Tested CISSP-ISSEP Free Practice Questions 2021

NEW QUESTION 1
Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system

• A. SSAA
• B. TCSEC
• C. FIPS
• D. FITSAF

Answer: B

NEW QUESTION 2
Which of the following Net-Centric Data Strategy goals are required to increase enterprise and community data over private user and system data Each correct answer represents a complete solution. Choose all that apply.

• A. Understandability
• B. Visibility
• C. Interoperability
• D. Accessibility

Answer: BD

NEW QUESTION 3
Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process

• A. Chief Information Officer
• B. Authorizing Official
• C. Common Control Provider
• D. Senior Agency Information Security Officer

Answer: C

NEW QUESTION 4
The principle of the SEMP is not to repeat the information, but rather to ensure that there are processes in place to conduct those functions. Which of the following sections of the SEMP template describes the work authorization procedures as well as change management approval processes

• A. Section 3.1.8
• B. Section 3.1.9
• C. Section 3.1.5
• D. Section 3.1.7

Answer: B

NEW QUESTION 5
Which of the following principles are defined by the IATF model Each correct answer represents a complete solution. Choose all that apply.

• A. The degree to which the security of the system, as it is defined, designed, and implemented, meets the security needs.
• B. The problem space is defined by the customer's mission or business needs.
• C. The systems engineer and information systems security engineer define the solution space, which is driven by the problem space.
• D. Always keep the problem and solution spaces separate.

Answer: BCD

NEW QUESTION 6
Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual

• A. DoD 8910.1
• B. DoD 7950.1-M
• C. DoD 5200.22-M
• D. DoD 5200.1-R
• E. DoDD 8000.1

Answer: B

NEW QUESTION 7
Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy

• A. Trusted computing base (TCB)
• B. Common data security architecture (CDSA)
• C. Internet Protocol Security (IPSec)
• D. Application program interface (API)

Answer: A

NEW QUESTION 8
Which of the following tasks prepares the technical management plan in planning the technical effort

• A. Task 10
• B. Task 9
• C. Task 7
• D. Task 8

Answer: B

NEW QUESTION 9
Which of the following types of CNSS issuances describes how to implement the policy or prescribes the manner of a policy

• A. Advisory memoranda
• B. Instructions
• C. Policies
• D. Directives

Answer: B

NEW QUESTION 10
Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system

• A. Phase 3
• B. Phase 2
• C. Phase 4
• D. Phase 1

Answer: B

NEW QUESTION 11
Which of the following processes illustrate the study of a technical nature of interest to focused audience, and consist of interim or final reports on work made by NIST for external
sponsors, including government and non-government sponsors

• A. Federal Information Processing Standards (FIPS)
• B. Special Publication (SP)
• C. NISTIRs (Internal Reports)
• D. DIACAP

Answer: C

NEW QUESTION 12
Which of the following federal laws is designed to protect computer data from theft

• A. Federal Information Security Management Act (FISMA)
• B. Computer Fraud and Abuse Act (CFAA)
• C. Government Information Security Reform Act (GISRA)
• D. Computer Security Act

Answer: B

NEW QUESTION 13
Which of the following are the functional analysis and allocation tools Each correct answer represents a complete solution. Choose all that apply.

• A. Functional flow block diagram (FFBD)
• B. Activity diagram
• C. Timeline analysis diagram
• D. Functional hierarchy diagram

Answer: ACD

NEW QUESTION 14
An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official Each correct answer represents a complete solution. Choose all that apply.

• A. Ascertaining the security posture of the organization's information system
• B. Reviewing security status reports and critical security documents
• C. Determining the requirement of reauthorization and reauthorizing information systems when required
• D. Establishing and implementing the organization's continuous monitoring program

Answer: ABC

NEW QUESTION 15
You work as a systems engineer for BlueWell Inc. You want to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. Which of the following processes will you use to accomplish the task

• A. Information Assurance (IA)
• B. Risk Management
• C. Risk Analysis
• D. Information Systems Security Engineering (ISSE)

Answer: A

NEW QUESTION 16
Which of the following roles is also known as the accreditor

• A. Data owner
• B. Chief Information Officer
• C. Chief Risk Officer
• D. Designated Approving Authority

Answer: D

NEW QUESTION 17
Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives

• A. NIST SP 800-53A
• B. NIST SP 800-37
• C. NIST SP 800-53
• D. NIST SP 800-26
• E. NIST SP 800-59
• F. NIST SP 800-60

Answer: D

NEW QUESTION 18
Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology systems and architectures and of the decision criteria which is used to evaluate security for information systems investments

• A. OMB M-00-13
• B. OMB M-99-18
• C. OMB M-00-07
• D. OMB M-03-19

Answer: C