CISSP-ISSEP : Information Systems Security Engineering Professional : Part 04

CISSP-ISSEP : Information Systems Security Engineering Professional : Part 04

  1. Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

    • Parkerian Hexad
    • Five Pillars model 
    • Capability Maturity Model (CMM)
    • Classic information security model

  2. A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies Each correct answer represents a complete solution. Choose all that apply.

    • Regulatory
    • Advisory
    • Systematic
    • Informative

  3. Which of the following agencies provides command and control capabilities and enterprise infrastructure to continuously operate and assure a global net-centric enterprise in direct support to joint warfighters, National level leaders, and other mission and coalition partners across the full spectrum of operations

    • DARPA
    • DTIC
    • DISA 
    • DIAP

  4. You work as a systems engineer for BlueWell Inc. You want to communicate the quantitative and qualitative system characteristics to all stakeholders. Which of the following documents will you use to achieve the above task

    • IMM
    • CONOPS 
    • IPP
    • System Security Context

  5. Which of the following terms describes the measures that protect and support information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

    • Information Systems Security Engineering (ISSE)
    • Information Protection Policy (IPP)
    • Information systems security (InfoSec)
    • Information Assurance (IA)

  6. Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information

    • NSTISSP No. 11
    • NSTISSP No. 101
    • NSTISSP No. 7
    • NSTISSP No. 6

  7. Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States

    • Lanham Act
    • FISMA 
    • Computer Fraud and Abuse Act
    • Computer Misuse Act

  8. Which of the following are the major tasks of risk management Each correct answer represents a complete solution. Choose two.

    • Risk identification 
    • Building Risk free systems
    • Assuring the integrity of organizational data
    • Risk control

  9. Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information 

    • Type III cryptography
    • Type III (E) cryptography
    • Type II cryptography
    • Type I cryptography

  10. Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities

    • Advisory memoranda
    • Directives
    • Instructions
    • Policies

  11. Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions

    • DTIC
    • NSA IAD
    • DIAP
    • DARPA

  12. Continuous Monitoring is the fourth phase of the security certification and accreditation process. What activities are performed in the Continuous Monitoring process Each correct answer represents a complete solution. Choose all that apply. 

    • Status reporting and documentation
    • Security control monitoring and impact analyses of changes to the information system
    • Configuration management and control
    • Security accreditation documentation E. Security accreditation decision

  13. You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control

    • Quantitative risk analysis
    • Risk audits
    • Requested changes 
    • Qualitative risk analysis

  14. Which of the following security controls will you use for the deployment phase of the SDLC to build secure software Each correct answer represents a complete solution. Choose all that apply.

    • Risk Adjustments
    • Security Certification and Accreditation (C&A)
    • Vulnerability Assessment and Penetration Testing
    • Change and Configuration Control

  15. Which of the following are the benefits of SE as stated by MIL-STD-499B Each correct answer represents a complete solution. Choose all that apply. 

    • It develops work breakdown structures and statements of work.
    • It establishes and maintains configuration management of the system.
    • It develops needed user training equipment, procedures, and data.
    • It provides high-quality products and services, with the correct people and performance features, at an affordable price, and on time.

  16. Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted as a Federal Information Processing Standard

    • Type III (E) cryptography
    • Type III cryptography 
    • Type I cryptography
    • Type II cryptography

  17. Which of the following are the functional analysis and allocation tools Each correct answer represents a complete solution. Choose all that apply.

    • Functional flow block diagram (FFBD) 
    • Activity diagram
    • Timeline analysis diagram
    • Functional hierarchy diagram

  18. Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system

    • Data security requirement 
    • Network connection rule
    • Applicable instruction or directive
    • Security concept of operation

  19. John works as a security engineer for BlueWell Inc. He wants to identify the different functions that the system will need to perform to meet the documented missionbusiness needs. Which of the following processes will John use to achieve the task

    • Modes of operation
    • Performance requirement
    • Functional requirement 
    • Technical performance measures

  20. Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production Each correct answer represents a part of the solution. Choose all that apply.

    • Office of Management and Budget (OMB)
    • NIST
    • FISMA 
    • FIPS
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments