CISSP-ISSEP : Information Systems Security Engineering Professional : Part 03

CISSP-ISSEP : Information Systems Security Engineering Professional : Part 03

  1. SIMULATION

    Fill in the blank with an appropriate phrase. The ______________ process is used for allocating performance and designing the requirements to each function.

    • functional allocation

  2. SIMULATION

    Fill in the blank with an appropriate phrase. _________________ is used to verify and accredit systems by making a standard process, set of activities, general tasks, and management structure.

    • DITSCAPNIACAP

  3. Which of the following DoD policies establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels

    • DoD 8500.1 Information Assurance (IA)
    • DoD 8500.2 Information Assurance Implementation 
    • DoDI 5200.40
    • DoD 8510.1-M DITSCAP

  4. Which of the following CNSS policies describes the national policy on securing voice communications 

    • NSTISSP No. 6
    • NSTISSP No. 7
    • NSTISSP No. 101 
    • NSTISSP No. 200

  5. System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan Each correct answer represents a part of the solution. Choose all that apply.

    • Certification
    • Authorization
    • Post-certification
    • Post-Authorization
    • Pre-certification

  6. Which of the following tasks describes the processes required to ensure that the project includes all the work required, and only the work required, to complete the project successfully

    • Identify Roles and Responsibilities
    • Develop Project Schedule
    • Identify Resources and Availability
    • Estimate project scope

  7. Which of the following processes describes the elements such as quantity, quality, coverage, timelines, and availability, and categorizes the different functions that the system will need to perform in order to gather the documented missionbusiness needs 

    • Functional requirements 
    • Operational scenarios
    • Human factors
    • Performance requirements

  8. Which of the following Net-Centric Data Strategy goals are required to increase enterprise and community data over private user and system data Each correct answer represents a complete solution. Choose all that apply.

    • Understandability
    • Visibility 
    • Interoperability
    • Accessibility

  9. Which of the following phases of the ISSE model is used to determine why the system needs to be built and what information needs to be protected

    • Develop detailed security design
    • Define system security requirements
    • Discover information protection needs 
    • Define system security architecture

  10. Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls

    • IATO 
    • DATO
    • ATO
    • IATT

  11. The Concept of Operations (CONOPS) is a document describing the characteristics of a proposed system from the viewpoint of an individual who will use that system. Which of the following points are included in CONOPS Each correct answer represents a complete solution. Choose all that apply.

    • Strategies, tactics, policies, and constraints affecting the system
    • Organizations, activities, and interactions among participants and stakeholders
    • Statement of the structure of the system
    • Clear statement of responsibilities and authorities delegated
    • Statement of the goals and objectives of the system

  12. Which of the following types of CNSS issuances describes how to implement the policy or prescribes the manner of a policy

    • Advisory memoranda
    • Instructions 
    • Policies
    • Directives

  13. Which of the following acts assigns the Chief Information Officers (CIO) with the responsibility to develop Information Technology Architectures (ITAs) and is also referred to as the Information Technology Management Reform Act (ITMRA) 

    • Paperwork Reduction Act
    • Computer Misuse Act
    • Lanham Act
    • Clinger Cohen Act

  14. Which of the following individuals reviews and approves project deliverables from a QA perspective

    • Information systems security engineer
    • System owner
    • Quality assurance manager 
    • Project manager

  15. FIPS 199 defines the three levels of potential impact on organizations low, moderate, and high. Which of the following are the effects of loss of confidentiality, integrity, or availability in a high level potential impact

    • The loss of confidentiality, integrity, or availability might cause severe degradation in or loss of mission capability to an extent.
    • The loss of confidentiality, integrity, or availability might result in major financial losses.
    • The loss of confidentiality, integrity, or availability might result in a major damage to organizational assets.
    • The loss of confidentiality, integrity, or availability might result in severe damages like life threatening injuries or loss of life.

  16. The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation Each correct answer represents a complete solution. Choose all that apply.

    • Type accreditation
    • Site accreditation
    • System accreditation
    • Secure accreditation

  17. You work as an ISSE for BlueWell Inc. You want to break down user roles, processes, and information until ambiguity is reduced to a satisfactory degree. Which of the following tools will help you to perform the above task

    • PERT Chart
    • Gantt Chart
    • Functional Flow Block Diagram
    • Information Management Model (IMM)

  18. Which of the following DoD policies establishes policies and assigns responsibilities to achieve DoD IA through a defense-in-depth approach that integrates the capabilities of personnel, operations, and technology, and supports the evolution to network-centric warfare

    • DoD 8500.2 Information Assurance Implementation
    • DoD 8510.1-M DITSCAP
    • DoDI 5200.40
    • DoD 8500.1 Information Assurance (IA)

  19. Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems

    • Computer Fraud and Abuse Act 
    • Computer Security Act
    • Gramm-Leach-Bliley Act
    • Digital Millennium Copyright Act

  20. Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply. 

    • Chief Information Officer
    • AO Designated Representative
    • Senior Information Security Officer
    • User Representative
    • Authorizing Official
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments