CISSP-ISSEP Information Systems Security Engineering Exam Set 2

In which of the following DIACAP phases is residual risk analyzed


Options are :

  • B. Phase 3
  • A. Phase 2
  • C. Phase 5
  • D. Phase 1
  • E. Phase 4 (Correct)

Answer : E. Phase 4

CISSP Asset Security Practice Exam Final File Trabslate Exam Set 2

Which of the following processes describes the elements such as quantity, quality, coverage, timelines, and availability, and categorizes the different functions that the system will need to perform in order to gather the documented missionbusiness needs


Options are :

  • D. Performance requirements
  • C. Human factors
  • B. Operational scenarios
  • A. Functional requirements (Correct)

Answer : A. Functional requirements

Which of the following federal laws are related to hacking activities Each correct answer represents a complete solution. Choose three.

A. 18 U.S.C. 1030

B. 18 U.S.C. 1029

C. 18 U.S.C. 2510

D. 18 U.S.C. 1028


Options are :

  • None
  • A,B,C (Correct)
  • A,C,B
  • D,A,B

Answer : A,B,C

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site


Options are :

  • B. NSA-IAM
  • A. ASSET
  • C. NIACAP (Correct)
  • D. DITSCAP

Answer : C. NIACAP

CISSP - Security and Risk Management Pratice Questions

Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart


Options are :

  • A. Risk response plan
  • B. Quantitative analysis
  • C. Risk response
  • D.Contingency reserve (Correct)

Answer : D.Contingency reserve

Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that   the system requires C&A Support   


Options are :

  • D. Registration Task 2 (Correct)
  • A. Registration Task 4
  • B. Registration Task 1
  • C. Registration Task 3

Answer : D. Registration Task 2

NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews



Options are :

  • A. Abbreviated (Correct)
  • B. Significant
  • D. Comprehensive
  • C. Substantial

Answer : A. Abbreviated

CISSP Security and Risk Management Certified Practice Exam Set 4

Which of the following NIST documents describes that minimizing negative impact on an organization and a need for sound basis in decision making are the fundamental reasons organizations implement a risk management process for their IT systems



Options are :

  • A. NIST SP 800-37
  • B. NIST SP 800-30 (Correct)
  • D. NIST SP 800-60
  • C. NIST SP 800-53

Answer : B. NIST SP 800-30

Which of the following CNSS policies describes the national policy on controlled access protection


Options are :

  • C. NCSC No. 5
  • A. NSTISSP No. 101
  • B. NSTISSP No. 200 (Correct)
  • D. CNSSP No. 14

Answer : B. NSTISSP No. 200

Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls


Options are :

  • A. IATO (Correct)
  • B. DATO
  • C. ATO
  • D. IATT

Answer : A. IATO

CISSP-ISSEP Information Systems Security Engineering Exam Set 5

Which of the following processes provides guidance to the system designers and form the basis of major events in the acquisition phases, such as testing the products for system integration


Options are :

  • D. Performance requirements
  • C. Human factors
  • B. Functional requirements
  • A. Operational scenarios (Correct)

Answer : A. Operational scenarios

CISSP - Mock Questions with all domains

Which of the following policies describes the national policy on the secure electronic messaging service


Options are :

  • C. NSTISSP No. 6
  • D. NSTISSP No. 101
  • B. NSTISSP No. 7 (Correct)
  • A. NSTISSP No. 11

Answer : B. NSTISSP No. 7

Which of the following is NOT used in the practice of Information Assurance (IA) to define assurance requirements



Options are :

  • C. Communications Management Plan (Correct)
  • A. Classic information security model
  • D. Parkerian Hexad
  • B. Five Pillars model

Answer : C. Communications Management Plan

What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

A. Conduct activities related to the disposition of the system data and objects.

B. Combine validation results in DIACAP scorecard.

C. Conduct validation activities.   

D.Execute and update IA implementation plan. 


Options are :

  • A,C,D
  • B,C,D (Correct)
  • D,C,A

Answer : B,C,D

CISSP Security Engineering Certification Practical Exam Set 6

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment Each correct answer represents a part of the solution. Choose all that apply.

