certkiller.cissp-issep - gratis exam · 2015-03-12 · question 14 which of the following...

Certkiller.CISSP-ISSEP.213q

Number: CISSP-ISSEPPassing Score: 800Time Limit: 120 minFile Version: 5.2

http://www.gratisexam.com/

ISSEP

ISSEP Information Systems Security Engineering Professional

Still valid , Hurry up guys study and pass this one.Many new questions are added , Good for review go ahead and pass the exam now.100% Valid in US, UK, Australia, India and Emirates. All my friends in group have these samequestions.ALHUMDULILLAH i have passed the exam with 986/1000 today. these dumps are 95% valid. thanx alotAwesome works,thanks for create easiness for us people.

Exam A

QUESTION 1FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodologyfor assessing the security of information systems. Which of the following FITSAF levels shows that theprocedures and controls are tested and reviewed

A. Level 4B. Level 5C. Level 1D. Level 2E. Level 3

Correct Answer: ASection: (none)Explanation

Explanation/Reference:answer is right.

QUESTION 2Which of the following professionals plays the role of a monitor and takes part in the organization'sconfiguration management process

A. Chief Information OfficerB. Authorizing Official

Build Your DreamsC. Common Control ProviderD. Senior Agency Information Security Officer

Correct Answer: CSection: (none)Explanation

Explanation/Reference:

QUESTION 3Which of the following processes culminates in an agreement between key players that a system in itscurrent configuration and operation provides adequate protection controls

A. Certification and accreditation (C&A)B. Risk ManagementC. Information systems security engineering (ISSE)D. Information Assurance (IA)


Explanation/Reference:updated.

QUESTION 4The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has beenaccredited in Phase 3. What are the process activities of this phase Each correct answer represents acomplete solution. Choose all that apply.

A. Security operationsB. Continue to review and refine the SSAA

C. Change managementD. Compliance validationE. System operationsF. Maintenance of the SSAA

Correct Answer: ACDEFSection: (none)Explanation

Explanation/Reference:Answer: E,A,F,C,D

QUESTION 5Which of the following email lists is written for the technical audiences, and provides weekly summaries ofsecurity issues, new vulnerabilities, potential impact, patches and workarounds, as well as the actionsrecommended to mitigate risk


A. Cyber Security TipB. Cyber Security AlertC. Cyber Security BulletinD. Technical Cyber Security Alert


Explanation/Reference:given answer is right.

QUESTION 6Which of the following tasks obtains the customer agreement in planning the technical effort

Build Your Dreams

A. Task 9B. Task 11C. Task 8D. Task 10

Correct Answer: BSection: (none)Explanation


QUESTION 7Which of the following documents were developed by NIST for conducting Certification & Accreditation(C&A) Each correct answer represents a complete solution. Choose all that apply.

A. NIST Special Publication 800-59B. NIST Special Publication 800-60

C. NIST Special Publication 800-37AD. NIST Special Publication 800-37E. NIST Special Publication 800-53F. NIST Special Publication 800-53A

Correct Answer: ABDEFSection: (none)Explanation

Explanation/Reference:Answer: D,E,F,A,B

QUESTION 8Which of the following elements are described by the functional requirements task Each correct answerrepresents a complete solution. Choose all that apply.

A. CoverageB. AccuracyC. QualityD. Quantity

Correct Answer: ACDSection: (none)Explanation


QUESTION 9Which of the following documents is defined as a source document, which is most useful for the ISSE whenclassifying the needed security functionality

A. Information Protection Policy (IPP)B. IMMC. System Security ContextD. CONOPS



QUESTION 10DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories(MAC) and confidentiality levels. Which of the following MAC levels requires basic integrity and availability

A. MAC IB. MAC IIC. MAC IVD. MAC III

Correct Answer: DSection: (none)Explanation


QUESTION 11What are the responsibilities of a system owner Each correct answer represents a complete solution.Choose all that apply.

A. Integrates security considerations into application and system purchasing decisions and developmentprojects.

B. Ensures that the necessary security controls are in place.C. Ensures that adequate security is being provided by the necessary controls, password management,

remote access controls, operating system configurations, and so on.D. Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident

response team and data owner.


Explanation/Reference:absolutely fine.

QUESTION 12Which of the following Registration Tasks sets up the business or operational functional description andsystem identification

A. Registration Task 2B. Registration Task 1C. Registration Task 3D. Registration Task 4



QUESTION 13Which of the following federal agencies provides a forum for the discussion of policy issues, sets nationalpolicy, and promulgates direction, operational procedures, and guidance for the security of national securitysystems


A. National Security AgencyCentral Security Service (NSACSS)B. National Institute of Standards and Technology (NIST)C. United States CongressD. Committee on National Security Systems (CNSS)



QUESTION 14Which of the following statements is true about residual risks

A. It can be considered as an indicator of threats coupled with vulnerability.B. It is a weakness or lack of safeguard that can be exploited by a threat.C. It is the probabilistic risk after implementing all security measures.D. It is the probabilistic risk before implementing all security measures.


Explanation/Reference:answer is perfect.

QUESTION 15According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance(IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areasof IA defined by DoD Each correct answer represents a complete solution. Choose all that apply.

A. DC Security Design & ConfigurationB. EC Enclave and Computing EnvironmentC. VI Vulnerability and Incident ManagementD. Information systems acquisition, development, and maintenance

Correct Answer: ABCSection: (none)Explanation

Explanation/Reference:great answwer.

QUESTION 16Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is asystematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a systemis in operation. Which of the following statements are true about Certification and Accreditation Eachcorrect answer represents a complete solution.Choose two.

Build Your Dreams

A. Accreditation is a comprehensive assessment of the management, operational, and technical securitycontrols in an information system.

B. Accreditation is the official management decision given by a senior agency official to authorize operationof an information system.

C. Certification is a comprehensive assessment of the management, operational, and technical securitycontrols in an information system.

D. Certification is the official management decision given by a senior agency official to authorize operationof an information system.

Correct Answer: BCSection: (none)Explanation

Explanation/Reference:true.

QUESTION 17Which of the following protocols is built in the Web server and browser to encrypt data traveling over theInternet

A. UDPB. SSLC. IPSecD. HTTP


Explanation/Reference:right answer.

QUESTION 18Which of the following configuration management system processes defines which items will beconfiguration managed, how they are to be identified, and how they are to be documented

A. Configuration verification and auditB. Configuration controlC. Configuration status accountingD. Configuration identification



QUESTION 19What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process Each correctanswer represents a complete solution. Choose all that apply.

A. Develop DIACAP strategy.B. Initiate IA implementation plan.C. Conduct validation activity.D. Assemble DIACAP team.E. Register system with DoD Component IA Program.F. Assign IA controls.

Build Your Dreams

Correct Answer: ABDEFSection: (none)Explanation

Explanation/Reference:Answer: E,F,D,A,B

QUESTION 20You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guidefor the security certification and accreditation of Federal Information Systems

A. NIST Special Publication 800-59B. NIST Special Publication 800-37C. NIST Special Publication 800-60D. NIST Special Publication 800-53

Correct Answer: BSection: (none)

Explanation


QUESTION 21Which of the following documents is described in the statement below It is developed along with allprocesses of the risk management. It contains the results of the qualitative risk analysis, quantitative riskanalysis, and risk response planning.

