Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

ISSEP Questions and Answers

Question # 6

Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality

A.

Information Protection Policy (IPP)

B.

IMM

C.

System Security Context

D.

CONOPS

Full Access
Question # 7

In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47, do the organizations build and execute a plan for establishing the interconnection, including executing or configuring appropriate security controls

A.

Establishing the interconnection

B.

Planning the interconnection

C.

Disconnecting the interconnection

D.

Maintaining the interconnection

Full Access
Question # 8

Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities

A.

Advisory memoranda

B.

Directives

C.

Instructions

D.

Policies

Full Access
Question # 9

You work as a security engineer for BlueWell Inc. According to you, which of the following DITSCAPNIACAP model phases occurs at the initiation of the project, or at the initial C&A effort of a legacy system

A.

Post Accreditation

B.

Definition

C.

Verification

D.

Validation

Full Access
Question # 10

Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

A.

Parkerian Hexad

B.

Five Pillars model

C.

Capability Maturity Model (CMM)

D.

Classic information security model

Full Access
Question # 11

Which of the following cooperative programs carried out by NIST encourages performance excellence among U.S. manufacturers, service companies, educational institutions, and healthcare providers

A.

Manufacturing Extension Partnership

B.

Baldrige National Quality Program

C.

Advanced Technology Program

D.

NIST Laboratories

Full Access
Question # 12

Which of the following configuration management system processes defines which items will be configuration managed, how they are to be identified, and how they are to be documented

A.

Configuration verification and audit

B.

Configuration control

C.

Configuration status accounting

D.

Configuration identification

Full Access
Question # 13

You work as a systems engineer for BlueWell Inc. You want to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. Which of the following processes will you use to accomplish the task

A.

Information Assurance (IA)

B.

Risk Management

C.

Risk Analysis

D.

Information Systems Security Engineering (ISSE)

Full Access
Question # 14

Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information

A.

Federal Information Processing Standard (FIPS)

B.

Special Publication (SP)

C.

NISTIRs (Internal Reports)

D.

DIACAP by the United States Department of Defense (DoD)

Full Access
Question # 15

Which of the following is a subset discipline of Corporate Governance focused on information security systems and their performance and risk management

A.

Computer Misuse Act

B.

Clinger-Cohen Act

C.

ISG

D.

Lanham Act

Full Access
Question # 16

FIPS 199 defines the three levels of potential impact on organizations. Which of the following potential impact levels shows limited adverse effects on organizational operations, organizational assets, or individuals

A.

Moderate

B.

Medium

C.

High

D.

Low

Full Access
Question # 17

Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy

A.

Trusted computing base (TCB)

B.

Common data security architecture (CDSA)

C.

Internet Protocol Security (IPSec)

D.

Application program interface (API)

Full Access
Question # 18

Which of the following configuration management system processes keeps track of the changes so that the latest acceptable configuration specifications are readily available

A.

Configuration Identification

B.

Configuration Verification and Audit

C.

Configuration Status and Accounting

D.

Configuration Control

Full Access
Question # 19

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation Each correct answer represents a complete solution. Choose all that apply.

A.

Type accreditation

B.

Site accreditation

C.

System accreditation

D.

Secure accreditation

Full Access
Question # 20

You work as a security engineer for BlueWell Inc. According to you, which of the following statements determines the main focus of the ISSE process

A.

Design information systems that will meet the certification and accreditation documentation.

B.

Identify the information protection needs.

C.

Ensure information systems are designed and developed with functional relevance.

D.

Instruct systems engineers on availability, integrity, and confidentiality.

Full Access
Question # 21

Which of the following terms describes the security of an information system against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users or the provision of service to unauthorized users

A.

Information Assurance (IA)

B.

Information Systems Security Engineering (ISSE)

C.

Information Protection Policy (IPP)

D.

Information systems security (InfoSec)

Full Access
Question # 22

Choose and reorder the steps to built the system security architectures in accordance with the DoDAF.

A.

Full Access
Question # 23

Which of the following individuals reviews and approves project deliverables from a QA perspective

A.

Information systems security engineer

B.

System owner

C.

Quality assurance manager

D.

Project manager

Full Access
Question # 24

Which of the following roles is also known as the accreditor

A.

Data owner

B.

Chief Information Officer

C.

Chief Risk Officer

D.

Designated Approving Authority

Full Access
Question # 25

Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual

A.

DoD 8910.1

B.

DoD 7950.1-M

C.

DoD 5200.22-M

D.

DoD 5200.1-R

E.

DoDD 8000.1

Full Access
Question # 26

Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology systems and architectures and of the decision criteria which is used to evaluate security for information systems investments

A.

OMB M-00-13

B.

OMB M-99-18

C.

OMB M-00-07

D.

OMB M-03-19

Full Access
Question # 27

Which of the of following departments protects and supports DoD information, information systems, and information networks that are critical to the department and the armed forces during the day-to-day operations, and in the time of crisis

A.

DIAP

B.

DARPA

C.

DTIC

D.

DISA

Full Access
Question # 28

There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event

A.

Acceptance

B.

Enhance

C.

Share

D.

Exploit

Full Access
Question # 29

Which of the following responsibilities are executed by the federal program manager

A.

Ensure justification of expenditures and investment in systems engineering activities.

B.

Coordinate activities to obtain funding.

C.

Review project deliverables.

D.

Review and approve project plans.

Full Access
Question # 30

Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense

A.

DoD 5200.22-M

B.

DoD 8910.1

C.

DoD 5200.40

D.

DoD 8000.1

Full Access
Question # 31

Drag and drop the correct DoD Policy Series at their appropriate places.

A.

Full Access
Question # 32

The ISSE model adds a security element into each phase of the system life cycle. Choose and reorder the phases of the ISSE model in which they occur.

A.

Full Access