ISC2 CISSP-ISSEP Free Practice Questions

NEW QUESTION 1
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event

• A. Earned value management
• B. Risk audit
• C. Corrective action
• D. Technical performance measurement

Answer: C

NEW QUESTION 2
Which of the following processes describes the elements such as quantity, quality, coverage, timelines, and availability, and categorizes the different functions that the system will need to perform in order to gather the documented missionbusiness needs

• A. Functional requirements
• B. Operational scenarios
• C. Human factors
• D. Performance requirements

Answer: A

NEW QUESTION 3
Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system

• A. Phase 3
• B. Phase 2
• C. Phase 4
• D. Phase 1

Answer: B

NEW QUESTION 4
Which of the following characteristics are described by the DIAP Information Readiness Assessment function Each correct answer represents a complete solution. Choose all that apply.

• A. It performs vulnerabilitythreat analysis assessment.
• B. It provides for entry and storage of individual system data.
• C. It provides data needed to accurately assess IA readiness.
• D. It identifies and generates IA requirements.

Answer: ACD

NEW QUESTION 5
Which of the following organizations is a USG initiative designed to meet the security testing, evaluation, and assessment needs of both information technology (IT) producers and consumers

• A. NSA
• B. NIST
• C. CNSS
• D. NIAP

Answer: D

NEW QUESTION 6
You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation of Federal Information Systems

• A. NIST Special Publication 800-59
• B. NIST Special Publication 800-37
• C. NIST Special Publication 800-60
• D. NIST Special Publication 800-53

Answer: B

NEW QUESTION 7
Which of the following agencies serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related information available today

• A. DISA
• B. DIAP
• C. DTIC
• D. DARPA

Answer: C

NEW QUESTION 8
Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site

• A. ASSET
• B. NSA-IAM
• C. NIACAP
• D. DITSCAP

Answer: C

NEW QUESTION 9
NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews

• A. Abbreviated
• B. Significant
• C. Substantial
• D. Comprehensive

Answer: A

NEW QUESTION 10
Which of the following organizations assists the President in overseeing the preparation of the federal budget and to supervise its administration in Executive Branch agencies

• A. NSACSS
• B. OMB
• C. DCAA
• D. NIST

Answer: B

NEW QUESTION 11
Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators

• A. ISO 90012000
• B. Benchmarking
• C. SEI-CMM
• D. Six Sigma

Answer: A

NEW QUESTION 12
Which of the following individuals is responsible for the oversight of a program that is supported by a team of people that consists of, or be exclusively comprised of contractors

• A. Quality Assurance Manager
• B. Senior Analyst
• C. System Owner
• D. Federal program manager

Answer: D

NEW QUESTION 13
Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply.

• A. Chief Information Officer
• B. AO Designated Representative
• C. Senior Information Security Officer
• D. User Representative
• E. Authorizing Official

Answer: ABCE

NEW QUESTION 14
Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats

• A. System Security Context
• B. Information Protection Policy (IPP)
• C. CONOPS
• D. IMM

Answer: B

NEW QUESTION 15
Which of the following refers to a process that is used for implementing information security

• A. Classic information security model
• B. Certification and Accreditation (C&A)
• C. Information Assurance (IA)
• D. Five Pillars model

Answer: B

NEW QUESTION 16
Which of the following documents is described in the statement below It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning.

• A. Risk management plan
• B. Project charter
• C. Quality management plan
• D. Risk register

Answer: D