - Question #209Risk Management
Which of the following Registration Tasks sets up the business or operational functional description and system identification?
System IdentificationFunctional DescriptionNIST RMFRegistration Tasks - Question #210Security Planning and Design
Fill in the blank with an appropriate section name. _________________ is a section of the SEMP template, which specifies the methods and reasoning planned to build the requisite tr...
SEMPSystem AnalysisDesign Trade-offsSecurity Engineering - Question #211Governance and Training
Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance...
Federal AgenciesNational Security Systems (NSS)Information Security PolicyCNSS - Question #212Risk Management
Which of the following statements is true about residual risks?
Residual RiskRisk Management ProcessRisk Treatment - Question #213Security Planning and Design
According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the fo...
DoD 8500.2Information AssuranceIA areasSecurity controls - Question #214Governance and Training
Which of the following CNSS policies describes the national policy on controlled access protection?
CNSS PoliciesNSTISSPControlled Access ProtectionNational Security Governance - Question #215Governance and Training
Which of the following is a subset discipline of Corporate Governance focused on information security systems and their performance and risk management?
Information Security GovernanceCorporate GovernanceRisk Management - Question #216Systems Development and Acquisition
Which of the following principles are defined by the IATF model? Each correct answer represents a complete solution. Choose all that apply.
IATF ModelProblem SpaceSolution SpaceSystems Engineering - Question #217Governance and Training
Which of the following cooperative programs carried out by NIST conducts research to advance the nation's technology infrastructure?
NIST programsResearch and developmentTechnology infrastructureFederal agencies - Question #218Risk Management
Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system?
Risk AcceptanceResidual RiskDesignated Approving Authority (DAA)Authorization Process - Question #219Governance and Training
Which of the following assessment methodologies defines a six-step technical security evaluation?
FIPS 102Security EvaluationAssessment MethodologiesCertification and Accreditation - Question #220Governance and Training
What is the MOST critical factor to achieve the goals of a security program?
Security program managementExecutive supportSecurity governanceOrganizational buy-in - Question #221Security Operations
Which of the following is an attacker MOST likely to target to gain privileged access to a system?
Attack VectorsPrivilege EscalationVulnerability ExploitationSystem Resources