CISSP-ISSEP : Information Systems Security Engineering Professional : Part 07

CISSP-ISSEP : Information Systems Security Engineering Professional : Part 07

  1. What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

    • Conduct activities related to the disposition of the system data and objects.
    • Combine validation results in DIACAP scorecard.
    • Conduct validation activities.
    • Execute and update IA implementation plan.

  2. Which of the following assessment methodologies defines a six-step technical security evaluation

    • FITSAF
    • OCTAVE
    • FIPS 102 
    • DITSCAP

  3. Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system

    • System Owner
    • Information Systems Security Officer (ISSO)
    • Designated Approving Authority (DAA) 
    • Chief Information Security Officer (CISO)

  4. You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A methodology, which is based on four well defined phases. In which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occur

    • Continuous Monitoring
    • Initiation 
    • Security Certification
    • Security Accreditation

  5. Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response. Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created

    • The level of detail must define exactly the risk response for each identified risk.
    • The level of detail is set of project risk governance.
    • The level of detail is set by historical information.
    • The level of detail should correspond with the priority ranking.

  6. Which of the following memorandums reminds the Federal agencies that it is required by law and policy to establish clear privacy policies for Web activities and to comply with those policies

    • OMB M-01-08
    • OMB M-03-19
    • OMB M-00-07
    • OMB M-00-13

  7. Which of the following cooperative programs carried out by NIST conducts research to advance the nation’s technology infrastructure

    • Manufacturing Extension Partnership
    • NIST Laboratories 
    • Baldrige National Quality Program
    • Advanced Technology Program

  8. You work as a system engineer for BlueWell Inc. Which of the following documents will help you to describe the detailed plans, procedures, and schedules to guide the transition process

    • Configuration management plan
    • Transition plan
    • Systems engineering management plan (SEMP)
    • Acquisition plan

  9. You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of the following tests will help you to perform the above task

    • Functional test 
    • Reliability test
    • Performance test
    • Regression test

  10. Which of the following agencies serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related information available today

    • DISA
    • DIAP
    • DTIC
    • DARPA

  11. Which of the following principles are defined by the IATF model Each correct answer represents a complete solution. Choose all that apply.

    • The degree to which the security of the system, as it is defined, designed, and implemented, meets the security needs.
    • The problem space is defined by the customer’s mission or business needs.
    • The systems engineer and information systems security engineer define the solution space, which is driven by the problem space.
    • Always keep the problem and solution spaces separate.

  12. Which of the following is a subset discipline of Corporate Governance focused on information security systems and their performance and risk management

    • Computer Misuse Act
    • Clinger-Cohen Act
    • ISG 
    • Lanham Act

  13. Which of the following policies describes the national policy on the secure electronic messaging service

    • NSTISSP No. 11
    • NSTISSP No. 7 
    • NSTISSP No. 6
    • NSTISSP No. 101

  14. According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD Each correct answer represents a complete solution. Choose all that apply.

    • DC Security Design & Configuration
    • EC Enclave and Computing Environment
    • VI Vulnerability and Incident Management
    • Information systems acquisition, development, and maintenance

  15. Which of the following elements of Registration task 4 defines the system’s external interfaces as well as the purpose of each external interface, and the relationship between the interface and the system

    • System firmware
    • System software
    • System interface 
    • System hardware

  16. Which of the following protocols is used to establish a secure terminal to a remote network device

    • WEP
    • SMTP
    • SSH 
    • IPSec

  17. Which of the following security controls is a set of layered security services that address communications and data security problems in the emerging Internet and intranet application space

    • Internet Protocol Security (IPSec)
    • Common data security architecture (CDSA) 
    • File encryptors
    • Application program interface (API)

  18. Which of the following professionals plays the role of a monitor and takes part in the organization’s configuration management process

    • Chief Information Officer
    • Authorizing Official
    • Common Control Provider 
    • Senior Agency Information Security Officer

  19. Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system

    • Security Control Assessment Task 4
    • Security Control Assessment Task 3
    • Security Control Assessment Task 1 
    • Security Control Assessment Task 2

  20. Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information

    • Federal Information Processing Standard (FIPS)
    • Special Publication (SP) 
    • NISTIRs (Internal Reports)
    • DIACAP by the United States Department of Defense (DoD)
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments