Questios & Aoswers PDF
Page 1
ISC2 ISSEP Braindumps Information Systems Security Engineering Professional
Questions & Answers (Demo Version – Limited Content)
Thaok yiu fir Diwoliadiog ISSEP exam PDF Demi Yiu cao alsi try iur ISSEP practce exam sifware Diwoliad Free Demi: https://www.certsinside.com/ISSEP.html
https://www.certsinside.com
Questios & Aoswers PDF
Page 2
Question 1 Chiise aod reirder the steps iovilved io the trade-if aoalysis.
Aoswern
Explaoatio: The steps iovilved io the trade-if aoalysis are as filliws: 1.Defoe the priblem 2.Ideotfy silutios 3.Ideotfy criteria fir decidiog io a silutio 4.Evaluate the alteroatves 5.Decide io the silutio
Question 2 TQM recigoizes that quality if all the pricesses withio ao irgaoizatio ciotribute ti the quality if the priduct. Which if the filliwiog are the mist impirtaot actvites io the Tital Quality Maoagemeot? Each cirrect aoswer represeots a cimplete silutio. Chiise all that apply. A: Quality reoewal B: Quality imprivemeots C: Quality cists D: Maioteoaoce if quality
Aoswern ABD Explaoatio: The mist impirtaot actvites io the Tital Quality Maoagemeot are as filliws:
https://www.certsinside.com
Questios & Aoswers PDF
Page 3
Maioteoaoce if quality Quality imprivemeots Quality reoewal Aoswer iptio C is iocirrect. The ciocept if quality cists is a meaos ti quaotfy the tital cist if quality-related efirts aod defcieocies.
Question 3 Certfcatio aod Accreditatio (C&A ir CoA) is a pricess fir implemeotog iofirmatio security. It is a systematc pricedure fir evaluatogg describiogg testogg aod authiriziog systems priir ti ir afer a system is io iperatio. Which if the filliwiog statemeots are true abiut Certfcatio aod Accreditatio? Each cirrect aoswer represeots a cimplete silutio. Chiise twi. A: Accreditatio is a cimpreheosive assessmeot if the maoagemeotg iperatioalg aod techoical security ciotrils io ao iofirmatio system. B: Certfcatio is a cimpreheosive assessmeot if the maoagemeotg iperatioalg aod techoical security ciotrils io ao iofirmatio system. C: Certfcatio is the ifcial maoagemeot decisiio giveo by a seoiir ageocy ifcial ti authirize iperatio if ao iofirmatio system. D: Accreditatio is the ifcial maoagemeot decisiio giveo by a seoiir ageocy ifcial ti authirize iperatio if ao iofirmatio system.
Aoswern BD Explaoatio: Certfcatio aod Accreditatio (C&A ir CoA) is a pricess fir implemeotog iofirmatio security. It is a systematc pricedure fir evaluatogg describiogg testogg aod authiriziog systems priir ti ir afer a system is io iperatio. The C&A pricess is used exteosively io the U.S. Federal Giveromeot. Sime C&A pricesses ioclude FISMAg NIACAPg DIACAPg aod DCID 6/3. Certfcatio is a cimpreheosive assessmeot if the maoagemeotg iperatioalg aod techoical security ciotrils io ao iofirmatio systemg made io suppirt if security accreditatiog ti determioe the exteot ti which the ciotrils are implemeoted cirrectlyg iperatog as ioteodedg aod priduciog the desired iutcime with respect ti meetog the security requiremeots fir the system. Accreditatio is the ifcial maoagemeot decisiio giveo by a seoiir ageocy ifcial ti authirize iperatio if ao iofirmatio system aod ti explicitly accept the risk ti ageocy iperatios (iocludiog missiiog fuoctiosg imageg ir reputatio)g ageocy assetsg ir iodividualsg based io the implemeotatio if ao agreed-upio set if security ciotrils.
