Free CISSP-ISSEP Practice Test

Stella works as a system engineer for BlueWell Inc. She wants to identify the performance thresholds of each build. Which of the following tests will help Stella to achieve her task.

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using.

SIMULATION -
Fill in the blank with the appropriate phrase. __________ provides instructions and directions for completing the Systems Security Authorization Agreement
(SSAA).

Which of the following is a document, usually in the form of a table, that correlates any two baseline documents that require a many-to-many relationship to determine the completeness of the relationship.

Which of the following configuration management system processes keeps track of the changes so that the latest acceptable configuration specifications are readily available.

SIMULATION -
Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after the implementation of new or enhanced controls.

Which of the following is designed to detect unwanted attempts at accessing, manipulating, and disabling of computer systems through the Internet.

Which of the following processes illustrate the study of a technical nature of interest to focused audience, and consist of interim or final reports on work made by NIST for external sponsors, including government and non-government sponsors.

SIMULATION -
Fill in the blank with an appropriate phrase. __________ seeks to improve the quality of process outputs by identifying and removing the causes of defects and variability in manufacturing and business processes.

SIMULATION -
Fill in the blank with an appropriate section name. _________________ is a section of the SEMP template, which specifies the methods and reasoning planned to build the requisite trade-offs between functionality, performance, cost, and risk.

Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system.

You work as a system engineer for BlueWell Inc. Which of the following documents will help you to describe the detailed plans, procedures, and schedules to guide the transition process.

Which of the following agencies serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related information available today.

Which of the following is a subset discipline of Corporate Governance focused on information security systems and their performance and risk management.

In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47, do the organizations build and execute a plan for establishing the interconnection, including executing or configuring appropriate security controls.

Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators.

Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should respond to the risk with the preplanned risk response.

Which of the following documents is described in the statement below It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning.

Which of the following protocols is built in the Web server and browser to encrypt data traveling over the Internet.

Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems.

Which of the following email lists is written for the technical audiences, and provides weekly summaries of security issues, new vulnerabilities, potential impact, patches and workarounds, as well as the actions recommended to mitigate risk.

Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information.

Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process.

Which of the following security controls is a set of layered security services that address communications and data security problems in the emerging Internet and intranet application space.

Which of the following protocols is used to establish a secure terminal to a remote network device.

Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one.

Which of the following is a type of security management for computers and networks in order to identify security breaches.

Which of the following federal laws is designed to protect computer data from theft.

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed.

Which of the following assessment methodologies defines a six-step technical security evaluation.

Which of the following cooperative programs carried out by NIST conducts research to advance the nation's technology infrastructure.

Which of the following policies describes the national policy on the secure electronic messaging service.

You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of the following tests will help you to perform the above task.

Which of the following individuals is responsible for the oversight of a program that is supported by a team of people that consists of, or be exclusively comprised of contractors.

Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats.

Which of the following refers to a process that is used for implementing information security.

You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation of Federal Information Systems.

Which of the following configuration management system processes defines which items will be configuration managed, how they are to be identified, and how they are to be documented.

Which of the following statements is true about residual risks.

Which of the following Registration Tasks sets up the business or operational functional description and system identification.

DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires basic integrity and availability.

Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality.

Which of the following tasks obtains the customer agreement in planning the technical effort.

Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls.

Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system.

Which of the following elements of Registration task 4 defines the system's external interfaces as well as the purpose of each external interface, and the relationship between the interface and the system.

Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process.

Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through the filter.

Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media.