New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free ISC ISSEP Practice Exam with Questions & Answers | Set: 4

Questions 31

Which of the following characteristics are described by the DIAP Information Readiness Assessment function Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

It performs vulnerabilitythreat analysis assessment.

B.

It provides for entry and storage of individual system data.

C.

It provides data needed to accurately assess IA readiness.

D.

It identifies and generates IA requirements.

ISC ISSEP Premium Access
Questions 32

Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense

Options:
A.

DoD 5200.22-M

B.

DoD 8910.1

C.

DoD 5200.40

D.

DoD 8000.1

Questions 33

Which of the following processes describes the elements such as quantity, quality, coverage, timelines, and availability, and categorizes the different functions that the system will need to perform in order to gather the documented missionbusiness needs

Options:
A.

Functional requirements

B.

Operational scenarios

C.

Human factors

D.

Performance requirements

Questions 34

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting sensitive, unclassified information in the systems as stated in Section 2315 of Title 10, United States Code

Options:
A.

Type I cryptography

B.

Type II cryptography

C.

Type III (E) cryptography

D.

Type III cryptography

Questions 35

Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through the filter

Options:
A.

Stateless packet filter firewall

B.

PIX firewall

C.

Stateful packet filter firewall

D.

Virtual firewall

Questions 36

Which of the following security controls will you use for the deployment phase of the SDLC to build secure software Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

Risk Adjustments

B.

Security Certification and Accreditation (C&A)

C.

Vulnerability Assessment and Penetration Testing

D.

Change and Configuration Control

Questions 37

Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response

Options:
A.

Enhancing

B.

Positive

C.

Opportunistic

D.

Exploiting

Questions 38

Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system

Options:
A.

Data security requirement

B.

Network connection rule

C.

Applicable instruction or directive

D.

Security concept of operation

Questions 39

You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A methodology, which is based on four well defined phases. In which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occur

Options:
A.

Continuous Monitoring

B.

Initiation

C.

Security Certification

D.

Security Accreditation

Questions 40

Which of the following federal agencies coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produces foreign intelligence information

Options:
A.

National Institute of Standards and Technology (NIST)

B.

National Security AgencyCentral Security Service (NSACSS)

C.

Committee on National Security Systems (CNSS)

D.

United States Congress

Exam Code: ISSEP
Certification Provider: ISC
Exam Name: ISSEP Information Systems Security Engineering Professional
Last Update: Feb 17, 2025
Questions: 216