CISSP-ISSEP : Information Systems Security Engineering Professional : Part 09

CISSP-ISSEP : Information Systems Security Engineering Professional : Part 09

  1. You work as a systems engineer for BlueWell Inc. You are working on translating system requirements into detailed function criteria. Which of the following diagrams will help you to show all of the function requirements and their groupings in one diagram 

    • Activity diagram
    • Functional flow block diagram (FFBD)
    • Functional hierarchy diagram 
    • Timeline analysis diagram

  2. Which of the following organizations is a USG initiative designed to meet the security testing, evaluation, and assessment needs of both information technology (IT) producers and consumers 

    • NSA
    • NIST
    • CNSS
    • NIAP

  3. Which of the following agencies is responsible for funding the development of many technologies such as computer networking, as well as NLS

    • DARPA 
    • DTIC
    • DISA
    • DIAP

  4. Which of the following CNSS policies describes the national policy on controlled access protection

    • NSTISSP No. 101
    • NSTISSP No. 200 
    • NCSC No. 5
    • CNSSP No. 14

  5. SIMULATION

    Fill in the blank with an appropriate phrase. A ____________________ is defined as any activity that has an effect on defining, designing, building, or executing a task, requirement, or procedure.

    • technical effort

  6. You work as a security engineer for BlueWell Inc. According to you, which of the following DITSCAPNIACAP model phases occurs at the initiation of the project, or at the initial C&A effort of a legacy system

    • Post Accreditation
    • Definition 
    • Verification
    • Validation

  7. The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on behalf of the performing organization. Which one of the following is NOT an example of the transference risk response

    • Warranties
    • Performance bonds
    • Use of insurance
    • Life cycle costing

  8. In which of the following DIACAP phases is residual risk analyzed

    • Phase 2
    • Phase 3
    • Phase 5
    • Phase 1
    • Phase 4

  9. The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment? Each correct answer represents a part of the solution. Choose all that apply.

    • Information Assurance Manager
    • Designated Approving Authority
    • Certification agent
    • IS program manager
    • User representative

  10. Which of the following processes provides guidance to the system designers and form the basis of major events in the acquisition phases, such as testing the products for system integration

    • Operational scenarios 
    • Functional requirements
    • Human factors
    • Performance requirements

  11. Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response

    • Enhancing
    • Positive
    • Opportunistic
    • Exploiting

  12. Which of the following roles is also known as the accreditor

    • Data owner
    • Chief Information Officer
    • Chief Risk Officer
    • Designated Approving Authority

  13. Which of the following NIST documents describes that minimizing negative impact on an organization and a need for sound basis in decision making are the fundamental reasons organizations implement a risk management process for their IT systems

    • NIST SP 800-37
    • NIST SP 800-30 
    • NIST SP 800-53
    • NIST SP 800-60

  14. Which of the following is NOT used in the practice of Information Assurance (IA) to define assurance requirements

    • Classic information security model
    • Five Pillars model
    • Communications Management Plan 
    • Parkerian Hexad

  15. Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system

    • Phase 3
    • Phase 2 
    • Phase 4
    • Phase 1

  16. Which of the following federal laws establishes roles and responsibilities for information security, risk management, testing, and training, and authorizes NIST and NSA to provide guidance for security planning and implementation

    • Computer Fraud and Abuse Act
    • Government Information Security Reform Act (GISRA) 
    • Federal Information Security Management Act (FISMA)
    • Computer Security Act

  17. Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions

    • DTIC
    • NSA IAD 
    • DIAP
    • DARPA

  18. NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews

    • Abbreviated 
    • Significant
    • Substantial
    • Comprehensive

  19. What NIACAP certification levels are recommended by the certifier Each correct answer represents a complete solution. Choose all that apply.

    • Basic System Review
    • Basic Security Review 
    • Maximum Analysis
    • Comprehensive Analysis
    • Detailed Analysis
    • Minimum Analysis

  20. Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system

    • SSAA
    • TCSEC 
    • FIPS
    • FITSAF
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments