CISSP-ISSEP Exam Questions
220 real CISSP-ISSEP exam questions with expert-verified answers and explanations. Page 5 of 5.
- Question #202Security Operations
Which of the following email lists is written for the technical audiences, and provides weekly summaries of security issues, new vulnerabilities, potential impact, patches and work...
CISA BulletinsThreat intelligenceVulnerability managementSecurity alerts - Question #203Security Planning and Design
Which of the following tasks obtains the customer agreement in planning the technical effort?
ISSEP TasksCustomer AgreementTechnical PlanningSystems Engineering - Question #204Risk Management
Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)? Each correct answer represents a complete solution. Choose all that appl...
C&ANIST SP 800-seriesRMFSecurity controls - Question #205Systems Development and Acquisition
Which of the following elements are described by the functional requirements task? Each correct answer represents a complete solution. Choose all that apply.
Functional RequirementsRequirements SpecificationSystems Development - Question #206Security Planning and Design
Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality?
Information Protection PolicyISSESecurity ClassificationSecurity Requirements - Question #207Security Planning and Design
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels require...
DoD 8500.2MAC levelsIA controlsIntegrity/Availability - Question #208Governance and Training
What are the responsibilities of a system owner? Each correct answer represents a complete solution. Choose all that apply.
System Owner ResponsibilitiesSecurity ControlsVulnerability AssessmentSystems Acquisition - Question #209Systems Development and Acquisition
Which of the following Registration Tasks sets up the business or operational functional description and system identification?
ISSEP Registration TasksSystem IdentificationFunctional DescriptionSystems Development - Question #210Systems Development and Acquisition
Fill in the blank with an appropriate section name. _________________ is a section of the SEMP template, which specifies the methods and reasoning planned to build the requisite tr...
SEMPSystem Analysistrade-off analysissystems engineering - Question #211Governance and Training
Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance...
CNSSNational security policyFederal governancePolicy frameworks - Question #212Risk Management
Which of the following statements is true about residual risks?
Residual RiskRisk AnalysisSecurity ControlsRisk Assessment - Question #213Security Planning and Design
According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the fo...
DoD 8500.2Information Assurance controlsSecurity Design ConfigurationVulnerability Management - Question #214Governance and Training
Which of the following CNSS policies describes the national policy on controlled access protection?
NSTISSP No. 200Controlled Access ProtectionCNSS policyAccess control - Question #215Governance and Training
Which of the following is a subset discipline of Corporate Governance focused on information security systems and their performance and risk management?
ISGInformation Security GovernanceCorporate GovernanceRisk Management - Question #216Systems Development and Acquisition
Which of the following principles are defined by the IATF model? Each correct answer represents a complete solution. Choose all that apply.
IATFProblem spaceSolution spaceSystems engineering - Question #217Governance and Training
Which of the following cooperative programs carried out by NIST conducts research to advance the nation's technology infrastructure?
NIST LaboratoriesTechnology infrastructureResearch programsStandards development - Question #218Risk Management
Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system?
Residual RiskRisk AcceptanceDesignated Approving AuthorityAuthorization - Question #219Risk Management
Which of the following assessment methodologies defines a six-step technical security evaluation?
FIPS 102Assessment methodologyTechnical security evaluationSecurity frameworks - Question #220Governance and Training
What is the MOST critical factor to achieve the goals of a security program?
Executive SupportSecurity GovernanceProgram Oversight - Question #221Security Operations
Which of the following is an attacker MOST likely to target to gain privileged access to a system?
Privilege EscalationSystem ResourcesAttack VectorsVulnerability Exploitation