ISC2 CISSP-ISSEP Free Practice Questions

NEW QUESTION 1
In which of the following phases of the interconnection life cycle as defined by NIST SP
800-47 does the participating organizations perform the following tasks Perform preliminary activities. Examine all relevant technical, security and administrative issues. Form an agreement governing the management, operation, and use of the interconnection.

• A. Establishing the interconnection
• B. Disconnecting the interconnection
• C. Planning the interconnection
• D. Maintaining the interconnection

Answer: C

NEW QUESTION 2
The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE Each correct answer represents a complete solution. Choose all that apply.

• A. An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
• B. An ISSE provides advice on the impacts of system changes.
• C. An ISSE provides advice on the continuous monitoring of the information system.
• D. An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
• E. An ISSO takes part in the development activities that are required to implement system changes.

Answer: BCD

NEW QUESTION 3
What NIACAP certification levels are recommended by the certifier Each correct answer represents a complete solution. Choose all that apply.

• A. Basic System Review
• B. Basic Security Review
• C. Maximum Analysis
• D. Comprehensive Analysis
• E. Detailed Analysis
• F. Minimum Analysis

Answer: BDEF

NEW QUESTION 4
Which of the following is the application of statistical methods to the monitoring and control of a process to ensure that it operates at its full potential to produce conforming product

• A. Information Assurance (IA)
• B. Statistical process control (SPC)
• C. Information Protection Policy (IPP)
• D. Information management model (IMM)

Answer: B

NEW QUESTION 5
The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.

• A. Security operations
• B. Continue to review and refine the SSAA
• C. Change management
• D. Compliance validation
• E. System operations
• F. Maintenance of the SSAA

Answer: ACDEF

NEW QUESTION 6
Which of the following CNSS policies describes the national policy on controlled access protection

• A. NSTISSP N
• B. 101
• C. NSTISSP N
• D. 200
• E. NCSC N
• F. 5
• G. CNSSP N
• H. 14

Answer: B

NEW QUESTION 7
What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

• A. Conduct activities related to the disposition of the system data and objects.
• B. Combine validation results in DIACAP scorecard.
• C. Conduct validation activities.
• D. Execute and update IA implementation plan.

Answer: BCD

NEW QUESTION 8
Which of the following are the benefits of SE as stated by MIL-STD-499B Each correct answer represents a complete solution. Choose all that apply.

• A. It develops work breakdown structures and statements of work.
• B. It establishes and maintains configuration management of the system.
• C. It develops needed user training equipment, procedures, and data.
• D. It provides high-quality products and services, with the correct people and performance features, at an affordable price, and on time.

Answer: ABC

NEW QUESTION 9
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires basic integrity and availability

• A. MAC I
• B. MAC II
• C. MAC IV
• D. MAC III

Answer: D

NEW QUESTION 10
Which of the following protocols is built in the Web server and browser to encrypt data traveling over the Internet

• A. UDP
• B. SSL
• C. IPSec
• D. HTTP

Answer: B

NEW QUESTION 11
Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities

• A. Advisory memoranda
• B. Directives
• C. Instructions
• D. Policies

Answer: D

NEW QUESTION 12
The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on behalf of the performing organization. Which one of the following is NOT an example of the transference risk response

• A. Warranties
• B. Performance bonds
• C. Use of insurance
• D. Life cycle costing

Answer: D

NEW QUESTION 13
Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs

• A. User representative
• B. DAA
• C. Certification Agent
• D. IS program manager

Answer: D

NEW QUESTION 14
Fill in the blank with an appropriate phrase. The process is used for allocating performance and designing the requirements to each function.

• A. functional allocation

Answer: A

NEW QUESTION 15
Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A) Each correct answer represents a complete solution. Choose all that apply.

• A. NIST Special Publication 800-59
• B. NIST Special Publication 800-60
• C. NIST Special Publication 800-37A
• D. NIST Special Publication 800-37
• E. NIST Special Publication 800-53
• F. NIST Special Publication 800-53A

Answer: ABDEF

NEW QUESTION 16
Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions

• A. DTIC
• B. NSA IAD
• C. DIAP
• D. DARPA

Answer: B