A. Risk management planB. Project charterC. Quality management planD. Risk register



QUESTION 22Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the projectplanning processes is now coming into fruition. What individual should respond to the risk with thepreplanned risk response

A. Project sponsorB. Risk ownerC. DianeD. Subject matter expert



QUESTION 23Which of the following refers to a process that is used for implementing information security

A. Classic information security modelB. Certification and Accreditation (C&A)C. Information Assurance (IA)D. Five Pillars model

Build Your Dreams



QUESTION 24In which of the following phases of the interconnection life cycle as defined by NIST SP 800- 47, do theorganizations build and execute a plan for establishing the interconnection, including executing orconfiguring appropriate security controls

A. Establishing the interconnectionB. Planning the interconnectionC. Disconnecting the interconnectionD. Maintaining the interconnection



QUESTION 25Which of the following tools demands involvement by upper executives, in order to integrate quality into thebusiness system and avoid delegation of quality functions to junior administrators

A. ISO 90012000B. BenchmarkingC. SEI-CMMD. Six Sigma



QUESTION 26Which of the following documents contains the threats to the information management, and the securityservices and controls required to counter those threats

A. System Security ContextB. Information Protection Policy (IPP)C. CONOPSD. IMM



QUESTION 27Which of the following statements define the role of the ISSEP during the development of the detailedsecurity design, as mentioned in the IATF document Each correct answer represents a complete solution.Choose all that apply.

A. It identifies the information protection problems that needs to be solved.Build Your Dreams

B. It allocates security mechanisms to system security design elements.C. It identifies custom security products.D. It identifies candidate commercial off-the-shelf (COTS)government off-the-shelf (GOTS) security

products.

Correct Answer: BDCSection: (none)Explanation


QUESTION 28Which of the following individuals is responsible for the oversight of a program that is supported by a teamof people that consists of, or be exclusively comprised of contractors

A. Quality Assurance ManagerB. Senior AnalystC. System OwnerD. Federal program manager



QUESTION 29Which of the following agencies serves the DoD community as the largest central resource for DoD andgovernment-funded scientific, technical, engineering, and business related information available today

A. DISA B.DIAP

B. DTICC. DARPA



QUESTION 30You work as a system engineer for BlueWell Inc. You want to verify that the build meets its datarequirements, and correctly generates each expected display and report. Which of the following tests willhelp you to perform the above task


A. Functional testB. Reliability testC. Performance testD. Regression test


Explanation/Reference:nice.

QUESTION 31You work as a system engineer for BlueWell Inc. Which of the following documents will help

Build Your Dreamsyou to describe the detailed plans, procedures, and schedules to guide the transition process

A. Configuration management planB. Transition planC. Systems engineering management plan (SEMP)D. Acquisition plan


Explanation/Reference:Best answer.

QUESTION 32Which of the following policies describes the national policy on the secure electronic messaging service

A. NSTISSP No. 11B. NSTISSP No. 7C. NSTISSP No. 6D. NSTISSP No. 101


Explanation/Reference:suitable answer.

QUESTION 33Which of the following is a subset discipline of Corporate Governance focused on information securitysystems and their performance and risk management

A. Computer Misuse ActB. Clinger-Cohen ActC. ISGD. Lanham Act



QUESTION 34Which of the following principles are defined by the IATF model Each correct answer represents a completesolution. Choose all that apply.

A. The degree to which the security of the system, as it is defined, designed, and implemented, meets thesecurity needs.

B. The problem space is defined by the customer's mission or business needs.C. The systems engineer and information systems security engineer define the solution space, which is

driven by the problem space.D. Always keep the problem and solution spaces separate.

Build Your Dreams

Correct Answer: BCDSection: (none)Explanation


QUESTION 35Which of the following cooperative programs carried out by NIST conducts research to advance the nation'stechnology infrastructure

A. Manufacturing Extension PartnershipB. NIST LaboratoriesC. Baldrige National Quality ProgramD. Advanced Technology Program


Explanation/Reference:exact answer.

QUESTION 36Which of the following persons in an organization is responsible for rejecting or accepting the residual riskfor a system

A. System OwnerB. Information Systems Security Officer (ISSO)C. Designated Approving Authority (DAA)D. Chief Information Security Officer (CISO)



QUESTION 37Which of the following assessment methodologies defines a six-step technical security evaluation

A. FITSAFB. OCTAVEC. FIPS 102D. DITSCAP



QUESTION 38What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAPprocess Each correct answer represents a complete solution. Choose all that apply.

A. Conduct activities related to the disposition of the system data and objects.B. Combine validation results in DIACAP scorecard.C. Conduct validation activities.D. Execute and update IA implementation plan.

Build Your Dreams

Correct Answer: DCBSection: (none)Explanation


QUESTION 39Which of the following memorandums reminds the Federal agencies that it is required by law and policy toestablish clear privacy policies for Web activities and to comply with those policies

A. OMB M-01-08B. OMB M-03-19C. OMB M-00-07D. OMB M-00-13


Explanation/Reference:fine.

QUESTION 40Lisa is the project manager of the SQL project for her company. She has completed the risk responseplanning with her project team and is now ready to update the risk register to reflect the risk response.Which of the following statements best describes the level of detail Lisa should include with the riskresponses she has created

A. The level of detail must define exactly the risk response for each identified risk.B. The level of detail is set of project risk governance.C. The level of detail is set by historical information.D. The level of detail should correspond with the priority ranking.


Explanation/Reference:applicable answer.

QUESTION 41You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&Amethodology, which is based on four well defined phases. In which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occur

A. Continuous MonitoringB. InitiationC. Security CertificationD. Security Accreditation


Explanation


QUESTION 42You work as a systems engineer for BlueWell Inc. You are working on translating system requirements intodetailed function criteria. Which of the following diagrams will help you to show all of the functionrequirements and their groupings in one diagram

Build Your Dreams

A. Activity diagramB. Functional flow block diagram (FFBD)C. Functional hierarchy diagramD. Timeline analysis diagram


Explanation/Reference:fit.

QUESTION 43Which of the following phases of DITSCAP includes the activities that are necessary for the continuingoperation of an accredited IT system in its computing environment and for addressing the changing threatsthat a system faces throughout its life cycle

A. Phase 1, DefinitionB. Phase 3, ValidationC. Phase 4, Post Accreditation PhaseD. Phase 2, Verification



QUESTION 44Which of the following Security Control Assessment Tasks evaluates the operational, technical, and themanagement security controls of the information system using the techniques and measures selected ordeveloped

A. Security Control Assessment Task 3B. Security Control Assessment Task 1C. Security Control Assessment Task 4D. Security Control Assessment Task 2



QUESTION 45The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated

system for certification testing and accreditation. What are the process activities of this phase Each correctanswer represents a complete solution. Choose all that apply.

A. Assessment of the Analysis ResultsB. Certification analysisC. RegistrationD. System developmentE. Configuring refinement of the SSAA

Build Your Dreams

Correct Answer: EDBASection: (none)Explanation


QUESTION 46You work as a Network Administrator for PassGuide Inc. You need to secure web services of your companyin order to have secure transactions. Which of the following will you recommend for providing security

A. HTTPB. VPNC. SMIMED. SSL



QUESTION 47Which of the following processes illustrate the study of a technical nature of interest to focused audience,and consist of interim or final reports on work made by NIST for external sponsors, including governmentand non-government sponsors

A. Federal Information Processing Standards (FIPS)B. Special Publication (SP)C. NISTIRs (Internal Reports)D. DIACAP



QUESTION 48You work as a security engineer for BlueWell Inc. You are working on the ISSE model. In which of thefollowing phases of the ISSE model is the system defined in terms of what security is needed

A. Define system security architectureB. Develop detailed security designC. Discover information protection needsD. Define system security requirements

Build Your Dreams



QUESTION 49TQM recognizes that quality of all the processes within an organization contribute to the quality of theproduct. Which of the following are the most important activities in the Total Quality Management Eachcorrect answer represents a complete solution. Choose all that apply.

