CISSP-ISSEP : Information Systems Security Engineering Professional : Part 05
-
There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event
- Acceptance
- Enhance
- Share
- Exploit
-
Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task
- Security Certification
- Security Accreditation
- Initiation
- Continuous Monitoring
-
Which of the following elements of Registration task 4 defines the operating system, database management system, and software applications, and how they will be used
- System firmware
- System interface
- System software
- System hardware
-
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3 Each correct answer represents a complete solution. Choose all that apply.
- Agree on a strategy to mitigate risks.
- Evaluate mitigation progress and plan next assessment.
- Identify threats, vulnerabilities, and controls that will be evaluated.
- Document and implement a mitigation plan.
-
Which of the following rated systems of the Orange book has mandatory protection of the TCB
- C-rated
- B-rated
- D-rated
- A-rated
-
Which of the following individuals is an upper-level manager who has the power and capability to evaluate the mission, business case, and budgetary needs of the system while also considering the security risks
- User Representative
- Program Manager
- Certifier
- DAA
-
Which of the following types of CNSS issuances establishes or describes policy and programs, provides authority, or assigns responsibilities
- Instructions
- Directives
- Policies
- Advisory memoranda
-
Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual
- DoD 8910.1
- DoD 7950.1-M
- DoD 5200.22-M
- DoD 5200.1-R
- DoDD 8000.1
-
Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards Each correct answer represents a complete solution. Choose all that apply.
- CA Certification, Accreditation, and Security Assessments
- Information systems acquisition, development, and maintenance
- IR Incident Response
- SA System and Services Acquisition
-
Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives
- NIST SP 800-53A
- NIST SP 800-37
- NIST SP 800-53
- NIST SP 800-26
- NIST SP 800-59
- NIST SP 800-60
-
Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology systems and architectures and of the decision criteria which is used to evaluate security for information systems investments
- OMB M-00-13
- OMB M-99-18
- OMB M-00-07
- OMB M-03-19
-
Which of the following is the application of statistical methods to the monitoring and control of a process to ensure that it operates at its full potential to produce conforming product
- Information Assurance (IA)
- Statistical process control (SPC)
- Information Protection Policy (IPP)
- Information management model (IMM)
-
Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation
- Chief Information Officer
- Chief Information Security Officer
- Chief Risk Officer
- Information System Owner
-
Which of the following is the acronym of RTM
- Resource tracking method
- Requirements Testing Matrix
- Requirements Traceability Matrix
- Resource timing method
-
Which of the following are the subtasks of the Define Life-Cycle Process Concepts task Each correct answer represents a complete solution. Choose all that apply.
- Training
- Personnel
- Control
- Manpower
-
Which of the following firewall types operates at the Network layer of the OSI model and can filter data by port, interface address, source address, and destination address
- Circuit-level gateway
- Application gateway
- Proxy server
- Packet Filtering
-
Which of the following federal agencies coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produces foreign intelligence information
- National Institute of Standards and Technology (NIST)
- National Security AgencyCentral Security Service (NSACSS)
- Committee on National Security Systems (CNSS)
- United States Congress
-
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires high integrity and medium availability
- MAC I
- MAC II
- MAC III
- MAC IV
-
Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident
- Corrective controls
- Safeguards
- Detective controls
- Preventive controls
-
You work as a systems engineer for BlueWell Inc. You want to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. Which of the following processes will you use to accomplish the task
- Information Assurance (IA)
- Risk Management
- Risk Analysis
- Information Systems Security Engineering (ISSE)
Subscribe
0 Comments
Newest