ISSEP Online Practice Questions and Answers

Which of the following professionals is responsible for starting the Certification and Accreditation (CandA) process

A. Authorizing Official

B. Information system owner

C. Chief Information Officer (CIO)

D. Chief Risk Officer (CRO)

Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats

A. System Security Context

B. Information Protection Policy (IPP)

C. CONOPS

D. IMM

You work as a security engineer for BlueWell Inc. According to you, which of the following DITSCAPNIACAP model phases occurs at the initiation of the project, or at the initial CandA effort of a legacy system

A. Post Accreditation

B. Definition

C. Verification

D. Validation

Which of the following DoD policies establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels

A. DoD 8500.1 Information Assurance (IA)

B. DoD 8500.2 Information Assurance Implementation

C. DoDI 5200.40

D. DoD 8510.1-M DITSCAP

Which of the following tasks describes the processes required to ensure that the project includes all the work required, and only the work required, to complete the project successfully

A. Identify Roles and Responsibilities

B. Develop Project Schedule

C. Identify Resources and Availability

D. Estimate project scope

Which of the following phases of NIST SP 800-37 CandA methodology examines the residual risk for acceptability, and prepares the final security accreditation package

A. Initiation

B. Security Certification

C. Continuous Monitoring

D. Security Accreditation

Which of the following cooperative programs carried out by NIST speed ups the development of modern technologies for broad, national benefit by co-funding research and development partnerships with the private sector

A. Baldrige National Quality Program

B. Advanced Technology Program

C. Manufacturing Extension Partnership

D. NIST Laboratories

In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47 does the participating organizations perform the following tasks Perform preliminary activities. Examine all relevant technical, security and administrative issues. Form an agreement governing the management, operation, and use of the interconnection.

A. Establishing the interconnection

B. Disconnecting the interconnection

C. Planning the interconnection

D. Maintaining the interconnection

Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event

A. Earned value management

B. Risk audit

C. Corrective action

D. Technical performance measurement

Fill in the blank with an appropriate section name. _________________ is a section of the SEMP template, which specifies the methods and reasoning planned to build the requisite trade-offs between functionality, performance, cost, and risk.