A. Quality renewalB. Maintenance of qualityC. Quality costsD. Quality improvements

Correct Answer: BDASection: (none)Explanation


QUESTION 50Which of the following is designed to detect unwanted attempts at accessing, manipulating, and disabling ofcomputer systems through the Internet

A. DASB. IDSC. ACLD. Ipsec



QUESTION 51Which of the following security controls is standardized by the Internet Engineering Task Force (IETF) asthe primary network layer protection mechanism

A. Internet Key Exchange (IKE) ProtocolB. SMIMEC. Internet Protocol Security (IPSec)D. Secure Socket Layer (SSL)

Build Your Dreams



QUESTION 52Which of the following DoD policies provides assistance on how to implement policy, assign responsibilities,

and prescribe procedures for applying integrated, layered protection of the DoD information systems andnetworks

A. DoD 8500.1 Information Assurance (IA)B. DoDI 5200.40C. DoD 8510.1-M DITSCAPD. DoD 8500.2 Information Assurance Implementation



QUESTION 53Which of the following is a document, usually in the form of a table, that correlates any two baselinedocuments that require a many-to-many relationship to determine the completeness of the relationship

A. FIPS 200B. NIST SP 800-50C. Traceability matrixD. FIPS 199



QUESTION 54The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play therole of a supporter and advisor, respectively. Which of the following statements are true about ISSO andISSE Each correct answer represents a complete solution. Choose all that apply.

A. An ISSE manages the security of the information system that is slated for Certification & Accreditation(C&A).

B. An ISSE provides advice on the impacts of system changes.C. An ISSE provides advice on the continuous monitoring of the information system.D. An ISSO manages the security of the information system that is slated for Certification & Accreditation

(C&A).E. An ISSO takes part in the development activities that are required to implement system changes.

Correct Answer: DBCSection: (none)Explanation


QUESTION 55Which of the following configuration management system processes keeps track of the changes so that thelatest acceptable configuration specifications are readily available

A. Configuration IdentificationB. Configuration Verification and AuditC. Configuration Status and AccountingD. Configuration Control



QUESTION 56Which of the following refers to an information security document that is used in the United StatesDepartment of Defense (DoD) to describe and accredit networks and systems

A. SSAAB. FITSAFC. FIPSD. TCSEC



QUESTION 57Your company is covered under a liability insurance policy, which provides various liability coverage forinformation security risks, including any physical damage of assets, hacking attacks, etc. Which of thefollowing risk management techniques is your company using

A. Risk acceptanceB. Risk mitigationC. Risk avoidanceD. Risk transfer



QUESTION 58Build Your DreamsWhich of the following responsibilities are executed by the federal program manager

A. Ensure justification of expenditures and investment in systems engineering activities.B. Coordinate activities to obtain funding.C. Review project deliverables.D. Review and approve project plans.

Correct Answer: ABDSection: (none)Explanation


QUESTION 59Which of the following approaches can be used to build a security program Each correct answer representsa complete solution. Choose all that apply.

A. Right-Up ApproachB. Left-Up ApproachC. Bottom-Up ApproachD. Top-Down Approach

Correct Answer: DCSection: (none)Explanation


QUESTION 60Which of the following acts promote a risk-based policy for cost effective security Each correct answerrepresents a part of the solution. Choose all that apply.

A. Clinger-Cohen Act


B. Lanham ActC. Paperwork Reduction Act (PRA)D. Computer Misuse Act

Correct Answer: ACSection: (none)Explanation


QUESTION 61Which of the following tasks prepares the technical management plan in planning the technical effort

Build Your Dreams

A. Task 10B. Task 9C. Task 7D. Task 8



QUESTION 62Which of the following NIST Special Publication documents provides a guideline on network security testing

A. NIST SP 800-60B. NIST SP 800-37

C. NIST SP 800-59D. NIST SP 800-42E. NIST SP 800-53AF. NIST SP 800-53



QUESTION 63Which of the following agencies is responsible for funding the development of many technologies such ascomputer networking, as well as NLS

A. DARPAB. DTICC. DISAD. DIAP



QUESTION 64Which of the following organizations is a USG initiative designed to meet the security testing, evaluation,and assessment needs of both information technology (IT) producers and consumers

A. NSAB. NISTC. CNSSD. NIAP



QUESTION 65The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates acontractual-relationship for the third party to manage the risk on behalf of the performing organization.Which one of the following is NOT an example of the transference risk response

A. WarrantiesB. Performance bondsC. Use of insuranceD. Life cycle costing



QUESTION 66You work as a security engineer for BlueWell Inc. According to you, which of the followingDITSCAPNIACAP model phases occurs at the initiation of the project, or at the initial C&A effort of a legacysystem

A. Post AccreditationB. DefinitionC. VerificationD. Validation



QUESTION 67According to which of the following DoD policies, the implementation of DITSCAP is mandatory for all thesystems that process both DoD classified and unclassified information?

A. DoD 8500.2B. DoDI 5200.40C. DoD 8510.1-M DITSCAPD. DoD 8500.1 (IAW)

Build Your Dreams



QUESTION 68Which of the following federal laws are related to hacking activities Each correct answer represents acomplete solution. Choose three.

A. 18 U.S.C. 1030B. 18 U.S.C. 1029C. 18 U.S.C. 2510D. 18 U.S.C. 1028

Correct Answer: CBASection: (none)Explanation


QUESTION 69Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that thesystem requires C&A Support




QUESTION 70Which of the following are the most important tasks of the Information Management Plan (IMP) Eachcorrect answer represents a complete solution. Choose all that apply.

A. Define the Information Protection Policy (IPP).B. Define the System Security Requirements.C. Define the mission need.D. Identify how the organization manages its information.

Correct Answer: CDASection: (none)Explanation


QUESTION 71FIPS 199 defines the three levels of potential impact on organizations. Which of the following potentialimpact levels shows limited adverse effects on organizational operations, organizational assets, orindividuals

A. ModerateB. MediumC. HighD. Low

Build Your Dreams



QUESTION 72The principle of the SEMP is not to repeat the information, but rather to ensure that there are processes inplace to conduct those functions. Which of the following sections of the SEMP template describes the workauthorization procedures as well as change management approval processes

A. Section 3.1.8B. Section 3.1.9C. Section 3.1.5D. Section 3.1.7



QUESTION 73

Which of the of following departments protects and supports DoD information, information systems, andinformation networks that are critical to the department and the armed forces during the day-to-dayoperations, and in the time of crisis

A. DIAPB. DARPAC. DTICD. DISA



QUESTION 74Which of the following organizations incorporates building secure audio and video communicationsequipment, making tamper protection products, and providing trusted microelectronics solutions

A. DTICB. NSA IADC. DIAPD. DARPA



QUESTION 75Which of the following federal laws establishes roles and responsibilities for information security, riskmanagement, testing, and training, and authorizes NIST and NSA to provide guidance for security planningand implementation

Build Your Dreams

A. Computer Fraud and Abuse ActB. Government Information Security Reform Act (GISRA)C. Federal Information Security Management Act (FISMA)D. Computer Security Act



QUESTION 76Which of the following DITSCAP C&A phases takes place between the signing of the initial version of theSSAA and the formal accreditation of the system

A. Phase 3B. Phase 2C. Phase 4D. Phase 1



QUESTION 77Which of the following is a standard that sets basic requirements for assessing the effectiveness ofcomputer security controls built into a computer system

A. SSAAB. TCSECC. FIPSD. FITSAF



QUESTION 78What NIACAP certification levels are recommended by the certifier Each correct answer represents acomplete solution. Choose all that apply.

