Simulation CISSP-ISSEP Exam Questions 2021

NEW QUESTION 1
Which of the following types of CNSS issuances describes how to implement the policy or prescribes the manner of a policy

• A. Advisory memoranda
• B. Instructions
• C. Policies
• D. Directives

Answer: B

NEW QUESTION 2
The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.

• A. Security operations
• B. Continue to review and refine the SSAA
• C. Change management
• D. Compliance validation
• E. System operations
• F. Maintenance of the SSAA

Answer: ACDEF

NEW QUESTION 3
Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats

• A. System Security Context
• B. Information Protection Policy (IPP)
• C. CONOPS
• D. IMM

Answer: B

NEW QUESTION 4
Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response

• A. Enhancing
• B. Positive
• C. Opportunistic
• D. Exploiting

Answer: D

NEW QUESTION 5
Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment

• A. Phase 4
• B. Phase 2
• C. Phase 1
• D. Phase 3

Answer: D

NEW QUESTION 6
Which of the following configuration management system processes defines which items will be configuration managed, how they are to be identified, and how they are to be documented

• A. Configuration verification and audit
• B. Configuration control
• C. Configuration status accounting
• D. Configuration identification

Answer: D

NEW QUESTION 7
According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD Each correct answer represents a complete solution. Choose all that apply.

• A. DC Security Design & Configuration
• B. EC Enclave and Computing Environment
• C. VI Vulnerability and Incident Management
• D. Information systems acquisition, development, and maintenance

Answer: ABC

NEW QUESTION 8
Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which of the following is the correct order of C&A phases in a DITSCAP assessment

• A. Definition, Validation, Verification, and Post Accreditation
• B. Verification, Definition, Validation, and Post Accreditation
• C. Verification, Validation, Definition, and Post Accreditation
• D. Definition, Verification, Validation, and Post Accreditation

Answer: D

NEW QUESTION 9
Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document Each correct answer represents a complete solution. Choose all that apply.

• A. It identifies the information protection problems that needs to be solved.
• B. It allocates security mechanisms to system security design elements.
• C. It identifies custom security products.
• D. It identifies candidate commercial off-the-shelf (COTS)government off-the-shelf (GOTS) security products.

Answer: BCD

NEW QUESTION 10
You work as a systems engineer for BlueWell Inc. You want to communicate the quantitative and qualitative system characteristics to all stakeholders. Which of the following documents will you use to achieve the above task

• A. IMM
• B. CONOPS
• C. IPP
• D. System Security Context

Answer: B

NEW QUESTION 11
Which of the following organizations incorporates building secure audio and video
communications equipment, making tamper protection products, and providing trusted microelectronics solutions

• A. DTIC
• B. NSA IAD
• C. DIAP
• D. DARPA

Answer: B

NEW QUESTION 12
Which of the following individuals is an upper-level manager who has the power and capability to evaluate the mission, business case, and budgetary needs of the system while also considering the security risks

• A. User Representative
• B. Program Manager
• C. Certifier
• D. DAA

Answer: D

NEW QUESTION 13
Which of the following cooperative programs carried out by NIST encourages performance excellence among U.S. manufacturers, service companies, educational institutions, and healthcare providers

• A. Manufacturing Extension Partnership
• B. Baldrige National Quality Program
• C. Advanced Technology Program
• D. NIST Laboratories

Answer: B

NEW QUESTION 14
Which of the following phases of the ISSE model is used to determine why the system needs to be built and what information needs to be protected

• A. Develop detailed security design
• B. Define system security requirements
• C. Discover information protection needs
• D. Define system security architecture

Answer: C

NEW QUESTION 15
Which of the following are the benefits of SE as stated by MIL-STD-499B Each correct answer represents a complete solution. Choose all that apply.

• A. It develops work breakdown structures and statements of work.
• B. It establishes and maintains configuration management of the system.
• C. It develops needed user training equipment, procedures, and data.
• D. It provides high-quality products and services, with the correct people and performance features, at an affordable price, and on time.

Answer: ABC

NEW QUESTION 16
Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the international information security standards Each correct answer represents a complete solution. Choose all that apply.

• A. Organization of information security
• B. Human resources security
• C. Risk assessment and treatment
• D. AU audit and accountability

Answer: ABC

NEW QUESTION 17
Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life

• A. National Institute of Standards and Technology (NIST)
• B. National Security Agency (NSA)
• C. Committee on National Security Systems (CNSS)
• D. United States Congress

Answer: A

NEW QUESTION 18
Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality

• A. Information Protection Policy (IPP)
• B. IMM
• C. System Security Context
• D. CONOPS

Answer: A

NEW QUESTION 19
You work as an ISSE for BlueWell Inc. You want to break down user roles, processes, and information until ambiguity is reduced to a satisfactory degree. Which of the following tools will help you to perform the above task

• A. PERT Chart
• B. Gantt Chart
• C. Functional Flow Block Diagram
• D. Information Management Model (IMM)

Answer: D

NEW QUESTION 20
You work as a systems engineer for BlueWell Inc. You are working on translating system requirements into detailed function criteria. Which of the following diagrams will help you to show all of the function requirements and their groupings in one diagram

• A. Activity diagram
• B. Functional flow block diagram (FFBD)
• C. Functional hierarchy diagram
• D. Timeline analysis diagram

Answer: C