CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. ISSEP

Free ISSEP Exam Braindumps (page: 8)

Page 7 of 54
PDF with 221 Questions

Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems

  1. National Security AgencyCentral Security Service (NSACSS)
  2. National Institute of Standards and Technology (NIST)
  3. United States Congress
  4. Committee on National Security Systems (CNSS)

Answer(s): D



Which of the following statements is true about residual risks

  1. It can be considered as an indicator of threats coupled with vulnerability.
  2. It is a weakness or lack of safeguard that can be exploited by a threat.
  3. It is the probabilistic risk after implementing all security measures.
  4. It is the probabilistic risk before implementing all security measures.

Answer(s): C



According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD Each correct answer represents a complete solution.
Choose all that apply.

  1. DC Security Design & Configuration
  2. EC Enclave and Computing Environment
  3. VI Vulnerability and Incident Management
  4. Information systems acquisition, development, and maintenance

Answer(s): A,B,C



Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.

  1. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
  2. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
  3. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
  4. Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Answer(s): B,C






Post your Comments and Discuss ISC ISSEP exam with other Community members:

ISSEP Discussions & Posts