ISC2 CISSP-ISSEP Free Practice Questions

NEW QUESTION 1
Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one

• A. Configuration Item Costing
• B. Configuration Identification
• C. Configuration Verification and Auditing
• D. Configuration Status Accounting

Answer: A

NEW QUESTION 2
You work as a systems engineer for BlueWell Inc. You are working on translating system requirements into detailed function criteria. Which of the following diagrams will help you to show all of the function requirements and their groupings in one diagram

• A. Activity diagram
• B. Functional flow block diagram (FFBD)
• C. Functional hierarchy diagram
• D. Timeline analysis diagram

Answer: C

NEW QUESTION 3
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and
telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation Each correct answer represents a complete solution. Choose all that apply.

• A. Type accreditation
• B. Site accreditation
• C. System accreditation
• D. Secure accreditation

Answer: ABC

NEW QUESTION 4
Which of the following is a document, usually in the form of a table, that correlates any two baseline documents that require a many-to-many relationship to determine the completeness of the relationship

• A. FIPS 200
• B. NIST SP 800-50
• C. Traceability matrix
• D. FIPS 199

Answer: C

NEW QUESTION 5
Which of the following responsibilities are executed by the federal program manager

• A. Ensure justification of expenditures and investment in systems engineering activities.
• B. Coordinate activities to obtain funding.
• C. Review project deliverables.
• D. Review and approve project plans.

Answer: ABD

NEW QUESTION 6
Which of the following cooperative programs carried out by NIST conducts research to advance the nation's technology infrastructure

• A. Manufacturing Extension Partnership
• B. NIST Laboratories
• C. Baldrige National Quality Program
• D. Advanced Technology Program

Answer: B

NEW QUESTION 7
Which of the following individuals reviews and approves project deliverables from a QA perspective

• A. Information systems security engineer
• B. System owner
• C. Quality assurance manager
• D. Project manager

Answer: C

NEW QUESTION 8
Which of the following processes illustrate the study of a technical nature of interest to focused audience, and consist of interim or final reports on work made by NIST for external
sponsors, including government and non-government sponsors

• A. Federal Information Processing Standards (FIPS)
• B. Special Publication (SP)
• C. NISTIRs (Internal Reports)
• D. DIACAP

Answer: C

NEW QUESTION 9
Which of the following is NOT used in the practice of Information Assurance (IA) to define assurance requirements

• A. Classic information security model
• B. Five Pillars model
• C. Communications Management Plan
• D. Parkerian Hexad

Answer: C

NEW QUESTION 10
What are the responsibilities of a system owner Each correct answer represents a complete solution. Choose all that apply.

• A. Integrates security considerations into application and system purchasing decisions and development projects.
• B. Ensures that the necessary security controls are in place.
• C. Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on.
• D. Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.

Answer: ACD

NEW QUESTION 11
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199 Each correct answer represents a complete solution. Choose all that apply.

• A. High
• B. Medium
• C. Low
• D. Moderate

Answer: ABC

NEW QUESTION 12
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems

• A. SSAA
• B. FITSAF
• C. FIPS
• D. TCSEC

Answer: A

NEW QUESTION 13
What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

• A. Develop DIACAP strategy.
• B. Initiate IA implementation plan.
• C. Conduct validation activity.
• D. Assemble DIACAP team.
• E. Register system with DoD Component IA Program.
• F. Assign IA controls.

Answer: ABDEF

NEW QUESTION 14
Which of the following elements are described by the functional requirements task Each correct answer represents a complete solution. Choose all that apply.

• A. Coverage
• B. Accuracy
• C. Quality
• D. Quantity

Answer: ACD

NEW QUESTION 15
You work as a systems engineer for BlueWell Inc. You want to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. Which of the following processes will you use to accomplish the task

• A. Information Assurance (IA)
• B. Risk Management
• C. Risk Analysis
• D. Information Systems Security Engineering (ISSE)

Answer: A

NEW QUESTION 16
You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of the following tests will help you to perform the above task

• A. Functional test
• B. Reliability test
• C. Performance test
• D. Regression test

Answer: A