A. Information Assurance Manager

B. Designated Approving Authority 

C. Certification agent

D. IS program manager

E. User representative



Options are :

  • B,A,D,E
  • A,C,D,E
  • B,C,D,E (Correct)

Answer : B,C,D,E

Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response


Options are :

  • B. Positive
  • D. Exploiting (Correct)
  • C. Opportunistic
  • A. Enhancing

Answer : D. Exploiting

You work as a system engineer for BlueWell Inc. Which of the following documents will help you to describe the detailed plans, procedures, and schedules to guide the transition process


Options are :

  • A. Configuration management plan
  • C. Systems engineering management plan (SEMP)
  • D. Acquisition plan
  • B. Transition plan (Correct)

Answer : B. Transition plan

CISSP - Security and Risk Management Pratice Questions

Which of the following Registration Tasks sets up the system architecture description, and describes the C&A boundary


Options are :

  • D. Registration Task 1
  • C. Registration Task 2
  • B. Registration Task 4 (Correct)
  • A. Registration Task 3

Answer : B. Registration Task 4

Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle


Options are :

  • A. Phase 1, Definition
  • C. Phase 4, Post Accreditation Phase (Correct)
  • B. Phase 3, Validation
  • D. Phase 2, Verification

Answer : C. Phase 4, Post Accreditation Phase

Which of the following is a document, usually in the form of a table, that correlates any two baseline documents that require a many-to-many relationship to determine the completeness of the relationship


Options are :

  • A. FIPS 200
  • C. Traceability matrix (Correct)
  • B. NIST SP 800-50
  • D. FIPS 199

Answer : C. Traceability matrix

CISSP Security and Risk Management Certified Practice Exam Set 2

Which of the following responsibilities are executed by the federal program manager

A. Ensure justification of expenditures and investment in systems engineering activities.

B. Coordinate activities to obtain funding.

C. Review project deliverables.

D. Review and approve project plans.


Options are :

  • A,B,D (Correct)
  • B,C,D
  • C,B,D

Answer : A,B,D

Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques and measures selected or developed


Options are :

  • C. Security Control Assessment Task 4
  • D. Security Control Assessment Task 2
  • B. Security Control Assessment Task 1
  • A. Security Control Assessment Task 3 (Correct)

Answer : A. Security Control Assessment Task 3

Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response. Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created


Options are :

  • A. The level of detail must define exactly the risk response for each identified risk.
  • D. The level of detail should correspond with the priority ranking (Correct)
  • B. The level of detail is set of project risk governance.
  • C. The level of detail is set by historical information.

Answer : D. The level of detail should correspond with the priority ranking

CISSP Security Engineering Certification Practice Exam Set 8

You work as a systems engineer for BlueWell Inc. You are working on translating system requirements into detailed function criteria. Which of the following diagrams will help you to show all of the function requirements and their groupings in one diagram


Options are :

  • A. Activity diagram
  • B. Functional flow block diagram (FFBD)
  • C. Functional hierarchy diagram (Correct)
  • D. Timeline analysis diagram

Answer : C. Functional hierarchy diagram

You work as a security engineer for BlueWell Inc. You are working on the ISSE model. In which of  A the following phases of the ISSE model is the system defined in terms of what security is needed   


Options are :

  • D. Define system security requirements (Correct)
  • B. Develop detailed security design
  • A. Define system security architecture
  • C. Discover information protection needs

Answer : D. Define system security requirements

Which of the following assessment methodologies defines a six-step technical security evaluation


Options are :

  • C. FIPS 102 (Correct)
  • B. OCTAVE
  • D. DITSCAP
  • A. FITSAF

Answer : C. FIPS 102

CISSP-ISSEP Information Systems Security Engineering Exam Set 7

Which of the following memorandums reminds the Federal agencies that it is required by law and policy to establish clear privacy policies for Web activities and to comply with those policies


Options are :

  • D. OMB M-00-13 (Correct)
  • B. OMB M-03-19
  • A. OMB M-01-08
  • C. OMB M-00-07

Answer : D. OMB M-00-13

TQM recognizes that quality of all the processes within an organization contribute to the quality of the product. Which of the following are the most important activities in the Total Quality Management Each correct answer represents a complete solution. Choose all that apply.

A. Quality renewal

B. Maintenance of quality

C. Quality costs

D. Quality improvements



Options are :

  • A,B,D (Correct)
  • D,B,A
  • A,C,D

Answer : A,B,D

Stella works as a system engineer for BlueWell Inc. She wants to identify the performance thresholds of each build. Which of the following tests will help Stella to achieve her task


Options are :

  • A. Regression test
  • D. Performance test (Correct)
  • C. Functional test
  • B.Reliability test

Answer : D. Performance test

CISSP Security Engineering Certification Practice Exam Set 1

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE Each correct answer represents a complete solution. Choose all that apply.

A. An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).

B. An ISSE provides advice on the impacts of system changes.

C. An ISSE provides advice on the continuous monitoring of the information system.

D. An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).

E. An ISSO takes part in the development activities that are required to implement system changes.



Options are :

  • C,A,D
  • B,C,D (Correct)
  • A,B,D

Answer : B,C,D

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now