A. Basic System ReviewB. Basic Security ReviewC. Maximum AnalysisD. Comprehensive AnalysisE. Detailed AnalysisF. Minimum Analysis

Correct Answer: BFEDSection: (none)Explanation


QUESTION 79Build Your DreamsNIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Whichof the following NIST SP 800-53A interviews consists of informal and ad hoc interviews

A. AbbreviatedB. SignificantC. SubstantialD. Comprehensive



QUESTION 80Your project has several risks that may cause serious financial impact should they happen. You have

studied the risk events and made some potential risk responses for the risk events but management wantsyou to do more. They'd like for you to create some type of a chart that identified the risk probability andimpact with a financial amount for each risk event. What is the likely outcome of creating this type of chart

A. Risk response planB. Quantitative analysisC. Risk responseD. Contingency reserve



QUESTION 81Which of the following processes provides a standard set of activities, general tasks, and a managementstructure to certify and accredit systems, which maintain the information assurance and the security postureof a system or site

A. ASSETB. NSA-IAMC. NIACAPD. DITSCAP



QUESTION 82Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which ofthe following is the correct order of C&A phases in a DITSCAP assessment

A. Definition, Validation, Verification, and Post AccreditationB. Verification, Definition, Validation, and Post AccreditationC. Verification, Validation, Definition, and Post AccreditationD. Definition, Verification, Validation, and Post Accreditation



QUESTION 83Which of the following federal agencies has the objective to develop and promote measurement, standards,and technology to enhance productivity, facilitate trade, and improve the quality of life

A. National Institute of Standards and Technology (NIST)B. National Security Agency (NSA)C. Committee on National Security Systems (CNSS)D. United States Congress

Correct Answer: A

Section: (none)Explanation


QUESTION 84Numerous information security standards promote good security practices and define frameworks orsystems to structure the analysis and design for managing information security controls. Which of thefollowing are the international information security standards Each correct answer represents a completesolution. Choose all that apply.


A. Organization of information securityB. Human resources securityC. Risk assessment and treatmentD. AU audit and accountability

Build Your Dreams



QUESTION 85Which of the following certification levels requires the completion of the minimum security checklist, and thesystem user or an independent certifier can complete the checklist

A. CL 2B. CL 3C. CL 1D. CL 4



QUESTION 86Which of the following cooperative programs carried out by NIST provides a nationwide network of localcenters offering technical and business assistance to small manufacturers

A. NIST LaboratoriesB. Advanced Technology ProgramC. Manufacturing Extension PartnershipD. Baldrige National Quality Program

Correct Answer: CSection: (none)

Explanation


QUESTION 87Which of the following DoD directives defines DITSCAP as the standard C&A process for the Departmentof Defense

A. DoD 5200.22-MB. DoD 8910.1C. DoD 5200.40D. DoD 8000.1



QUESTION 88You work as a security engineer for BlueWell Inc. According to you, which of the following statementsdetermines the main focus of the ISSE process

A. Design information systems that will meet the certification and accreditation documentation.B. Identify the information protection needs.C. Ensure information systems are designed and developed with functional relevance.D. Instruct systems engineers on availability, integrity, and confidentiality.

Build Your Dreams



QUESTION 89Which of the following is NOT an objective of the security program

A. Security educationB. Information classificationC. Security organizationD. Security plan



QUESTION 90The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given tothe most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer Eachcorrect answer represents a complete solution. Choose all that apply.

A. Proposing the information technology needed by an enterprise to achieve its goals and then workingwithin a budget to implement the plan

B. Preserving high-level communications and working group relationships in an organizationC. Establishing effective continuous monitoring program for the organizationD. Facilitating the sharing of security risk-related information among authorizing officials



QUESTION 91Which of the following is a temporary approval to operate based on an assessment of the implementationstatus of the assigned IA Controls

A. IATOB. DATOC. ATOD. IATT



QUESTION 92Which of the following phases of the ISSE model is used to determine why the system needs to be built andwhat information needs to be protected

A. Develop detailed security designB. Define system security requirements

Build Your DreamsC. Discover information protection needsD. Define system security architecture



QUESTION 93Which of the following Net-Centric Data Strategy goals are required to increase enterprise and communitydata over private user and system data Each correct answer represents a complete solution. Choose allthat apply.

A. UnderstandabilityB. VisibilityC. InteroperabilityD. Accessibility

Correct Answer: BDSection: (none)Explanation


QUESTION 94Which of the following acts assigns the Chief Information Officers (CIO) with the responsibility to developInformation Technology Architectures (ITAs) and is also referred to as the Information TechnologyManagement Reform Act (ITMRA)

A. Paperwork Reduction ActB. Computer Misuse ActC. Lanham ActD. Clinger Cohen Act



QUESTION 95Which of the following types of CNSS issuances describes how to implement the policy or prescribes themanner of a policy

A. Advisory memorandaB. InstructionsC. PoliciesD. Directives



QUESTION 96The Concept of Operations (CONOPS) is a document describing the characteristics of a proposed systemfrom the viewpoint of an individual who will use that system. Which of the following points are included inCONOPS Each correct answer represents a complete

Build Your Dreamssolution. Choose all that apply.

A. Strategies, tactics, policies, and constraints affecting the systemB. Organizations, activities, and interactions among participants and stakeholdersC. Statement of the structure of the systemD. Clear statement of responsibilities and authorities delegatedE. Statement of the goals and objectives of the system

Correct Answer: EABDSection: (none)Explanation


QUESTION 97Which of the following processes describes the elements such as quantity, quality, coverage, timelines, andavailability, and categorizes the different functions that the system will need to perform in order to gather thedocumented missionbusiness needs

A. Functional requirementsB. Operational scenariosC. Human factorsD. Performance requirements



QUESTION 98Which of the following DoD policies establishes IA controls for information systems according to theMission Assurance Categories (MAC) and confidentiality levels

A. DoD 8500.1 Information Assurance (IA)B. DoD 8500.2 Information Assurance ImplementationC. DoDI 5200.40D. DoD 8510.1-M DITSCAP



QUESTION 99Which of the following tasks describes the processes required to ensure that the project includes all thework required, and only the work required, to complete the project successfully

A. Identify Roles and ResponsibilitiesB. Develop Project ScheduleC. Identify Resources and AvailabilityD. Estimate project scope



QUESTION 100System Authorization is the risk management process. System Authorization Plan (SAP) is acomprehensive and uniform approach to the System Authorization Process. What are the different phasesof System Authorization Plan Each correct answer represents a part of the solution. Choose all that apply.

