Weekend Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ISSEP Information Systems Security Engineering Professional Question and Answers

ISSEP Information Systems Security Engineering Professional

Last Update May 12, 2024
Total Questions : 216

We are offering FREE ISSEP ISC exam questions. All you do is to just go and sign up. Give your details, prepare ISSEP free exam questions and then go for complete pool of ISSEP Information Systems Security Engineering Professional test questions that will help you more.

ISSEP pdf

ISSEP PDF

$35  $99.99
ISSEP Engine

ISSEP Testing Engine

$42  $119.99
ISSEP PDF + Engine

ISSEP PDF + Testing Engine

$56  $159.99
Questions 1

Which of the following federal agencies coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produces foreign intelligence information

Options:

A.  

National Institute of Standards and Technology (NIST)

B.  

National Security AgencyCentral Security Service (NSACSS)

C.  

Committee on National Security Systems (CNSS)

D.  

United States Congress

Discussion 0
Questions 2

Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life

Options:

A.  

National Institute of Standards and Technology (NIST)

B.  

National Security Agency (NSA)

C.  

Committee on National Security Systems (CNSS)

D.  

United States Congress

Discussion 0
Questions 3

Which of the following CNSS policies describes the national policy on use of cryptomaterial by activities operating in high risk environments

Options:

A.  

CNSSP No. 14

B.  

NCSC No. 5

C.  

NSTISSP No. 6

D.  

NSTISSP No. 7

Discussion 0
Questions 4

Drag and drop the correct DoD Policy Series at their appropriate places.

Options:

A.  

Discussion 0
Questions 5

Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls

Options:

A.  

IATO

B.  

DATO

C.  

ATO

D.  

IATT

Discussion 0
Questions 6

Which of the following certification levels requires the completion of the minimum security checklist and more in-depth, independent analysis

Options:

A.  

CL 3

B.  

CL 4

C.  

CL 2

D.  

CL 1

Discussion 0
Questions 7

Which of the following agencies is responsible for funding the development of many technologies such as computer networking, as well as NLS

Options:

A.  

DARPA

B.  

DTIC

C.  

DISA

D.  

DIAP

Discussion 0
Questions 8

Which of the following documents is described in the statement below It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning.

Options:

A.  

Risk management plan

B.  

Project charter

C.  

Quality management plan

D.  

Risk register

Discussion 0
Questions 9

In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47 does the participating organizations perform the following tasks Perform preliminary activities. Examine all relevant technical, security and administrative issues. Form an agreement governing the management, operation, and use of the interconnection.

Options:

A.  

Establishing the interconnection

B.  

Disconnecting the interconnection

C.  

Planning the interconnection

D.  

Maintaining the interconnection

Discussion 0
Questions 10

You work as an ISSE for BlueWell Inc. You want to break down user roles, processes, and information until ambiguity is reduced to a satisfactory degree. Which of the following tools will help you to perform the above task

Options:

A.  

PERT Chart

B.  

Gantt Chart

C.  

Functional Flow Block Diagram

D.  

Information Management Model (IMM)

Discussion 0
Questions 11

Which of the following are the ways of sending secure e-mail messages over the Internet Each correct answer represents a complete solution. Choose two.

Options:

A.  

PGP

B.  

SMIME

C.  

TLS

D.  

IPSec

Discussion 0
Questions 12

You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation of Federal Information Systems

Options:

A.  

NIST Special Publication 800-59

B.  

NIST Special Publication 800-37

C.  

NIST Special Publication 800-60

D.  

NIST Special Publication 800-53

Discussion 0
Questions 13

Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system

Options:

A.  

System Owner

B.  

Information Systems Security Officer (ISSO)

C.  

Designated Approving Authority (DAA)

D.  

Chief Information Security Officer (CISO)

Discussion 0
Questions 14

Which of the following elements of Registration task 4 defines the system's external interfaces as well as the purpose of each external interface, and the relationship between the interface and the system

Options:

A.  

System firmware

B.  

System software

C.  

System interface

D.  

System hardware

Discussion 0
Questions 15

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system

Options:

A.  

SSAA

B.  

TCSEC

C.  

FIPS

D.  

FITSAF

Discussion 0
Questions 16

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.  

Office of Management and Budget (OMB)

B.  

NIST

C.  

FISMA

D.  

FIPS

Discussion 0
Questions 17

Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats

Options:

A.  

System Security Context

B.  

Information Protection Policy (IPP)

C.  

CONOPS

D.  

IMM

Discussion 0
Questions 18

Which of the following CNSS policies describes the national policy on securing voice communications

Options:

A.  

NSTISSP No. 6

B.  

NSTISSP No. 7

C.  

NSTISSP No. 101

D.  

NSTISSP No. 200

Discussion 0
Questions 19

NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews

Options:

A.  

Abbreviated

B.  

Significant

C.  

Substantial

D.  

Comprehensive

Discussion 0
Questions 20

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives

Options:

A.  

NIST SP 800-53A

B.  

NIST SP 800-37

C.  

NIST SP 800-53

D.  

NIST SP 800-26

E.  

NIST SP 800-59

F.  

NIST SP 800-60

Discussion 0
Questions 21

Which of the following agencies provides command and control capabilities and enterprise infrastructure to continuously operate and assure a global net-centric enterprise in direct support to joint warfighters, National level leaders, and other mission and coalition partners across the full spectrum of operations

Options:

A.  

DARPA

B.  

DTIC

C.  

DISA

D.  

DIAP

Discussion 0
Questions 22

Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions

Options:

A.  

DTIC

B.  

NSA IAD

C.  

DIAP

D.  

DARPA

Discussion 0
Questions 23

Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response

Options:

A.  

Enhancing

B.  

Positive

C.  

Opportunistic

D.  

Exploiting

Discussion 0
Questions 24

Which of the following individuals reviews and approves project deliverables from a QA perspective

Options:

A.  

Information systems security engineer

B.  

System owner

C.  

Quality assurance manager

D.  

Project manager

Discussion 0
Questions 25

Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems

Options:

A.  

Computer Fraud and Abuse Act

B.  

Computer Security Act

C.  

Gramm-Leach-Bliley Act

D.  

Digital Millennium Copyright Act

Discussion 0
Questions 26

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting sensitive, unclassified information in the systems as stated in Section 2315 of Title 10, United States Code

Options:

A.  

Type I cryptography

B.  

Type II cryptography

C.  

Type III (E) cryptography

D.  

Type III cryptography

Discussion 0
Questions 27

Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document Each correct answer represents a complete solution. Choose all that apply.

Options:

A.  

It identifies the information protection problems that needs to be solved.

B.  

It allocates security mechanisms to system security design elements.

C.  

It identifies custom security products.

D.  

It identifies candidate commercial off-the-shelf (COTS)government off-the-shelf (GOTS) security products.

Discussion 0
Questions 28

Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart

Options:

A.  

Risk response plan

B.  

Quantitative analysis

C.  

Risk response

D.  

Contingency reserve

Discussion 0
Questions 29

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed

Options:

A.  

Level 4

B.  

Level 5

C.  

Level 1

D.  

Level 2

E.  

Level 3

Discussion 0
Questions 30

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information

Options:

A.  

Type III cryptography

B.  

Type III (E) cryptography

C.  

Type II cryptography

D.  

Type I cryptography

Discussion 0
Questions 31

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident

Options:

A.  

Corrective controls

B.  

Safeguards

C.  

Detective controls

D.  

Preventive controls

Discussion 0
Questions 32

Fill in the blanks with an appropriate phrase. A ________ is an approved build of the product, and can be a single component or a combination of components.

Options:

A.  

development baseline

Discussion 0