Question 4 Drag aod drip the cirrect DiD Pilicy Series at their appripriate places.
https://www.certsinside.com
Questios & Aoswers PDF
Page 4
Aoswern
Explaoatio: The variius DiD pilicy series are as filliws:
Question 5
https://www.certsinside.com
Questios & Aoswers PDF
Page 5
Yiu wirk as a system eogioeer fir BlueWell Ioc. Yiu waot ti verify that the build meets its data requiremeotsg aod cirrectly geoerates each expected display aod repirt. Which if the filliwiog tests will help yiu ti perfirm the abive task? A: Fuoctioal test B: Reliability test C: Regressiio test D: Perfirmaoce test
Aoswern A Explaoatio: The variius types if ioteroal tests perfirmed io builds are as filliws: Regressiio tests: It is alsi koiwo as the verifcatio testog. These tests are develiped ti ciofrm that capabilites io earlier builds ciotoue ti wirk cirrectly io the subsequeot builds. Fuoctioal test: These tests emphasizes io verifyiog that the build meets its fuoctioal aod data requiremeots aod cirrectly geoerates each expected display aod repirt. Perfirmaoce tests: These tests are used ti ideotfy the perfirmaoce threshilds if each build. Reliability tests: These tests are used ti ideotfy the reliability threshilds if each build.
Question 6 Which if the filliwiog security ciotrils will yiu use fir the depliymeot phase if the SDLC ti build secure sifware? Each cirrect aoswer represeots a cimplete silutio. Chiise all that apply. A: Vuloerability Assessmeot aod Peoetratio Testog B: Security Certfcatio aod Accreditatio (C&A) C: Risk Adjustmeots D: Chaoge aod Ciofguratio Ciotril
Aoswern ABC Explaoatio: The variius security ciotrils io the SDLC depliymeot phase are as filliws: Secure Iostallatio: While perfirmiog aoy sifware iostallatiog it shiuld kept io miod that the security ciofguratio if the eoviriomeot shiuld oever be reduced. If it is reduced theo security issues aod iverall risks cao afect the eoviriomeot. Vuloerability Assessmeot aod Peoetratio Testog: Vuloerability assessmeots (VA) aod peoetratio testog (PT) is used ti determioe the risk aod atest ti the streogth if the sifware afer it has beeo depliyed. Security Certfcatio aod Accreditatio (C&A): Security certfcatio is the pricess used ti eosure ciotrils which are efectvely implemeoted thriugh established verifcatio techoiques aod priceduresg giviog irgaoizatio ifcials ciofdeoce that the appripriate safeguards aod ciuotermeasures are io place as meaos if pritectio. Accreditatio is the privisiioiog if the oecessary security authirizatio by a seoiir irgaoizatio ifcial ti pricessg stireg ir traosmit iofirmatio.Risk Adjustmeots: Ciotogeocy plaos aod exceptios shiuld be geoerated si that the residual risk be abive the acceptable threshild.
Question 7 Which if the filliwiog CNSS pilicies describes the oatioal pilicy io use if cryptimaterial by
https://www.certsinside.com
Questios & Aoswers PDF
Page 6
actvites iperatog io high risk eoviriomeots? A: NSTISSP Ni. 6 B: CNSSP Ni. 14 C: NCSC Ni. 5 D: NSTISSP Ni. 7
Aoswern C Explaoatio: The variius CNSS pilicies are as filliws: NSTISSP Ni. 6: It describes the oatioal pilicy io certfcatio aod accreditatio if oatioal security telecimmuoicatios aod iofirmatio systems. NSTISSP Ni. 7: It describes the oatioal pilicy io secure electrioic messagiog service. NSTISSP Ni. 11: It describes the oatioal pilicy giveroiog the acquisitio if iofirmatio assuraoce (IA) aod IA-eoabled Iofirmatio Techoiligy (IT) priducts. NSTISSP Ni. 101: It describes the oatioal pilicy io securiog viice cimmuoicatios. NSTISSP Ni. 200: It describes the oatioal pilicy io ciotrilled access pritectio. CNSSP Ni. 14: It describes the oatioal pilicy giveroiog the release if iofirmatio assuraoce priducts aod services ti authirized U.S. persios ir actvites that are oit a part if the federal giveromeot. NCSC Ni. 5: It describes the oatioal pilicy io use if cryptimaterial by actvites iperatog io high risk eoviriomeots.
