for ISC2 certification, Real Success Guaranteed with Updated . 100% PASS CISSP-ISSEP Information Systems Security Engineering Professional exam Today!

Free demo questions for ISC2 CISSP-ISSEP Exam Dumps Below:

NEW QUESTION 1
Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task

  • A. Security Certification
  • B. Security Accreditation
  • C. Initiation
  • D. Continuous Monitoring

Answer: D

NEW QUESTION 2
Which of the following acts promote a risk-based policy for cost effective security Each correct answer represents a part of the solution. Choose all that apply.

  • A. Clinger-Cohen Act
  • B. Lanham Act
  • C. Paperwork Reduction Act (PRA)
  • D. Computer Misuse Act

Answer: AC

NEW QUESTION 3
You work as an ISSE for BlueWell Inc. You want to break down user roles, processes, and information until ambiguity is reduced to a satisfactory degree. Which of the following tools will help you to perform the above task

  • A. PERT Chart
  • B. Gantt Chart
  • C. Functional Flow Block Diagram
  • D. Information Management Model (IMM)

Answer: D

NEW QUESTION 4
What are the responsibilities of a system owner Each correct answer represents a complete solution. Choose all that apply.

  • A. Integrates security considerations into application and system purchasing decisions and development projects.
  • B. Ensures that the necessary security controls are in place.
  • C. Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on.
  • D. Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.

Answer: ACD

NEW QUESTION 5
Certification and Accreditation (C&A or CnA) is a process for implementing information
security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.

  • A. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
  • B. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
  • C. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
  • D. Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Answer: BC

NEW QUESTION 6
Which of the following policies describes the national policy on the secure electronic messaging service

  • A. NSTISSP N
  • B. 11
  • C. NSTISSP N
  • D. 7
  • E. NSTISSP N
  • F. 6
  • G. NSTISSP N
  • H. 101

Answer: B

NEW QUESTION 7
Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package

  • A. Initiation
  • B. Security Certification
  • C. Continuous Monitoring
  • D. Security Accreditation

Answer: D

NEW QUESTION 8
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan Each correct answer represents a part of the solution. Choose all that apply.

  • A. Certification
  • B. Authorization
  • C. Post-certification
  • D. Post-Authorization
  • E. Pre-certification

Answer: ABDE

NEW QUESTION 9
Which of the following elements are described by the functional requirements task Each correct answer represents a complete solution. Choose all that apply.

  • A. Coverage
  • B. Accuracy
  • C. Quality
  • D. Quantity

Answer: ACD

NEW QUESTION 10
Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

  • A. Parkerian Hexad
  • B. Five Pillars model
  • C. Capability Maturity Model (CMM)
  • D. Classic information security model

Answer: B

NEW QUESTION 11
Which of the following federal laws establishes roles and responsibilities for information security, risk management, testing, and training, and authorizes NIST and NSA to provide guidance for security planning and implementation

  • A. Computer Fraud and Abuse Act
  • B. Government Information Security Reform Act (GISRA)
  • C. Federal Information Security Management Act (FISMA)
  • D. Computer Security Act

Answer: B

NEW QUESTION 12
Which of the following is a type of security management for computers and networks in order to identify security breaches

  • A. IPS
  • B. IDS
  • C. ASA
  • D. EAP

Answer: B

NEW QUESTION 13
Which of the following security controls will you use for the deployment phase of the SDLC to build secure software Each correct answer represents a complete solution. Choose all that apply.

  • A. Risk Adjustments
  • B. Security Certification and Accreditation (C&A)
  • C. Vulnerability Assessment and Penetration Testing
  • D. Change and Configuration Control

Answer: ABC

NEW QUESTION 14
The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer Each correct answer represents a complete solution. Choose all that apply.

  • A. Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan
  • B. Preserving high-level communications and working group relationships in an organization
  • C. Establishing effective continuous monitoring program for the organization
  • D. Facilitating the sharing of security risk-related information among authorizing officials

Answer: ABC

NEW QUESTION 15
Which of the following certification levels requires the completion of the minimum security checklist, and the system user or an independent certifier can complete the checklist

  • A. CL 2
  • B. CL 3
  • C. CL 1
  • D. CL 4

Answer: C

NEW QUESTION 16
The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.

  • A. Assessment of the Analysis Results
  • B. Certification analysis
  • C. Registration
  • D. System development
  • E. Configuring refinement of the SSAA

Answer: ABDE

NEW QUESTION 17
Which of the following are the most important tasks of the Information Management Plan (IMP) Each correct answer represents a complete solution. Choose all that apply.

  • A. Define the Information Protection Policy (IPP).
  • B. Define the System Security Requirements.
  • C. Define the mission need.
  • D. Identify how the organization manages its information.

Answer: ACD

NEW QUESTION 18
Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information

  • A. Type III cryptography
  • B. Type III (E) cryptography
  • C. Type II cryptography
  • D. Type I cryptography

Answer: D

P.S. Certleader now are offering 100% pass ensure CISSP-ISSEP dumps! All CISSP-ISSEP exam questions have been updated with correct answers: https://www.certleader.com/CISSP-ISSEP-dumps.html (213 New Questions)