CISSP-ISSEP Information Systems Security Engineering Exam Set 1

Which of the following agencies is responsible for funding the development of many technologies such as computer networking, as well as NLS


Options are :

  • D.DIAP
  • B. DTIC
  • C. DISA
  • A. DARPA (Correct)

Answer : A. DARPA

CISSP - Security Operations Mock Questions

According to which of the following DoD policies, the implementation of DITSCAP is mandatory for all the systems that process both DoD classified and unclassified information?


Options are :

  • A. DoD 8500.2
  • D. DoD 8500.1 (IAW) (Correct)
  • C. DoD 8510.1-M DITSCAP
  • B. DoDI 5200.40

Answer : D. DoD 8500.1 (IAW)

Which of the following Net-Centric Data Strategy goals are required to increase enterprise and community data over private user and system data Each correct answer represents a complete solution. Choose all that apply.

A. Understandability

B. Visibility

C. Interoperability

D. Accessibility



Options are :

  • B,D (Correct)
  • C,A
  • A,D

Answer : B,D

Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense


Options are :

  • C. DoD 5200.40 (Correct)
  • A. DoD 5200.22-M
  • B. DoD 8910.1
  • D. DoD 8000.1

Answer : C. DoD 5200.40

CISSP Security Engineering Certification Practical Exam Set 5

Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life


Options are :

  • B. National Security Agency (NSA)
  • D. United States Congress
  • A. National Institute of Standards and Technology (NIST) (Correct)
  • C. Committee on National Security Systems (CNSS)

Answer : A. National Institute of Standards and Technology (NIST)

Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which of the following is the correct order of C&A phases in a DITSCAP assessment


Options are :

  • B. Verification, Definition, Validation, and Post Accreditation
  • D. Definition, Verification, Validation, and Post Accreditation (Correct)
  • C. Verification, Validation, Definition, and Post Accreditation
  • A. Definition, Validation, Verification, and Post Accreditation

Answer : D. Definition, Verification, Validation, and Post Accreditation

Which of the following types of CNSS issuances describes how to implement the policy or prescribes the manner of a policy


Options are :

  • C. Policies
  • A. Advisory memoranda
  • B. Instructions (Correct)
  • D. Directives

Answer : B. Instructions

CISSP-ISSAP Information Systems Security Architecture Exam Set 6

What NIACAP certification levels are recommended by the certifier Each correct answer represents a complete solution. Choose all that apply.

A. Basic System Review

B. Basic Security Review

C. Maximum Analysis

D. Comprehensive Analysis

E. Detailed Analysis

F. Minimum Analysis



Options are :

  • A,D,E,F
  • B,A,E,F
  • B,D,E,F (Correct)

Answer : B,D,E,F

Which of the following roles is also known as the accreditor


Options are :

  • B. Chief Information Officer
  • A. Data owner
  • C. Chief Risk Officer
  • D. Designated Approving Authority (Correct)

Answer : D. Designated Approving Authority

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which  of the following are the international information security standards Each correct answer represents a complete solution. Choose all that apply.   

A. Organization of information security

. Human resources security

C. Risk assessment and treatment

D. AU audit and accountability



Options are :

  • A,B,C (Correct)
  • C,B,C
  • D,B,C

Answer : A,B,C

CISSP - Security and Risk Management Pratice Questions

The Concept of Operations (CONOPS) is a document describing the characteristics of a proposed system from the viewpoint of an individual who will use that system. Which of the following points are included in CONOPS Each correct answer represents a complete solution. Choose all that apply. 

A. Strategies, tactics, policies, and constraints affecting the system

B. Organizations, activities, and interactions among participants and stakeholders

C. Statement of the structure of the system

D. Clear statement of responsibilities and authorities delegated   

E. Statement of the goals and objectives of the system



Options are :

  • A,B,D,E (Correct)
  • C,B,D,E
  • C,B,D,A

Answer : A,B,D,E

Which of the following is NOT an objective of the security program


Options are :

  • D. Security plan (Correct)
  • B. Information classification
  • C. Security organization
  • A. Security education

Answer : D. Security plan

Which of the following phases of the ISSE model is used to determine why the system needs to be built and what information needs to be protected


Options are :

  • B. Define system security requirements
  • A. Develop detailed security design
  • C. Discover information protection needs (Correct)
  • D. Define system security architecture

Answer : C. Discover information protection needs

CISSP - Software Development Security Mock Questions

Which of the following organizations is a USG initiative designed to meet the security testing, evaluation, and assessment needs of both information technology (IT) producers and consumers


Options are :

  • A. NSA
  • C. CNSS
  • D. NIAP (Correct)
  • B. NIST

Answer : D. NIAP

Which of the of following departments protects and supports DoD information, information systems, and information networks that are critical to the department and the armed forces during the day-to-day operations, and in the time of crisis   


Options are :

  • DISA
  • DIAP (Correct)
  • DTIC
  • DARPA

Answer : DIAP

Which of the following federal laws establishes roles and responsibilities for information security, risk management, testing, and training, and authorizes NIST and NSA to provide guidance for security planning and implementation


Options are :

  • D. Computer Security Act
  • B. Government Information Security Reform Act (GISRA) (Correct)
  • C. Federal Information Security Management Act (FISMA)
  • A. Computer Fraud and Abuse Act

Answer : B. Government Information Security Reform Act (GISRA)

CISSP Security Engineering Certification Practical Exam Set 9

Which of the following are the most important tasks of the Information Management Plan (IMP) Each correct answer represents a complete solution. Choose all that apply.