A. CertificationB. AuthorizationC. Post-certificationD. Post-AuthorizationE. Pre-certification

Correct Answer: EABDSection: (none)Explanation


QUESTION 101Which of the following CNSS policies describes the national policy on securing voice communications




QUESTION 102Build Your DreamsWhich of the following phases of NIST SP 800-37 C&A methodology examines the residual risk foracceptability, and prepares the final security accreditation package

A. InitiationB. Security CertificationC. Continuous MonitoringD. Security Accreditation



QUESTION 103Which of the following are the phases of the Certification and Accreditation (C&A) process Each correctanswer represents a complete solution. Choose two.

A. AuditingB. InitiationC. Continuous MonitoringD. Detection

Correct Answer: BCSection: (none)Explanation


QUESTION 104Which of the following DITSCAPNIACAP model phases is used to confirm that the evolving systemdevelopment and integration complies with the agreements between role players documented in the firstphase

A. VerificationB. ValidationC. Post accreditation

D. Definition



QUESTION 105Which of the following are the ways of sending secure e-mail messages over the Internet Each correctanswer represents a complete solution. Choose two.

A. PGPB. SMIMEC. TLSD. IPSec

Build Your Dreams

Correct Answer: ABSection: (none)Explanation


QUESTION 106Which of the following memorandums directs the Departments and Agencies to post clear privacy policieson World Wide Web sites, and provides guidance for doing it




QUESTION 107Which of the following categories of system specification describes the technical, performance, operational,maintenance, and support characteristics for the entire system

A. Process specificationB. Product specificationC. Development specificationD. System specification



QUESTION 108You have been tasked with finding an encryption methodology that will encrypt most types of email

attachments. The requirements are that your solution must use the RSA algorithm.Which of the following is your best choice

A. PGPB. SMIMEC. DESD. Blowfish



QUESTION 109Which of the following security controls works as the totality of protection mechanisms within a computersystem, including hardware, firmware, and software, the combination of which is responsible for enforcing asecurity policy

A. Trusted computing base (TCB)B. Common data security architecture (CDSA)C. Internet Protocol Security (IPSec)

Build Your DreamsD. Application program interface (API)


Explanation/Reference:appropriate.

QUESTION 110A security policy is an overall general statement produced by senior management that dictates what rolesecurity plays within the organization. Which of the following are required to be addressed in a welldesigned policy Each correct answer represents a part of the solution.Choose all that apply.

A. What is being securedB. Who is expected to comply with the policyC. Where is the vulnerability, threat, or riskD. Who is expected to exploit the vulnerability



QUESTION 111Which of the following organizations assists the President in overseeing the preparation of the federalbudget and to supervise its administration in Executive Branch agencies

A. NSACSSB. OMBC. DCAAD. NIST



QUESTION 112Which of the following describes a residual risk as the risk remaining after a risk mitigation has occurred

A. SSAAB. ISSOC. DAAD. DIACAP

Correct Answer: Section: (none)Explanation

Explanation/Reference:Answer: Pending

QUESTION 113Della works as a systems engineer for BlueWell Inc. She wants to convert system requirements into acomprehensive function standard, and break the higher-level functions into lower-level functions. Which ofthe following processes will Della use to accomplish the task

Build Your Dreams

A. Risk analysisB. Functional allocationC. Functional analysisD. Functional baseline


Explanation/Reference:valid.

QUESTION 114Which of the CNSS policies describes the national policy on certification and accreditation of nationalsecurity telecommunications and information systems




QUESTION 115Which of the following cooperative programs carried out by NIST speed ups the development of moderntechnologies for broad, national benefit by co-funding research and development partnerships with the

private sector

A. Baldrige National Quality ProgramB. Advanced Technology ProgramC. Manufacturing Extension PartnershipD. NIST Laboratories



QUESTION 116The DoD 8500 policy series represents the Department's information assurance strategy. Which of thefollowing objectives are defined by the DoD 8500 series Each correct answer represents a completesolution. Choose all that apply.

Build Your Dreams

A. Providing IA Certification and AccreditationB. Providing command and control and situational awarenessC. Defending systemsD. Protecting information

Correct Answer: DCBSection: (none)Explanation


QUESTION 117Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or atool accepted by the National Security Agency for protecting sensitive, unclassified information in thesystems as stated in Section 2315 of Title 10, United States Code

A. Type I cryptographyB. Type II cryptographyC. Type III (E) cryptographyD. Type III cryptography



QUESTION 118Which of the following characteristics are described by the DIAP Information Readiness Assessmentfunction Each correct answer represents a complete solution. Choose all that apply.

A. It performs vulnerabilitythreat analysis assessment.B. It provides for entry and storage of individual system data.C. It provides data needed to accurately assess IA readiness.D. It identifies and generates IA requirements.


Explanation/Reference:fine.

QUESTION 119The functional analysis process is used for translating system requirements into detailed function criteria.Which of the following are the elements of functional analysis process Each correct answer represents acomplete solution. Choose all that apply.

A. Model possible overall system behaviors that are needed to achieve the system requirements.B. Develop concepts and alternatives that are not technology or component bound.C. Decompose functional requirements into discrete tasks or activities, the focus is still on technology not

functions or components.D. Use a top-down with some bottom-up approach verification.

Build Your Dreams

Correct Answer: BADSection: (none)Explanation


QUESTION 120Which of the following acts is endorsed to provide a clear statement of the proscribed activity concerningcomputers to the law enforcement community, those who own and operate computers, and those temptedto commit crimes by unauthorized access to computers

A. Computer Fraud and Abuse ActB. Government Information Security Reform Act (GISRA)C. Computer Security ActD. Federal Information Security Management Act (FISMA)


Explanation/Reference:sophisticated answer.

QUESTION 121In which of the following phases of the interconnection life cycle as defined by NIST SP 800- 47 does theparticipating organizations perform the following tasks Perform preliminary activities. Examine all relevanttechnical, security and administrative issues. Form an agreement governing the management, operation,and use of the interconnection.

A. Establishing the interconnectionB. Disconnecting the interconnectionC. Planning the interconnectionD. Maintaining the interconnection



QUESTION 122Which of the following DITSCAP phases validates that the preceding work has produced an IS thatoperates in a specified computing environment

A. Phase 4B. Phase 2C. Phase 1D. Phase 3



QUESTION 123Which of the following terms describes the security of an information system against unauthorized accessto or modification of information, whether in storage, processing, or transit, and against the denial of serviceto authorized users or the provision of service to

Build Your Dreamsunauthorized users

A. Information Assurance (IA)B. Information Systems Security Engineering (ISSE)C. Information Protection Policy (IPP)D. Information systems security (InfoSec)


Explanation/Reference:trustful answer.

