Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. CISSP-ISSEP

Free ISC CISSP-ISSEP Exam Questions (page: 3)

Page 3 of 28
PDF with 214 Questions

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy?
Each correct answer represents a part of the solution. Choose all that apply.

  1. What is being secured
  2. Who is expected to comply with the policy
  3. Where is the vulnerability, threat, or risk
  4. Who is expected to exploit the vulnerability

Answer(s): A,B,C



The functional analysis process is used for translating system requirements into detailed function criteria. Which of the following are the elements of functional analysis process?
Each correct answer represents a complete solution. Choose all that apply.

  1. Model possible overall system behaviors that are needed to achieve the system requirements.
  2. Develop concepts and alternatives that are not technology or component bound.
  3. Decompose functional requirements into discrete tasks or activities, the focus is still on technology not functions or components.
  4. Use a top-down with some bottom-up approach verification.

Answer(s): A,B,D



The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE?
Each correct answer represents a complete solution. Choose all that apply.

  1. An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
  2. An ISSE provides advice on the impacts of system changes.
  3. An ISSE provides advice on the continuous monitoring of the information system.
  4. An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
  5. An ISSO takes part in the development activities that are required to implement system changes.

Answer(s): B,C,D



Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems?

  1. Computer Fraud and Abuse Act
  2. Computer Security Act
  3. Gramm-Leach-Bliley Act
  4. Digital Millennium Copyright Act

Answer(s): A



Which of the following processes describes the elements such as quantity, quality, coverage, timelines, and availability, and categorizes the different functions that the system will need to perform in order to gather the documented missionbusiness needs?

  1. Functional requirements
  2. Operational scenarios
  3. Human factors
  4. Performance requirements

Answer(s): A



What NIACAP certification levels are recommended by the certifier?
Each correct answer represents a complete solution.
Choose all that apply.

  1. Basic System Review
  2. Basic Security Review
  3. Maximum Analysis
  4. Comprehensive Analysis
  5. Detailed Analysis
  6. Minimum Analysis

Answer(s): B,D,E,F



Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?

  1. ASSET
  2. NSA-IAM
  3. NIACAP
  4. DITSCAP

Answer(s): C



Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task?

  1. Security Certification
  2. Security Accreditation
  3. Initiation
  4. Continuous Monitoring

Answer(s): D



Viewing page 3 of 28
Viewing questions 17 - 24 out of 214 questions



Post your Comments and Discuss ISC CISSP-ISSEP exam prep with other Community members:

CISSP-ISSEP Exam Discussions & Posts