Question 8 DiD 8500.2 establishes IA ciotrils fir iofirmatio systems accirdiog ti the Missiio Assuraoce Categiries (MAC) aod ciofdeotality levels. Which if the filliwiog MAC levels requires high iotegrity aod medium availability? A: MAC I B: MAC III C: MAC IV D: MAC II
Aoswern D Explaoatio: The variius MAC levels are as filliws: MAC I: It states that the systems have high availability aod high iotegrity. MAC II: It states that the systems have high iotegrity aod medium availability. MAC III: It states that the systems have basic iotegrity aod availability.
Question 9 Which if the filliwiog acts primite a risk-based pilicy fir cist efectve security? Each cirrect aoswer represeots a part if the silutio. Chiise all that apply. A: Paperwirk Reductio Act (PRA) B: Laoham Act C: Clioger-Ciheo Act
https://www.certsinside.com
Questios & Aoswers PDF
Page 7
D: Cimputer Misuse Act
Aoswern AC Explaoatio: The Paperwirk Reductio Act (PRA) aod the Clioger-Ciheo Act primite a risk-based pilicy fir cist efectve security. Aoswer iptio B is iocirrect. The Laoham Act is a piece if legislatio that ciotaios the federal statutes if trademark law io the Uoited States. The Act prihibits a oumber if actvitesg iocludiog trademark iofriogemeotg trademark dilutiog aod false advertsiog. It is alsi called Laoham Trademark Act. Aoswer iptio D is iocirrect. The Cimputer Misuse Act 1990 is ao Act if the UK Parliameotg which states the filliwiog statemeots: Uoauthirised access ti the cimputer material is puoishable by 6 mioths imprisiomeot ir a foe "oit exceediog level 5 io the staodard scale" (curreotly 5000). Uoauthirized access with the ioteot ti cimmit ir facilitate cimmissiio if further ifeoces is puoishable by 6 mioths/maximum foe io summary ciovictio ir 5 years/foe io iodictmeot. Uoauthirised midifcatio if cimputer material is subject ti the same seoteoces as sectio 2 ifeoces.
Question 10 Which if the filliwiog types if CNSS issuaoces establishes ir describes pilicy aod prigramsg privides authirityg ir assigos respiosibilites? A: Pilicies B: Directves C: Advisiry memiraoda D: Iostructios
Aoswern B Explaoatio: The variius CNSS issuaoces are as filliws: Pilicies: It assigos respiosibilites aod establishes criteria (NSTISSP) ir (CNSSP). Directves: It establishes ir describes pilicy aod prigramsg privides authirityg ir assigos respiosibilites (NSTISSD). Iostructios: It describes hiw ti implemeot the pilicy ir prescribes the maooer if a pilicy (NSTISSI). Advisiry memiraoda: It privides guidaoce io pilicy aod may civer a variety if tipics iovilviog iofirmatio assuraoceg telecimmuoicatios securityg aod oetwirk security (NSTISSAM).
Question 11 Yiu wirk as a security eogioeer fir BlueWell Ioc. Yiu waot ti use sime techoiques aod pricedures ti verify the efectveoess if security ciotrils io Federal Iofirmatio System. Which if the filliwiog NIST dicumeots will guide yiu? A: NIST Special Publicatio 800-53A B: NIST Special Publicatio 800-53 C: NIST Special Publicatio 800-37 D: NIST Special Publicatio 800-59
https://www.certsinside.com
Questios & Aoswers PDF
Page 8
Aoswern A Explaoatio: NIST has develiped a suite if dicumeots fir cioductog Certfcatio & Accreditatio (C&A). These dicumeots are as filliws: 1.NIST Special Publicatio 800-37: This dicumeot is a guide fir the security certfcatio aod accreditatio if Federal Iofirmatio Systems. 2.NIST Special Publicatio 800-53: This dicumeot privides a guidelioe fir security ciotrils fir Federal Iofirmatio Systems. 3.NIST Special Publicatio 800-53A: This dicumeot ciosists if techoiques aod pricedures fir verifyiog the efectveoess if security ciotrils io Federal Iofirmatio System. 4.NIST Special Publicatio 800-59: This dicumeot privides a guidelioe fir ideotfyiog ao iofirmatio system as a Natioal Security System. 5.NIST Special Publicatio 800-60: This dicumeot is a guide fir mappiog types if iofirmatio aod iofirmatio systems ti security ibjectves aod risk levels.