QUESTION 124Your project team has identified a project risk that must be responded to. The risk has been recorded in therisk register and the project team has been discussing potential risk responses for the risk event. The eventis not likely to happen for several months but the probability of the event is high. Which one of the followingis a valid response to the identified risk event


A. Earned value managementB. Risk auditC. Corrective actionD. Technical performance measurement



QUESTION 125Which of the following CNSS policies describes the national policy on use of cryptomaterial by activitiesoperating in high risk environments

A. CNSSP No. 14B. NCSC No. 5C. NSTISSP No. 6D. NSTISSP No. 7



QUESTION 126Which of the following sections of the SEMP template defines the project constraints, to include constraintson funding, personnel, facilities, manufacturing capability and capacity, critical resources, and otherconstraints

A. Section 3.1.5B. Section 3.1.8C. Section 3.1.9D. Section 3.1.7

Build Your Dreams



QUESTION 127Which of the following certification levels requires the completion of the minimum security checklist andmore in-depth, independent analysis

A. CL 3B. CL 4C. CL 2D. CL 1



QUESTION 128Which of the following individuals reviews and approves project deliverables from a QA perspective

A. Information systems security engineerB. System ownerC. Quality assurance manager

D. Project manager



QUESTION 129Which of the following memorandums reminds the departments and agencies of the OMB principles forincluding and funding security as an element of agency information technology systems and architecturesand of the decision criteria which is used to evaluate security for information systems investments




QUESTION 130Which of the following NIST Special Publication documents provides a guideline on questionnaires andchecklists through which systems can be evaluated for compliance against specific control objectives

A. NIST SP 800-53AB. NIST SP 800-37

Build Your DreamsC. NIST SP 800-53D. NIST SP 800-26E. NIST SP 800-59F. NIST SP 800-60



QUESTION 131Numerous information security standards promote good security practices and define frameworks orsystems to structure the analysis and design for managing information security controls. Which of thefollowing are the U.S. Federal Government information security standards Each correct answer representsa complete solution. Choose all that apply.

A. CA Certification, Accreditation, and Security AssessmentsB. Information systems acquisition, development, and maintenanceC. IR Incident ResponseD. SA System and Services Acquisition

Correct Answer: DCASection: (none)Explanation


QUESTION 132Which of the following is the acronym of RTM

A. Resource tracking methodB. Requirements Testing MatrixC. Requirements Traceability MatrixD. Resource timing method



QUESTION 133Which of the following individuals is responsible for monitoring the information system environment forfactors that can negatively impact the security of the system and its accreditation

A. Chief Information OfficerB. Chief Information Security OfficerC. Chief Risk OfficerD. Information System Owner



QUESTION 134Which of the following is the application of statistical methods to the monitoring and control of

Build Your Dreamsa process to ensure that it operates at its full potential to produce conforming product

A. Information Assurance (IA)B. Statistical process control (SPC)C. Information Protection Policy (IPP)D. Information management model (IMM)



QUESTION 135Which of the following DoD directives is referred to as the Defense Automation Resources ManagementManual

A. DoD 8910.1B. DoD 7950.1-MC. DoD 5200.22-M

D. DoD 5200.1-RE. DoDD 8000.1



QUESTION 136The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which ofthe following processes take place in phase 3 Each correct answer represents a complete solution. Chooseall that apply.

A. Agree on a strategy to mitigate risks.B. Evaluate mitigation progress and plan next assessment.C. Identify threats, vulnerabilities, and controls that will be evaluated.D. Document and implement a mitigation plan.

Correct Answer: ADBSection: (none)Explanation


QUESTION 137Which of the following elements of Registration task 4 defines the operating system, databasemanagement system, and software applications, and how they will be used

A. System firmwareB. System interfaceC. System softwareD. System hardware



QUESTION 138Della works as a security engineer for BlueWell Inc. She wants to establish configuration management andcontrol procedures that will document proposed or actual changes to the information system. Which of thefollowing phases of NIST SP 800-37 C&A methodology will define the above task

A. Security CertificationB. Security AccreditationC. InitiationD. Continuous Monitoring



QUESTION 139Which of the following types of CNSS issuances establishes or describes policy and programs, providesauthority, or assigns responsibilities

A. InstructionsB. DirectivesC. PoliciesD. Advisory memoranda



QUESTION 140Which of the following individuals is an upper-level manager who has the power and capability to evaluatethe mission, business case, and budgetary needs of the system while also considering the security risks

A. User RepresentativeB. Program ManagerC. CertifierD. DAA



QUESTION 141Which of the following rated systems of the Orange book has mandatory protection of the TCB

A. C-ratedB. B-ratedC. D-ratedD. A-rated

Build Your Dreams



QUESTION 142Which of the following categories of system specification describes the technical requirements that cover aservice, which is performed on a component of the system

A. Product specificationB. Process specificationC. Material specificationD. Development specification


Explanation


QUESTION 143Which of the following DITSCAPNIACAP model phases is used to show the required evidence to supportthe DAA in accreditation process and conclude in an Approval To Operate (ATO)

A. VerificationB. ValidationC. Post accreditationD. Definition



QUESTION 144Which of the following is a 1996 United States federal law, designed to improve the way the federalgovernment acquires, uses, and disposes information technology

A. Lanham ActB. Clinger-Cohen ActC. Computer Misuse ActD. Paperwork Reduction Act



QUESTION 145An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing OfficialEach correct answer represents a complete solution. Choose all that apply.

A. Ascertaining the security posture of the organization's information systemB. Reviewing security status reports and critical security documents Build Your DreamsC. Determining the requirement of reauthorization and reauthorizing information systems when requiredD. Establishing and implementing the organization's continuous monitoring program



QUESTION 146Which of the following areas of information system, as separated by Information Assurance Framework, isa collection of local computing devices, regardless of physical location, that are interconnected via localarea networks (LANs) and governed by a single security policy

A. Networks and InfrastructuresB. Supporting Infrastructures

C. Enclave BoundariesD. Local Computing Environments



QUESTION 147Which of the following individuals informs all C&A participants about life cycle actions, securityrequirements, and documented user needs

A. User representativeB. DAAC. Certification AgentD. IS program manager



QUESTION 148In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. Whatlevels of potential impact are defined by FIPS 199 Each correct answer represents a complete solution.Choose all that apply.

A. HighB. MediumC. LowD. Moderate



QUESTION 149Which of the following federal agencies coordinates, directs, and performs highly specialized activities toprotect U.S. information systems and produces foreign intelligence information

Build Your Dreams

A. National Institute of Standards and Technology (NIST)B. National Security AgencyCentral Security Service (NSACSS)C. Committee on National Security Systems (CNSS)D. United States Congress



QUESTION 150Which of the following firewall types operates at the Network layer of the OSI model and can filter data byport, interface address, source address, and destination address

A. Circuit-level gatewayB. Application gatewayC. Proxy serverD. Packet Filtering



QUESTION 151Which of the following are the subtasks of the Define Life-Cycle Process Concepts task Each correctanswer represents a complete solution. Choose all that apply.

A. TrainingB. PersonnelC. ControlD. Manpower

Correct Answer: DBASection: (none)Explanation


QUESTION 152You work as a systems engineer for BlueWell Inc. You want to protect and defend information andinformation systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. Which of the following processes will you use to accomplish the task

A. Information Assurance (IA)B. Risk ManagementC. Risk AnalysisD. Information Systems Security Engineering (ISSE)



QUESTION 153Build Your DreamsWhich of the following techniques are used after a security breach and are intended to limit the extent ofany damage caused by the incident

A. Corrective controlsB. SafeguardsC. Detective controlsD. Preventive controls



QUESTION 154DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories(MAC) and confidentiality levels. Which of the following MAC levels requires high integrity and mediumavailability

A. MAC IB. MAC IIC. MAC IIID. MAC IV



QUESTION 155There are seven risk responses for any project. Which one of the following is a valid risk response for anegative risk event

A. AcceptanceB. EnhanceC. ShareD. Exploit



QUESTION 156You work as a systems engineer for BlueWell Inc. You want to communicate the quantitative and qualitativesystem characteristics to all stakeholders. Which of the following documents will you use to achieve theabove task

A. IMMB. CONOPSC. IPPD. System Security Context



QUESTION 157Which of the following agencies provides command and control capabilities and enterprise infrastructure to

continuously operate and assure a global net-centric enterprise in direct support to joint warfighters,National level leaders, and other mission and coalition partners across the full spectrum of operations

A. DARPAB. DTICC. DISAD. DIAP



QUESTION 158A security policy is an overall general statement produced by senior management that dictates what rolesecurity plays within the organization. What are the different types of policies Each correct answerrepresents a complete solution. Choose all that apply.

