are updated and are verified by experts. Once you have completely prepared with our you will be ready for the real CISSP-ISSEP exam without a problem. We have . PASSED First attempt! Here What I Did.
ISC2 CISSP-ISSEP Free Dumps Questions Online, Read and Test Now.
NEW QUESTION 1
Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system
- A. Phase 3
- B. Phase 2
- C. Phase 4
- D. Phase 1
Answer: B
NEW QUESTION 2
Which of the following elements of Registration task 4 defines the operating system, database management system, and software applications, and how they will be used
- A. System firmware
- B. System interface
- C. System software
- D. System hardware
Answer: C
NEW QUESTION 3
Which of the following NIST Special Publication documents provides a guideline on network security testing
- A. NIST SP 800-60
- B. NIST SP 800-37
- C. NIST SP 800-59
- D. NIST SP 800-42
- E. NIST SP 800-53A
- F. NIST SP 800-53
Answer: D
NEW QUESTION 4
Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology systems and architectures and of the decision criteria which is used to evaluate security for information systems investments
- A. OMB M-00-13
- B. OMB M-99-18
- C. OMB M-00-07
- D. OMB M-03-19
Answer: C
NEW QUESTION 5
Which of the following phases of the ISSE model is used to determine why the system needs to be built and what information needs to be protected
- A. Develop detailed security design
- B. Define system security requirements
- C. Discover information protection needs
- D. Define system security architecture
Answer: C
NEW QUESTION 6
Fill in the blank with the appropriate phrase. The is the risk that remains after the implementation of new or enhanced controls.
- A. residual risk
Answer: A
NEW QUESTION 7
Certification and Accreditation (C&A or CnA) is a process for implementing information
security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.
- A. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
- B. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
- C. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
- D. Certification is the official management decision given by a senior agency official to authorize operation of an information system.
Answer: BC
NEW QUESTION 8
Which of the following acts promote a risk-based policy for cost effective security Each correct answer represents a part of the solution. Choose all that apply.
- A. Clinger-Cohen Act
- B. Lanham Act
- C. Paperwork Reduction Act (PRA)
- D. Computer Misuse Act
Answer: AC
NEW QUESTION 9
Which of the following responsibilities are executed by the federal program manager
- A. Ensure justification of expenditures and investment in systems engineering activities.
- B. Coordinate activities to obtain funding.
- C. Review project deliverables.
- D. Review and approve project plans.
Answer: ABD
NEW QUESTION 10
Which of the following agencies serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related information available today
- A. DISA
- B. DIAP
- C. DTIC
- D. DARPA
Answer: C
NEW QUESTION 11
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199 Each correct answer represents a complete solution. Choose all that apply.
- A. High
- B. Medium
- C. Low
- D. Moderate
Answer: ABC
NEW QUESTION 12
Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy
- A. Trusted computing base (TCB)
- B. Common data security architecture (CDSA)
- C. Internet Protocol Security (IPSec)
- D. Application program interface (API)
Answer: A
NEW QUESTION 13
Which of the following sections of the SEMP template defines the project constraints, to include constraints on funding, personnel, facilities, manufacturing capability and capacity, critical resources, and other constraints
- A. Section 3.1.5
- B. Section 3.1.8
- C. Section 3.1.9
- D. Section 3.1.7
Answer: B
NEW QUESTION 14
Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply.
- A. Chief Information Officer
- B. AO Designated Representative
- C. Senior Information Security Officer
- D. User Representative
- E. Authorizing Official
Answer: ABCE
NEW QUESTION 15
Which of the following are the major tasks of risk management Each correct answer represents a complete solution. Choose two.
- A. Risk identification
- B. Building Risk free systems
- C. Assuring the integrity of organizational data
- D. Risk control
Answer: AD
NEW QUESTION 16
Which of the following types of CNSS issuances describes how to implement the policy or prescribes the manner of a policy
- A. Advisory memoranda
- B. Instructions
- C. Policies
- D. Directives
Answer: B
NEW QUESTION 17
Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information
- A. Federal Information Processing Standard (FIPS)
- B. Special Publication (SP)
- C. NISTIRs (Internal Reports)
- D. DIACAP by the United States Department of Defense (DoD)
Answer: B
NEW QUESTION 18
Which of the following rated systems of the Orange book has mandatory protection of the TCB
- A. C-rated
- B. B-rated
- C. D-rated
- D. A-rated
Answer: B
NEW QUESTION 19
Which of the following elements of Registration task 4 defines the system's external interfaces as well as the purpose of each external interface, and the relationship between the interface and the system
- A. System firmware
- B. System software
- C. System interface
- D. System hardware
Answer: C
100% Valid and Newest Version CISSP-ISSEP Questions & Answers shared by Certifytools, Get Full Dumps HERE: https://www.certifytools.com/CISSP-ISSEP-exam.html (New 213 Q&As)