ISSEP Online Practice Questions and Answers

Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls

A. Certification and accreditation (CandA)

B. Risk Management

C. Information systems security engineering (ISSE)

D. Information Assurance (IA)

Which of the following email lists is written for the technical audiences, and provides weekly summaries of security issues, new vulnerabilities, potential impact, patches and workarounds, as well as the actions recommended to mitigate risk

A. Cyber Security Tip

B. Cyber Security Alert

C. Cyber Security Bulletin

D. Technical Cyber Security Alert

Which of the following documents were developed by NIST for conducting Certification and Accreditation (CandA) Each correct answer represents a complete solution. Choose all that apply.

A. NIST Special Publication 800-59

B. NIST Special Publication 800-60

C. NIST Special Publication 800-37A

D. NIST Special Publication 800-37

E. NIST Special Publication 800-53

F. NIST Special Publication 800-53A

Which of the following principles are defined by the IATF model Each correct answer represents a complete solution. Choose all that apply.

A. The degree to which the security of the system, as it is defined, designed, and implemented, meets the security needs.

B. The problem space is defined by the customer's mission or business needs.

C. The systems engineer and information systems security engineer define the solution space, which is driven by the problem space.

D. Always keep the problem and solution spaces separate.

Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle

A. Phase 1, Definition

B. Phase 3, Validation

C. Phase 4, Post Accreditation Phase

D. Phase 2, Verification

Which of the following federal laws establishes roles and responsibilities for information security, risk management, testing, and training, and authorizes NIST and NSA to provide guidance for security planning and implementation

A. Computer Fraud and Abuse Act

B. Government Information Security Reform Act (GISRA)

C. Federal Information Security Management Act (FISMA)

D. Computer Security Act

Which of the following Net-Centric Data Strategy goals are required to increase enterprise and community data over private user and system data Each correct answer represents a complete solution. Choose all that apply.

A. Understandability

B. Visibility

C. Interoperability

D. Accessibility

Which of the following CNSS policies describes the national policy on use of cryptomaterial by activities operating in high risk environments

A. CNSSP No. 14

B. NCSC No. 5

C. NSTISSP No. 6

D. NSTISSP No. 7

Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information

A. NSTISSP No. 11

B. NSTISSP No. 101

C. NSTISSP No. 7

D. NSTISSP No. 6

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information

A. Type III cryptography

B. Type III (E) cryptography

C. Type II cryptography

D. Type I cryptography