The Actual Exam Version included actual exam questions verified by IT Experts. We verified questions and updated frequently each month and also based on members’ feedback to keep updating with the real exam. We are offering money back immediately if questions in our Actual Exam Version do not appear in your exam. Highly recommend you take the Actual Exam Version then go to the exam as soon as possible.
CISSP-ISSEP Information Systems Security Engineering Professional Actual Exam
QUESTION NO: 31
What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process
Each correct answer represents a complete solution. Choose all that apply.
A. Develop DIACAP strategy.
B. Initiate IA implementation plan.
C. Conduct validation activity.
D. Assemble DIACAP team.
E. Register system with DoD Component IA Program.
F. Assign IA controls.
QUESTION NO: 32
You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation of Federal Information Systems
A. NIST Special Publication 800-59
B. NIST Special Publication 800-37
C. NIST Special Publication 800-60
D. NIST Special Publication 800-53
QUESTION NO: 33
Which of the following documents is described in the statement below It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning.
A. Risk management plan
B. Project charter
C. Quality management plan
D. Risk register
QUESTION NO: 34
Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should respond to the risk with the pre planned risk response
A. Project sponsor
B. Risk owner
D. Subject matter expert
QUESTION NO: 35
Which of the following refers to a process that is used for implementing information security
A. Classic information security model
B. Certification and Accreditation (C&A)
C. Information Assurance (IA)
D. Five Pillars model
QUESTION NO: 36
In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47, do the organizations build and execute a plan for establishing the interconnection, including executing or configuring appropriate security controls
A. Establishing the interconnection
B. Planning the interconnection
C. Disconnecting the interconnection
D. Maintaining the interconnection
QUESTION NO: 37
Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators
A. ISO 90012000
D. Six Sigma
QUESTION NO: 38
Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats
A. System Security Context
B. Information Protection Policy (IPP)
QUESTION NO: 39
Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document Each correct answer represents a complete solution. Choose all that apply.
A. It identifies the information protection problems that needs to be solved.
B. It allocates security mechanisms to system security design elements.
C. It identifies custom security products.
D. It identifies candidate commercial off-the-shelf (COTS)government off-the-shelf (GOTS) security products.
QUESTION NO: 40
Which of the following individuals is responsible for the oversight of a program that is supported by a team of people that consists of, or be exclusively comprised of contractors
A. Quality Assurance Manager
B. Senior Analyst
C. System Owner
D. Federal program manager
QUESTION NO: 41
Which of the following agencies serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related information available today
QUESTION NO: 42
You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of the following tests will help you to perform the above task
A. Functional test
B. Reliability test
C. Performance test
D. Regression test
QUESTION NO: 43
You work as a system engineer for BlueWell Inc. Which of the following documents will help you to describe the detailed plans, procedures, and schedules to guide the transition process
A. Configuration management plan
B. Transition plan
C. Systems engineering management plan (SEMP)
D. Acquisition plan
QUESTION NO: 44
Which of the following policies describes the national policy on the secure electronic messaging service?
A. NSTISSP No. 11
B. NSTISSP No. 7
C. NSTISSP No. 6
D. NSTISSP No. 101
QUESTION NO: 45
Which of the following is a subset discipline of Corporate Governance focused on information security systems and their performance and risk management
A. Computer Misuse Act
B. Clinger-Cohen Act
D. Lanham Act
QUESTION NO: 46
Which of the following principles are defined by the IATF model Each correct answer represents a complete solution. Choose all that apply.
A. The degree to which the security of the system, as it is defined, designed, and implemented, meets the security needs.
B. The problem space is defined by the customer’s mission or business needs.
C. The systems engineer and information systems security engineer define the solution space, which is driven by the problem space.
D. Always keep the problem and solution spaces separate.
QUESTION NO: 47
Which of the following cooperative programs carried out by NIST conducts research to advance the nation’s technology infrastructure
A. Manufacturing Extension Partnership
B. NIST Laboratories
C. Baldrige National Quality Program
D. Advanced Technology Program
QUESTION NO: 48
Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system
A. System Owner
B. Information Systems Security Officer (ISSO)C. Designated Approving Authority (DAA)
D. Chief Information Security Officer (CISO)
QUESTION NO: 49
Which of the following assessment methodologies defines a six-step technical security evaluation
C. FIPS 102
QUESTION NO: 50
What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the
DIACAP process Each correct answer represents a complete solution. Choose all that apply.
A. Conduct activities related to the disposition of the system data and objects.
B. Combine validation results in DIACAP scorecard.
C. Conduct validation activities.
D. Execute and update IA implementation plan.
QUESTION NO: 51
Which of the following memorandums reminds the Federal agencies that it is required by law and policy to establish clear privacy policies for Web activities and to comply with those policies
A. OMB M-01-08
B. OMB M-03-19
C. OMB M-00-07
D. OMB M-00-13
QUESTION NO: 52
Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response. Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created
A. The level of detail must define exactly the risk response for each identified risk.
B. The level of detail is set of project risk governance.
C. The level of detail is set by historical information.
D. The level of detail should correspond with the priority ranking.
QUESTION NO: 53
You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A methodology, which is based on four well defined phases. In which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occur
A. Continuous Monitoring
C. Security Certification
D. Security Accreditation
QUESTION NO: 54
You work as a systems engineer for BlueWell Inc. You are working on translating system requirements into detailed function criteria. Which of the following diagrams will help you to show all of the function requirements and their groupings in one diagram
A. Activity diagram
B. Functional flow block diagram (FFBD)
C. Functional hierarchy diagram
D. Timeline analysis diagram
QUESTION NO: 55
Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle
A. Phase 1, Definition
B. Phase 3, Validation
C. Phase 4, Post Accreditation Phase
D. Phase 2, Verification
QUESTION NO: 56
Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques and measures selected or developed
A. Security Control Assessment Task 3
B. Security Control Assessment Task 1
C. Security Control Assessment Task 4
D. Security Control Assessment Task 2
QUESTION NO: 57
The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.
A. Assessment of the Analysis Results
B. Certification analysis
D. System development
E. Configuring refinement of the SSAA
QUESTION NO: 58
You work as a Network Administrator for PassGuide Inc. You need to secure web services of your company in order to have secure transactions. Which of the following will you recommend for providing security
QUESTION NO: 59
Which of the following processes illustrate the study of a technical nature of interest to focused audience, and consist of interim or final reports on work made by NIST for external sponsors, including government and non-government sponsors
A. Federal Information Processing Standards (FIPS)
B. Special Publication (SP)
C. NISTIRs (Internal Reports)