CISSP-ISSEP : Information Systems Security Engineering Professional : Part 01

CISSP-ISSEP : All Parts

CISSP-ISSEP : Information Systems Security Engineering Professional : All Parts
CISSP-ISSEP Part 01	CISSP-ISSEP Part 04	CISSP-ISSEP Part 07	CISSP-ISSEP Part 10
CISSP-ISSEP Part 02	CISSP-ISSEP Part 05	CISSP-ISSEP Part 08	CISSP-ISSEP Part 11
CISSP-ISSEP Part 03	CISSP-ISSEP Part 06	CISSP-ISSEP Part 09

Which of the following describes a residual risk as the risk remaining after a risk mitigation has occurred
- SSAA
- ISSO
- DAA
- DIACAP
Which of the following organizations assists the President in overseeing the preparation of the federal budget and to supervise its administration in Executive Branch agencies
- NSACSS
- OMB
- DCAA
- NIST
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy Each correct answer represents a part of the solution. Choose all that apply.
- What is being secured
- Who is expected to comply with the policy
- Where is the vulnerability, threat, or risk
- Who is expected to exploit the vulnerability
Which of the CNSS policies describes the national policy on certification and accreditation of national security telecommunications and information systems
- NSTISSP No. 7
- NSTISSP No. 11
- NSTISSP No. 6
- NSTISSP No. 101
SIMULATION

Fill in the blanks with an appropriate phrase. The______________ is the process of translating system requirements into detailed function criteri a.
- functional analysis
Della works as a systems engineer for BlueWell Inc. She wants to convert system requirements into a comprehensive function standard, and break the higher-level functions into lower-level functions. Which of the following processes will Della use to accomplish the task
- Risk analysis
- Functional allocation
- Functional analysis
- Functional baseline
Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy
- Trusted computing base (TCB)
- Common data security architecture (CDSA)
- Internet Protocol Security (IPSec)
- Application program interface (API)
Which of the following are the ways of sending secure e-mail messages over the Internet Each correct answer represents a complete solution. Choose two.
- PGP
- SMIME
- TLS
- IPSec
Which of the following DITSCAPNIACAP model phases is used to confirm that the evolving system development and integration complies with the agreements between role players documented in the first phase
- Verification
- Validation
- Post accreditation
- Definition
Which of the following are the phases of the Certification and Accreditation (C&A) process Each correct answer represents a complete solution. Choose two.
- Auditing
- Initiation
- Continuous Monitoring
- Detection
You have been tasked with finding an encryption methodology that will encrypt most types of email attachments. The requirements are that your solution must use the RSA algorithm. Which of the following is your best choice
- PGP
- SMIME
- DES
- Blowfish
Which of the following categories of system specification describes the technical, performance, operational, maintenance, and support characteristics for the entire system
- Process specification
- Product specification
- Development specification
- System specification
Which of the following memorandums directs the Departments and Agencies to post clear privacy policies on World Wide Web sites, and provides guidance for doing it
- OMB M-99-18
- OMB M-00-13
- OMB M-03-19
- OMB M-00-07
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event
- Earned value management
- Risk audit
- Corrective action
- Technical performance measurement
Which of the following terms describes the security of an information system against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users or the provision of service to unauthorized users
- Information Assurance (IA)
- Information Systems Security Engineering (ISSE)
- Information Protection Policy (IPP)
- Information systems security (InfoSec)
Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment
- Phase 4
- Phase 2
- Phase 1
- Phase 3
Which of the following certification levels requires the completion of the minimum security checklist and more in-depth, independent analysis
- CL 3
- CL 4
- CL 2
- CL 1
Which of the following sections of the SEMP template defines the project constraints, to include constraints on funding, personnel, facilities, manufacturing capability and capacity, critical resources, and other constraints
- Section 3.1.5
- Section 3.1.8
- Section 3.1.9
- Section 3.1.7
Which of the following CNSS policies describes the national policy on use of cryptomaterial by activities operating in high risk environments
- CNSSP No. 14
- NCSC No. 5
- NSTISSP No. 6
- NSTISSP No. 7
In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47 does the participating organizations perform the following tasks Perform preliminary activities. Examine all relevant technical, security and administrative issues. Form an agreement governing the management, operation, and use of the interconnection.
- Establishing the interconnection
- Disconnecting the interconnection
- Planning the interconnection
- Maintaining the interconnection

CISSP-ISSEP : All Parts

CISSP-ISSEP : Information Systems Security Engineering Professional : All Parts
CISSP-ISSEP Part 01	CISSP-ISSEP Part 04	CISSP-ISSEP Part 07	CISSP-ISSEP Part 10
CISSP-ISSEP Part 02	CISSP-ISSEP Part 05	CISSP-ISSEP Part 08	CISSP-ISSEP Part 11
CISSP-ISSEP Part 03	CISSP-ISSEP Part 06	CISSP-ISSEP Part 09

CISSP-ISSEP : Information Systems Security Engineering Professional : Part 01

Which of the following describes a residual risk as the risk remaining after a risk mitigation has occurred

Which of the following organizations assists the President in overseeing the preparation of the federal budget and to supervise its administration in Executive Branch agencies

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy Each correct answer represents a part of the solution. Choose all that apply.

Which of the CNSS policies describes the national policy on certification and accreditation of national security telecommunications and information systems

SIMULATION

Della works as a systems engineer for BlueWell Inc. She wants to convert system requirements into a comprehensive function standard, and break the higher-level functions into lower-level functions. Which of the following processes will Della use to accomplish the task

Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy

Which of the following are the ways of sending secure e-mail messages over the Internet Each correct answer represents a complete solution. Choose two.

Which of the following DITSCAPNIACAP model phases is used to confirm that the evolving system development and integration complies with the agreements between role players documented in the first phase

Which of the following are the phases of the Certification and Accreditation (C&A) process Each correct answer represents a complete solution. Choose two.

You have been tasked with finding an encryption methodology that will encrypt most types of email attachments. The requirements are that your solution must use the RSA algorithm. Which of the following is your best choice

Which of the following categories of system specification describes the technical, performance, operational, maintenance, and support characteristics for the entire system

Which of the following memorandums directs the Departments and Agencies to post clear privacy policies on World Wide Web sites, and provides guidance for doing it

Which of the following terms describes the security of an information system against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users or the provision of service to unauthorized users

Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment

Which of the following certification levels requires the completion of the minimum security checklist and more in-depth, independent analysis

Which of the following sections of the SEMP template defines the project constraints, to include constraints on funding, personnel, facilities, manufacturing capability and capacity, critical resources, and other constraints

Which of the following CNSS policies describes the national policy on use of cryptomaterial by activities operating in high risk environments