ISSEP Online Practice Questions and Answers

You work as a system engineer for BlueWell Inc. Which of the following documents will help you to describe the detailed plans, procedures, and schedules to guide the transition process

A. Configuration management plan

B. Transition plan

C. Systems engineering management plan (SEMP)

D. Acquisition plan

Which of the following certification levels requires the completion of the minimum security checklist, and the system user or an independent certifier can complete the checklist

A. CL 2

B. CL 3

C. CL 1

D. CL 4

Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls

A. IATO

B. DATO

C. ATO

D. IATT

Which of the following acts assigns the Chief Information Officers (CIO) with the responsibility to develop Information Technology Architectures (ITAs) and is also referred to as the Information Technology Management Reform Act (ITMRA)

A. Paperwork Reduction Act

B. Computer Misuse Act

C. Lanham Act

D. Clinger Cohen Act

Which of the following DITSCAPNIACAP model phases is used to confirm that the evolving system development and integration complies with the agreements between role players documented in the first phase

A. Verification

B. Validation

C. Post accreditation

D. Definition

Which of the following are the ways of sending secure e-mail messages over the Internet Each correct answer represents a complete solution. Choose two.

A. PGP

B. SMIME

C. TLS

D. IPSec

Which of the following individuals is an upper-level manager who has the power and capability to evaluate the mission, business case, and budgetary needs of the system while also considering the security risks

A. User Representative

B. Program Manager

C. Certifier

D. DAA

Which of the following categories of system specification describes the technical requirements that cover a service, which is performed on a component of the system

A. Product specification

B. Process specification

C. Material specification

D. Development specification

Which of the following firewall types operates at the Network layer of the OSI model and can filter data by port, interface address, source address, and destination address

A. Circuit-level gateway

B. Application gateway

C. Proxy server

D. Packet Filtering

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident

A. Corrective controls

B. Safeguards

C. Detective controls

D. Preventive controls

Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information

A. NSTISSP No. 11

B. NSTISSP No. 101

C. NSTISSP No. 7

D. NSTISSP No. 6

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation Each correct answer represents a complete solution. Choose all that apply.

A. Type accreditation

B. Site accreditation

C. System accreditation

D. Secure accreditation

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control

A. Quantitative risk analysis

B. Risk audits

C. Requested changes

D. Qualitative risk analysis

Continuous Monitoring is the fourth phase of the security certification and accreditation process. What activities are performed in the Continuous Monitoring process Each correct answer represents a complete solution. Choose all that apply.

A. Status reporting and documentation

B. Security control monitoring and impact analyses of changes to the information system

C. Configuration management and control

D. Security accreditation documentation E. Security accreditation decision

Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after the implementation of new or enhanced controls.