ISC2 CISSP-ISSEP Free Practice Questions

NEW QUESTION 1
Which of the following federal laws establishes roles and responsibilities for information security, risk management, testing, and training, and authorizes NIST and NSA to provide guidance for security planning and implementation

• A. Computer Fraud and Abuse Act
• B. Government Information Security Reform Act (GISRA)
• C. Federal Information Security Management Act (FISMA)
• D. Computer Security Act

Answer: B

NEW QUESTION 2
Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task

• A. Security Certification
• B. Security Accreditation
• C. Initiation
• D. Continuous Monitoring

Answer: D

NEW QUESTION 3
FIPS 199 defines the three levels of potential impact on organizations. Which of the following potential impact levels shows limited adverse effects on organizational operations, organizational assets, or individuals

• A. Moderate
• B. Medium
• C. High
• D. Low

Answer: D

NEW QUESTION 4
Which of the following categories of system specification describes the technical, performance, operational, maintenance, and support characteristics for the entire system

• A. Process specification
• B. Product specification
• C. Development specification
• D. System specification

Answer: D

NEW QUESTION 5
You work as an ISSE for BlueWell Inc. You want to break down user roles, processes, and information until ambiguity is reduced to a satisfactory degree. Which of the following tools will help you to perform the above task

• A. PERT Chart
• B. Gantt Chart
• C. Functional Flow Block Diagram
• D. Information Management Model (IMM)

Answer: D

NEW QUESTION 6
According to which of the following DoD policies, the implementation of DITSCAP is mandatory for all the systems that process both DoD classified and unclassified information?

• A. DoD 8500.2
• B. DoDI 5200.40
• C. DoD 8510.1-M DITSCAP
• D. DoD 8500.1 (IAW)

Answer: D

NEW QUESTION 7
Which of the following Net-Centric Data Strategy goals are required to increase enterprise and community data over private user and system data Each correct answer represents a complete solution. Choose all that apply.

• A. Understandability
• B. Visibility
• C. Interoperability
• D. Accessibility

Answer: BD

NEW QUESTION 8
John works as a security engineer for BlueWell Inc. He wants to identify the different functions that the system will need to perform to meet the documented missionbusiness needs. Which of the following processes will John use to achieve the task

• A. Modes of operation
• B. Performance requirement
• C. Functional requirement
• D. Technical performance measures

Answer: C

NEW QUESTION 9
The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer Each correct answer represents a complete solution. Choose all that apply.

• A. Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan
• B. Preserving high-level communications and working group relationships in an organization
• C. Establishing effective continuous monitoring program for the organization
• D. Facilitating the sharing of security risk-related information among authorizing officials

Answer: ABC

NEW QUESTION 10
Which of the following are the subtasks of the Define Life-Cycle Process Concepts task Each correct answer represents a complete solution. Choose all that apply.

• A. Training
• B. Personnel
• C. Control
• D. Manpower

Answer: ABD

NEW QUESTION 11
The DoD 8500 policy series represents the Department's information assurance strategy. Which of the following objectives are defined by the DoD 8500 series Each correct answer represents a complete solution. Choose all that apply.

• A. Providing IA Certification and Accreditation
• B. Providing command and control and situational awareness
• C. Defending systems
• D. Protecting information

Answer: BCD

NEW QUESTION 12
Which of the following are the functional analysis and allocation tools Each correct answer represents a complete solution. Choose all that apply.

• A. Functional flow block diagram (FFBD)
• B. Activity diagram
• C. Timeline analysis diagram
• D. Functional hierarchy diagram

Answer: ACD

NEW QUESTION 13
Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support

• A. Registration Task 4
• B. Registration Task 1
• C. Registration Task 3
• D. Registration Task 2

Answer: D

NEW QUESTION 14
Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system

• A. Security Control Assessment Task 4
• B. Security Control Assessment Task 3
• C. Security Control Assessment Task 1
• D. Security Control Assessment Task 2

Answer: C

NEW QUESTION 15
An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official Each correct answer represents a complete solution. Choose all that apply.

• A. Ascertaining the security posture of the organization's information system
• B. Reviewing security status reports and critical security documents
• C. Determining the requirement of reauthorization and reauthorizing information systems when required
• D. Establishing and implementing the organization's continuous monitoring program

Answer: ABC

NEW QUESTION 16
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed

• A. Level 4
• B. Level 5
• C. Level 1
• D. Level 2
• E. Level 3

Answer: A