A. RegulatoryB. AdvisoryC. SystematicD. Informative

Correct Answer: ABDSection: (none)Explanation


QUESTION 159Which of the following acts is used to recognize the importance of information security to the economic andnational security interests of the United States

A. Lanham ActB. FISMAC. Computer Fraud and Abuse ActD. Computer Misuse Act



QUESTION 160Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USGclassified information

A. NSTISSP No. 11B. NSTISSP No. 101C. NSTISSP No. 7

Build Your DreamsD. NSTISSP No. 6

Correct Answer: D



QUESTION 161Which of the following terms describes the measures that protect and support information and informationsystems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

A. Information Systems Security Engineering (ISSE)B. Information Protection Policy (IPP)C. Information systems security (InfoSec)D. Information Assurance (IA)



QUESTION 162Which of the following is an Information Assurance (IA) model that protects and defends information andinformation systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

A. Parkerian HexadB. Five Pillars modelC. Capability Maturity Model (CMM)D. Classic information security model



QUESTION 163You work as an ISSE for BlueWell Inc. You want to break down user roles, processes, and information untilambiguity is reduced to a satisfactory degree. Which of the following tools will help you to perform theabove task

A. PERT ChartB. Gantt ChartC. Functional Flow Block DiagramD. Information Management Model (IMM)



QUESTION 164The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimumstandard process for the certification and accreditation of computer and telecommunications systems thathandle U.S. national security information. What are the

Build Your Dreamsdifferent types of NIACAP accreditation Each correct answer represents a complete solution.Choose all that apply.

A. Type accreditationB. Site accreditationC. System accreditationD. Secure accreditation

Correct Answer: BACSection: (none)Explanation


QUESTION 165FIPS 199 defines the three levels of potential impact on organizations low, moderate, and high. Which ofthe following are the effects of loss of confidentiality, integrity, or availability in a high level potential impact


A. The loss of confidentiality, integrity, or availability might cause severe degradation in or loss of missioncapability to an extent.

B. The loss of confidentiality, integrity, or availability might result in major financial losses.C. The loss of confidentiality, integrity, or availability might result in a major damage to organizational

assets.D. The loss of confidentiality, integrity, or availability might result in severe damages like life threatening

injuries or loss of life.

Correct Answer: ABCDSection: (none)Explanation


QUESTION 166Which of the following individuals are part of the senior management and are responsible for authorizationof individual systems, approving enterprise solutions, establishing security policies, providing funds, andmaintaining an understanding of risks at all levels Each correct answer represents a complete solution.Choose all that apply.

A. Chief Information OfficerB. AO Designated RepresentativeC. Senior Information Security OfficerD. User RepresentativeE. Authorizing Official

Correct Answer: EBACSection: (none)Explanation


QUESTION 167Which of the following laws is the first to implement penalties for the creator of viruses, worms, and othertypes of malicious code that causes harm to the computer systems

A. Computer Fraud and Abuse ActBuild Your Dreams

B. Computer Security ActC. Gramm-Leach-Bliley ActD. Digital Millennium Copyright Act



QUESTION 168Which of the following DoD policies establishes policies and assigns responsibilities to achieve DoD IAthrough a defense-in-depth approach that integrates the capabilities of personnel, operations, andtechnology, and supports the evolution to network-centric warfare

A. DoD 8500.2 Information Assurance ImplementationB. DoD 8510.1-M DITSCAPC. DoDI 5200.40D. DoD 8500.1 Information Assurance (IA)



QUESTION 169Which of the following are the functional analysis and allocation tools Each correct answer represents acomplete solution. Choose all that apply.

A. Functional flow block diagram (FFBD)B. Activity diagramC. Timeline analysis diagramD. Functional hierarchy diagram

Correct Answer: DACSection: (none)Explanation


QUESTION 170Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or atool accepted as a Federal Information Processing Standard

A. Type III (E) cryptographyB. Type III cryptographyC. Type I cryptography

D. Type II cryptography



QUESTION 171Which of the following are the benefits of SE as stated by MIL-STD-499B Each correct answer represents acomplete solution. Choose all that apply.

Build Your Dreams

A. It develops work breakdown structures and statements of work.B. It establishes and maintains configuration management of the system.C. It develops needed user training equipment, procedures, and data.D. It provides high-quality products and services, with the correct people and performance features, at an

affordable price, and on time.



QUESTION 172Which of the following security controls is a set of layered security services that address communicationsand data security problems in the emerging Internet and intranet application space

A. Internet Protocol Security (IPSec)B. Common data security architecture (CDSA)C. File encryptorsD. Application program interface (API)



QUESTION 173Which of the following protocols is used to establish a secure terminal to a remote network device

A. WEPB. SMTPC. SSHD. IPSec

Build Your Dreams



QUESTION 174Which of the following elements of Registration task 4 defines the system's external interfaces as well asthe purpose of each external interface, and the relationship between the interface and the system

A. System firmwareB. System softwareC. System interfaceD. System hardware



QUESTION 175Which of the following guidelines is recommended for engineering, protecting, managing, processing, andcontrolling national security and sensitive (although unclassified) information

A. Federal Information Processing Standard (FIPS)B. Special Publication (SP)C. NISTIRs (Internal Reports)D. DIACAP by the United States Department of Defense (DoD)



QUESTION 176Which of the following Security Control Assessment Tasks gathers the documentation and supportingmaterials essential for the assessment of the security controls in the information system

A. Security Control Assessment Task 4B. Security Control Assessment Task 3C. Security Control Assessment Task 1D. Security Control Assessment Task 2



QUESTION 177Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities

A. Advisory memorandaB. DirectivesC. InstructionsD. Policies



QUESTION 178Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or atool accepted by the National Security Agency for protecting classified information

A. Type III cryptographyB. Type III (E) cryptographyC. Type II cryptographyD. Type I cryptography



QUESTION 179Which of the following are the major tasks of risk management Each correct answer represents a completesolution. Choose two.

A. Risk identificationB. Building Risk free systemsC. Assuring the integrity of organizational dataD. Risk control

Correct Answer: ADSection: (none)Explanation


QUESTION 180You are working as a project manager in your organization. You are nearing the final stages of projectexecution and looking towards the final risk monitoring and controlling activities. For your project archives,which one of the following is an output of risk monitoring and control

A. Quantitative risk analysisB. Risk auditsC. Requested changesD. Qualitative risk analysis



QUESTION 181Continuous Monitoring is the fourth phase of the security certification and accreditation process. Whatactivities are performed in the Continuous Monitoring process Each correct answer represents a completesolution. Choose all that apply.

A. Status reporting and documentationB. Security control monitoring and impact analyses of changes to the information system

C. Configuration management and controlD. Security accreditation documentation E. Security accreditation decision



QUESTION 182Which of the following organizations incorporates building secure audio and video communicationsequipment, making tamper protection products, and providing trusted microelectronics solutions

A. DTICB. NSA IADC. DIAPD. DARPA



QUESTION 183Fill in the blank with an appropriate section name. _________________ is a section of the SEMP template,which specifies the methods and reasoning planned to build the requisite trade-offs between functionality,performance, cost, and risk.