A. Define the Information Protection Policy (IPP).

B. Define the System Security Requirements.

C. Define the mission need.

D. Identify how the organization manages its information.



Options are :

  • A,B,D
  • B,C,D
  • A,C,D (Correct)

Answer : A,C,D

Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system


Options are :

  • C. Phase 4
  • D. Phase 1
  • B. Phase 2 (Correct)
  • A. Phase 3

Answer : B. Phase 2

Which of the following acts assigns the Chief Information Officers (CIO) with the responsibility to develop Information Technology Architectures (ITAs) and is also referred to as the Information Technology Management Reform Act (ITMRA)


Options are :

  • A. Paperwork Reduction Act
  • B. Computer Misuse Act
  • D.Clinger Cohen Act (Correct)
  • C. Lanham Act

Answer : D.Clinger Cohen Act

CISSP Security and Risk Management Certified Practice Exam Set 1

Which of the following DoD policies establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels



Options are :

  • C. DoDI 5200.40
  • A. DoD 8500.1 Information Assurance (IA)
  • B. DoD 8500.2 Information Assurance Implementation (Correct)
  • D. DoD 8510.1-M DITSCAP

Answer : B. DoD 8500.2 Information Assurance Implementation

Which of the following certification levels requires the completion of the minimum security checklist, and the system user or an independent certifier can complete the checklist


Options are :

  • B. CL 3
  • A. CL 2
  • D. CL 4
  • C. CL 1 (Correct)

Answer : C. CL 1

The principle of the SEMP is not to repeat the information, but rather to ensure that there are processes in place to conduct those functions. Which of the following sections of the SEMP template describes the work authorization procedures as well as change management approval processes


Options are :

  • B. Section 3.1.9 (Correct)
  • C. Section 3.1.5
  • A. Section 3.1.8
  • D. Section 3.1.7

Answer : B. Section 3.1.9

CISSP - Security Operations Mock Questions

You work as a security engineer for BlueWell Inc. According to you, which of the following DITSCAPNIACAP model phases occurs at the initiation of the project, or at the initial C&A effort of a legacy system


Options are :

  • B. Definition (Correct)
  • A. Post Accreditation
  • C. Verification
  • D. Validation

Answer : B. Definition

The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer Each correct answer represents a complete solution. Choose all that apply.

A. Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan

B. Preserving high-level communications and working group relationships in an organization

C. Establishing effective continuous monitoring program for the organization

D. Facilitating the sharing of security risk-related information among authorizing officials


Options are :

  • D,B,C
  • C,B,C
  • A,B,C (Correct)

Answer : A,B,C

You work as a security engineer for BlueWell Inc. According to you, which of the following statements determines the main focus of the ISSE process


Options are :

  • B. Identify the information protection needs. (Correct)
  • C. Ensure information systems are designed and developed with functional relevance.
  • D. Instruct systems engineers on availability, integrity, and confidentiality.
  • A. Design information systems that will meet the certification and accreditation documentation.

Answer : B. Identify the information protection needs.

CISSP (Information Systems Security) Practice Tests 2019 Set 3

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system


Options are :

  • D. FITSAF
  • A. SSAA
  • B. TCSEC (Correct)
  • C. FIPS

Answer : B. TCSEC

Which of the following cooperative programs carried out by NIST provides a nationwide network of local centers offering technical and business assistance to small manufacturers 


Options are :

  • D. Baldrige National Quality Program
  • A. NIST Laboratories
  • C. Manufacturing Extension Partnership (Correct)
  • B. Advanced Technology Program

Answer : C. Manufacturing Extension Partnership

Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions


Options are :

  • B. NSA IAD (Correct)
  • C. DIAP
  • D. DARPA
  • A. DTIC

Answer : B. NSA IAD

CISSP Security Engineering Certification Practical Exam Set 2

The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on behalf of the performing organization. Which one of the following is NOT an example of the transference risk response


Options are :

  • C. Use of insurance
  • B. Performance bonds
  • A. Warranties
  • D. Life cycle costing (Correct)

Answer : D. Life cycle costing

FIPS 199 defines the three levels of potential impact on organizations. Which of the following potential impact levels shows limited adverse effects on organizational operations, organizational assets, or individuals   


Options are :

  • B. Medium
  • C. High
  • D. Low (Correct)
  • A. Moderate

Answer : D. Low

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions