New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

ISSEP Questions and Answers

Question # 6

Which of the following federal laws are related to hacking activities Each correct answer represents a complete solution. Choose three.

A.

18 U.S.C. 1030

B.

18 U.S.C. 1029

C.

18 U.S.C. 2510

D.

18 U.S.C. 1028

Full Access
Question # 7

Fill in the blanks with an appropriate phrase. A ________ is an approved build of the product, and can be a single component or a combination of components.

A.

development baseline

Full Access
Question # 8

Choose and reorder the security certification document tasks.

A.

Full Access
Question # 9

Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators

A.

ISO 90012000

B.

Benchmarking

C.

SEI-CMM

D.

Six Sigma

Full Access
Question # 10

The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.

A.

Assessment of the Analysis Results

B.

Certification analysis

C.

Registration

D.

System development

E.

Configuring refinement of the SSAA

Full Access
Question # 11

Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy

A.

Networks and Infrastructures

B.

Supporting Infrastructures

C.

Enclave Boundaries

D.

Local Computing Environments

Full Access
Question # 12

According to which of the following DoD policies, the implementation of DITSCAP is mandatory for all the systems that process both DoD classified and unclassified information?

A.

DoD 8500.2

B.

DoDI 5200.40

C.

DoD 8510.1-M DITSCAP

D.

DoD 8500.1 (IAW)

Full Access
Question # 13

Which of the following agencies provides command and control capabilities and enterprise infrastructure to continuously operate and assure a global net-centric enterprise in direct support to joint warfighters, National level leaders, and other mission and coalition partners across the full spectrum of operations

A.

DARPA

B.

DTIC

C.

DISA

D.

DIAP

Full Access
Question # 14

Which of the following cooperative programs carried out by NIST conducts research to advance the nation's technology infrastructure

A.

Manufacturing Extension Partnership

B.

NIST Laboratories

C.

Baldrige National Quality Program

D.

Advanced Technology Program

Full Access
Question # 15

What NIACAP certification levels are recommended by the certifier Each correct answer represents a complete solution. Choose all that apply.

A.

Basic System Review

B.

Basic Security Review

C.

Maximum Analysis

D.

Comprehensive Analysis

E.

Detailed Analysis

F.

Minimum Analysis

Full Access
Question # 16

Which of the following are the most important tasks of the Information Management Plan (IMP) Each correct answer represents a complete solution. Choose all that apply.

A.

Define the Information Protection Policy (IPP).

B.

Define the System Security Requirements.

C.

Define the mission need.

D.

Identify how the organization manages its information.

Full Access
Question # 17

Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system

A.

System Owner

B.

Information Systems Security Officer (ISSO)

C.

Designated Approving Authority (DAA)

D.

Chief Information Security Officer (CISO)

Full Access
Question # 18

Which of the following memorandums directs the Departments and Agencies to post clear privacy policies on World Wide Web sites, and provides guidance for doing it

A.

OMB M-99-18

B.

OMB M-00-13

C.

OMB M-03-19

D.

OMB M-00-07

Full Access
Question # 19

You have been tasked with finding an encryption methodology that will encrypt most types of email attachments. The requirements are that your solution must use the RSA algorithm. Which of the following is your best choice

A.

PGP

B.

SMIME

C.

DES

D.

Blowfish

Full Access
Question # 20

Which of the following agencies serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related information available today

A.

DISA B.

DIAP

B.

DTIC

C.

DARPA

Full Access
Question # 21

Which of the following terms describes the measures that protect and support information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

A.

Information Systems Security Engineering (ISSE)

B.

Information Protection Policy (IPP)

C.

Information systems security (InfoSec)

D.

Information Assurance (IA)

Full Access
Question # 22

Which of the following rated systems of the Orange book has mandatory protection of the TCB

A.

C-rated

B.

B-rated

C.

D-rated

D.

A-rated

Full Access
Question # 23

Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques and measures selected or developed

A.

Security Control Assessment Task 3

B.

Security Control Assessment Task 1

C.

Security Control Assessment Task 4

D.

Security Control Assessment Task 2

Full Access
Question # 24

Which of the following certification levels requires the completion of the minimum security checklist, and the system user or an independent certifier can complete the checklist

A.

CL 2

B.

CL 3

C.

CL 1

D.

CL 4

Full Access
Question # 25

The DoD 8500 policy series represents the Department's information assurance strategy. Which of the following objectives are defined by the DoD 8500 series Each correct answer represents a complete solution. Choose all that apply.

A.

Providing IA Certification and Accreditation

B.

Providing command and control and situational awareness

C.

Defending systems

D.

Protecting information

Full Access
Question # 26

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production Each correct answer represents a part of the solution. Choose all that apply.

A.

Office of Management and Budget (OMB)

B.

NIST

C.

FISMA

D.

FIPS

Full Access
Question # 27

Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process

A.

Chief Information Officer

B.

Authorizing Official

C.

Common Control Provider

D.

Senior Agency Information Security Officer

Full Access
Question # 28

Which of the following is a subset discipline of Corporate Governance focused on information security systems and their performance and risk management

A.

Computer Misuse Act

B.

Clinger-Cohen Act

C.

ISG

D.

Lanham Act

Full Access
Question # 29

Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States

A.

Lanham Act

B.

FISMA

C.

Computer Fraud and Abuse Act

D.

Computer Misuse Act

Full Access
Question # 30

Which of the following Registration Tasks sets up the business or operational functional description and system identification

A.

Registration Task 2

B.

Registration Task 1

C.

Registration Task 3

D.

Registration Task 4

Full Access
Question # 31

Fill in the blank with an appropriate phrase. __________ seeks to improve the quality of process outputs by identifying and removing the causes of defects and variability in manufacturing and business processes.

A.

Six Sigma

Full Access
Question # 32

You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A methodology, which is based on four well defined phases. In which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occur

A.

Continuous Monitoring

B.

Initiation

C.

Security Certification

D.

Security Accreditation

Full Access