Correct Answer: System AnalysisSection: (none)Explanation


QUESTION 184Fill in the blank with an appropriate phrase. __________ seeks to improve the quality of process outputs byidentifying and removing the causes of defects and variability in manufacturing and business processes.

Correct Answer: Six SigmaSection: (none)Explanation


QUESTION 185Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after theimplementation of new or enhanced controls.

Correct Answer: residual riskSection: (none)Explanation


QUESTION 186For interactive and self-paced preparation of exam ISSEP, try our practice exams.

Practice exams also include self assessment and reporting features! Fill in the blank with an appropriate word. _______ has the goal to securely interconnect people andsystems independent of time or location.

Correct Answer: NetcentricSection: (none)Explanation


QUESTION 187Fill in the blank with the appropriate phrase. __________ provides instructions and directions for completingthe Systems Security Authorization Agreement (SSAA).

Correct Answer: DoDI 5200.40Section: (none)Explanation


QUESTION 188Fill in the blank with an appropriate phrase. A ____________________ is defined as any activity that has aneffect on defining, designing, building, or executing a task, requirement, or procedure.

Correct Answer: technical effortSection: (none)Explanation


QUESTION 189Which of the following requires all general support systems and major applications to be fully certified andaccredited before these systems and applications are put into production Each correct answer represents apart of the solution. Choose all that apply.

A. Office of Management and Budget (OMB)B. NISTC. FISMAD. FIPS



QUESTION 190John works as a security engineer for BlueWell Inc. He wants to identify the different functions that thesystem will need to perform to meet the documented missionbusiness needs. Which of the followingprocesses will John use to achieve the task

A. Modes of operationB. Performance requirementC. Functional requirementD. Technical performance measures

Correct Answer: C



QUESTION 191Registration Task 5 identifies the system security requirements. Which of the following elements ofRegistration Task 5 defines the type of data processed by the system

A. Data security requirementB. Network connection ruleC. Applicable instruction or directiveD. Security concept of operation



QUESTION 192Build Your DreamsWhich of the following security controls will you use for the deployment phase of the SDLC to build securesoftware Each correct answer represents a complete solution. Choose all that apply.


A. Risk AdjustmentsB. Security Certification and Accreditation (C&A)C. Vulnerability Assessment and Penetration TestingD. Change and Configuration Control



QUESTION 193Fill in the blanks with an appropriate phrase. A ________ is an approved build of the product, and can be asingle component or a combination of components.

Correct Answer: development baselineSection: (none)Explanation


QUESTION 194Fill in the blank with an appropriate phrase. The ____________ helps the customer understand anddocument the information management needs that support the business or mission.

Correct Answer: systems engineerSection: (none)Explanation


QUESTION 195Fill in the blank with an appropriate phrase. _________________ is used to verify and accredit systems bymaking a standard process, set of activities, general tasks, and management structure.

Correct Answer: DITSCAPNIACAPSection: (none)Explanation


QUESTION 196Fill in the blank with an appropriate phrase. The ______________ process is used for allocatingperformance and designing the requirements to each function.

Correct Answer: functional allocationSection: (none)Explanation


QUESTION 197Fill in the blanks with an appropriate phrase. The______________ is the process of translating systemrequirements into detailed function criteri a.

Correct Answer: functional analysisSection: (none)Explanation


QUESTION 198Which of the following is a type of security management for computers and networks in order to identifysecurity breaches

A. IPSB. IDSC. ASAD. EAP



QUESTION 199Which of the following types of firewalls increases the security of data packets by remembering the state ofconnection at the network and the session layers as they pass through the filter

A. Stateless packet filter firewall

B. PIX firewallC. Stateful packet filter firewallD. Virtual firewall


Explanation/Reference:verified answer.

QUESTION 200Which of the following federal laws is designed to protect computer data from theft

A. Federal Information Security Management Act (FISMA)B. Computer Fraud and Abuse Act (CFAA)C. Government Information Security Reform Act (GISRA)D. Computer Security Act


Explanation/Reference:efficient answer.

QUESTION 201Which of the following is used to indicate that the software has met a defined quality level and is ready formass distribution either by electronic means or by physical media

A. ATMB. RTMC. CROD. DAA



QUESTION 202Part of your change management plan details what should happen in the change control system for yourproject. Theresa, a junior project manager, asks what the configuration management activities are forscope changes. You tell her that all of the following are valid configuration management activities except forwhich one

A. Configuration Item CostingB. Configuration IdentificationC. Configuration Verification and AuditingD. Configuration Status Accounting



QUESTION 203Which of the following professionals is responsible for starting the Certification & Accreditation (C&A)process

A. Authorizing OfficialB. Information system ownerC. Chief Information Officer (CIO)D. Chief Risk Officer (CRO)


Explanation/Reference:definite.

QUESTION 204Which of the following Registration Tasks sets up the system architecture description, and describes theC&A boundary




QUESTION 205Stella works as a system engineer for BlueWell Inc. She wants to identify the performance thresholds ofeach build. Which of the following tests will help Stella to achieve her task

A. Regression testB. Reliability testC. Functional testD. Performance test



QUESTION 206Build Your DreamsWhich of the following cooperative programs carried out by NIST encourages performance excellenceamong U.S. manufacturers, service companies, educational institutions, and healthcare providers

A. Manufacturing Extension PartnershipB. Baldrige National Quality ProgramC. Advanced Technology ProgramD. NIST Laboratories

Correct Answer: B



QUESTION 207Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered abyproduct in your project that your organization could use to make a profit. If your organization seizes thisopportunity it would be an example of what risk response

A. EnhancingB. PositiveC. OpportunisticD. Exploiting


Explanation/Reference:OKay.

QUESTION 208Which of the following processes provides guidance to the system designers and form the basis of majorevents in the acquisition phases, such as testing the products for system integration

A. Operational scenariosB. Functional requirementsC. Human factorsD. Performance requirements


Explanation/Reference:rightful.

QUESTION 209The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimumstandard process for the certification and accreditation of computer and telecommunications systems thathandle U.S. national security information. Which of the following participants are required in a NIACAPsecurity assessment Each correct answer represents a part of the solution. Choose all that apply.

A. Information Assurance ManagerB. Designated Approving Authority

Build Your DreamsC. Certification agentD. IS program managerE. User representative

Correct Answer: DBCESection: (none)Explanation


QUESTION 210

Which of the following is NOT used in the practice of Information Assurance (IA) to define assurancerequirements

A. Classic information security modelB. Five Pillars modelC. Communications Management PlanD. Parkerian Hexad



QUESTION 211Which of the following NIST documents describes that minimizing negative impact on an organization and aneed for sound basis in decision making are the fundamental reasons organizations implement a riskmanagement process for their IT systems

A. NIST SP 800-37B. NIST SP 800-30C. NIST SP 800-53D. NIST SP 800-60



QUESTION 212Which of the following roles is also known as the accreditor

A. Data ownerB. Chief Information OfficerC. Chief Risk OfficerD. Designated Approving Authority


Explanation/Reference:genuine answer,

QUESTION 213In which of the following DIACAP phases is residual risk analyzed

Build Your Dreams

A. Phase 2B. Phase 3C. Phase 5D. Phase 1E. Phase 4

Correct Answer: E

certkiller.cissp-issep - gratis exam · 2015-03-12 · question 14 which of the following...

Documents