CISSP-ISSEP : Information Systems Security Engineering Professional : Part 10
-
Which of the of following departments protects and supports DoD information, information systems, and information networks that are critical to the department and the armed forces during the day-to-day operations, and in the time of crisis
- DIAP
- DARPA
- DTIC
- DISA
-
Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support
- Registration Task 4
- Registration Task 1
- Registration Task 3
- Registration Task 2
-
Which of the following federal laws are related to hacking activities Each correct answer represents a complete solution. Choose three.
- 18 U.S.C. 1030
- 18 U.S.C. 1029
- 18 U.S.C. 2510
- 18 U.S.C. 1028
-
According to which of the following DoD policies, the implementation of DITSCAP is mandatory for all the systems that process both DoD classified and unclassified information?
- DoD 8500.2
- DoDI 5200.40
- DoD 8510.1-M DITSCAP
- DoD 8500.1 (IAW)
-
The principle of the SEMP is not to repeat the information, but rather to ensure that there are processes in place to conduct those functions. Which of the following sections of the SEMP template describes the work authorization procedures as well as change management approval processes
- Section 3.1.8
- Section 3.1.9
- Section 3.1.5
- Section 3.1.7
-
FIPS 199 defines the three levels of potential impact on organizations. Which of the following potential impact levels shows limited adverse effects on organizational operations, organizational assets, or individuals
- Moderate
- Medium
- High
- Low
-
Which of the following are the most important tasks of the Information Management Plan (IMP) Each correct answer represents a complete solution. Choose all that apply.
- Define the Information Protection Policy (IPP).
- Define the System Security Requirements.
- Define the mission need.
- Identify how the organization manages its information.
-
Which of the following cooperative programs carried out by NIST encourages performance excellence among U.S. manufacturers, service companies, educational institutions, and healthcare providers
- Manufacturing Extension Partnership
- Baldrige National Quality Program
- Advanced Technology Program
- NIST Laboratories
-
Which of the following is designed to detect unwanted attempts at accessing, manipulating, and disabling of computer systems through the Internet
- DAS
- IDS
- ACL
- Ipsec
-
SIMULATION
Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after the implementation of new or enhanced controls.
residual risk
-
TQM recognizes that quality of all the processes within an organization contribute to the quality of the product. Which of the following are the most important activities in the Total Quality Management Each correct answer represents a complete solution. Choose all that apply.
- Quality renewal
- Maintenance of quality
- Quality costs
- Quality improvements
-
Which of the following is a document, usually in the form of a table, that correlates any two baseline documents that require a many-to-many relationship to determine the completeness of the relationship
- FIPS 200
- NIST SP 800-50
- Traceability matrix
- FIPS 199
-
Which of the following DoD policies provides assistance on how to implement policy, assign responsibilities, and prescribe procedures for applying integrated, layered protection of the DoD information systems and networks
- DoD 8500.1 Information Assurance (IA)
- DoDI 5200.40
- DoD 8510.1-M DITSCAP
- DoD 8500.2 Information Assurance Implementation
-
Which of the following security controls is standardized by the Internet Engineering Task Force (IETF) as the primary network layer protection mechanism
- Internet Key Exchange (IKE) Protocol
- SMIME
- Internet Protocol Security (IPSec)
- Secure Socket Layer (SSL)
-
You work as a security engineer for BlueWell Inc. You are working on the ISSE model. In which of the following phases of the ISSE model is the system defined in terms of what security is needed
- Define system security architecture
- Develop detailed security design
- Discover information protection needs
- Define system security requirements
-
The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.
- Assessment of the Analysis Results
- Certification analysis
- Registration
- System development
- Configuring refinement of the SSAA
-
Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques and measures selected or developed
- Security Control Assessment Task 3
- Security Control Assessment Task 1
- Security Control Assessment Task 4
- Security Control Assessment Task 2
-
Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle
- Phase 1, Definition
- Phase 3, Validation
- Phase 4, Post Accreditation Phase
- Phase 2, Verification
-
SIMULATION
Fill in the blank with an appropriate phrase. __________ seeks to improve the quality of process outputs by identifying and removing the causes of defects and variability in manufacturing and business processes.
Six Sigma
-
Which of the following processes illustrate the study of a technical nature of interest to focused audience, and consist of interim or final reports on work made by NIST for external sponsors, including government and non-government sponsors
- Federal Information Processing Standards (FIPS)
- Special Publication (SP)
- NISTIRs (Internal Reports)
- DIACAP
Subscribe
0 Comments
Newest