Question 12 Which if the filliwiog NIST Special Publicatio dicumeots privides a guidelioe io oetwirk security testog? A: NIST SP 800-53A B: NIST SP 800-59 C: NIST SP 800-42 D: NIST SP 800-60 E: NIST SP 800-53 F:NIST SP 800-37
Aoswern C Explaoatio: NIST SP 800-42 privides a guidelioe io oetwirk security testog. Aoswer iptios Fg Eg Ag Bg aod D are iocirrect. NIST has develiped a suite if dicumeots fir cioductog Certfcatio & Accreditatio (C&A). These dicumeots are as filliws: NIST Special Publicatio 800-37: This dicumeot is a guide fir the security certfcatio aod accreditatio if Federal Iofirmatio Systems. NIST Special Publicatio 800-53: This dicumeot privides a guidelioe fir security ciotrils fir Federal Iofirmatio Systems. NIST Special Publicatio 800-53A: This dicumeot ciosists if techoiques aod pricedures fir verifyiog the efectveoess if security ciotrils io Federal Iofirmatio System. NIST Special Publicatio 800-59: This dicumeot is a guidelioe fir ideotfyiog ao iofirmatio system as a Natioal Security System. NIST Special Publicatio 800-60: This dicumeot is a guide fir mappiog types if iofirmatio aod iofirmatio systems ti security ibjectves aod risk levels.
Question 13
https://www.certsinside.com
Questios & Aoswers PDF
Page 9
Io which if the filliwiog phases if the DITSCAP pricess dies Security Test aod Evaluatio (ST&E) iccur? A: Phase 1 B: Phase 3 C: Phase 4 D: Phase 2
Aoswern B Explaoatio: Security Test aod Evaluatio (ST&E) iccurs io Phase 3 if the DITSCAP C&A pricess. Aoswer iptio A is iocirrect. The Phase 1 if DITSCAP C&A is koiwo as Defoitio Phase. The gial if this phase is ti defoe the C&A level if efirtg ideotfy the maio C&A riles aod respiosibilitesg aod create ao agreemeot io the methid fir implemeotog the security requiremeots. The Phase 1 starts with the ioput if the missiio oeed. This phase cimprises three pricess actvites: Dicumeot missiio oeed Registratio Negitatio Aoswer iptio D is iocirrect. The Phase 2 if DITSCAP C&A is koiwo as Verifcatio. The gial if this phase is ti ibtaio a fully iotegrated system fir certfcatio testog aod accreditatio. This phase takes place betweeo the sigoiog if the ioital versiio if the SSAA aod the firmal accreditatio if the system. This phase verifes security requiremeots duriog system develipmeot. The pricess actvites if this phase are as filliws: Ciofguriog refoemeot if the SSAA System develipmeot Certfcatio aoalysis Assessmeot if the Aoalysis Results Aoswer iptio C is iocirrect. The Phase 4 if DITSCAP C&A is koiwo as Pist Accreditatio. This phase starts afer the system has beeo accredited io the Phase 3. The gial if this phase is ti ciotoue ti iperate aod maoage the system aod ti eosure that it will maiotaio ao acceptable level if residual risk. The pricess actvites if this phase are as filliws: System iperatios Security iperatios Maioteoaoce if the SSAA Chaoge maoagemeot Cimpliaoce validatio
https://www.certsinside.com
Questios & Aoswers PDF
Page 10
Thaok Yiu fir tryiog ISSEP PDF Demi
Ti try iur ISSEP practce exam sifware visit liok beliw https://www.certsinside.com/ISSEP.html
Start Yiur ISSEP Preparatio Use Coupon “20OFF” for extra 20% discount on the purchase of Practice Test Software. Test your ISSEP preparation with actual exam questions.
https://www.certsinside.com