CISSP-ISSEP Information Systems Security Engineering Exam Set 3

You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of the following tests will help you to perform the above task   


Options are :

  • A. Functional test (Correct)
  • D. Regression test
  • C. Performance test
  • B. Reliability test

Answer : A. Functional test

Which of the following is a subset discipline of Corporate Governance focused on information security systems and their performance and risk management


Options are :

  • B. Clinger-Cohen Act
  • A. Computer Misuse Act
  • D. Lanham Act
  • C. ISG (Correct)

Answer : C. ISG

CISSP - Security and Risk Management Pratice Questions

Which of the following security controls is standardized by the Internet Engineering Task Force (IETF) as the primary network layer protection mechanism


Options are :

  • D. Secure Socket Layer (SSL)
  • B. SMIME
  • A. Internet Key Exchange (IKE) Protocol
  • C. Internet Protocol Security (IPSec) (Correct)

Answer : C. Internet Protocol Security (IPSec)

Which of the following NIST Special Publication documents provides a guideline on network security testing


Options are :

  • A. NIST SP 800-60
  • D. NIST SP 800-42 (Correct)
  • B. NIST SP 800-37
  • F. NIST SP 800-53
  • C.NIST SP 800-59
  • E. NIST SP 800-53A

Answer : D. NIST SP 800-42

Which of the following acts promote a risk-based policy for cost effective security Each correct answer represents a part of the solution. Choose all that apply.

A. Clinger-Cohen Act

B. Lanham Act 

C. Paperwork Reduction Act (PRA)

D. Computer Misuse Act



Options are :

  • D,C
  • A,C (Correct)
  • D,A

Answer : A,C

CISSP-ISSEP Information Systems Security Engineering Exam Set 6

Which of the following cooperative programs carried out by NIST encourages performance excellence among U.S. manufacturers, service companies, educational institutions, and healthcare providers


Options are :

  • D. NIST Laboratories
  • A. Manufacturing Extension Partnership
  • C. Advanced Technology Program
  • B. Baldrige National Quality Program (Correct)

Answer : B. Baldrige National Quality Program

Which of the following processes illustrate the study of a technical nature of interest to focused audience, and consist of interim or final reports on work made by NIST for external sponsors, including government and non-government sponsors 


Options are :

  • C. NISTIRs (Internal Reports) (Correct)
  • D. DIACAP
  • B. Special Publication (SP)
  • A. Federal Information Processing Standards (FIPS)

Answer : C. NISTIRs (Internal Reports)

Which of the following DoD policies provides assistance on how to implement policy, assign responsibilities, and prescribe procedures for applying integrated, layered protection of the DoD information systems and networks


Options are :

  • B. DoDI 5200.40
  • D. DoD 8500.2 Information Assurance Implementation (Correct)
  • C. DoD 8510.1-M DITSCAP
  • A. DoD 8500.1 Information Assurance (IA)

Answer : D. DoD 8500.2 Information Assurance Implementation

CISSP Security Engineering Certification Practice Exam Set 6

Which of the following principles are defined by the IATF model Each correct answer represents a complete solution. Choose all that apply.

A. The degree to which the security of the system, as it is defined, designed, and implemented, meets the security needs.

B. The problem space is defined by the customer's mission or business needs.

C. The systems engineer and information systems security engineer define the solution space, which is driven by the problem space.

D. Always keep the problem and solution spaces separate.



Options are :

  • A,C,D
  • B,C,D (Correct)
  • D,B,A

Answer : B,C,D

Which of the following cooperative programs carried out by NIST conducts research to advance the nation's technology infrastructure


Options are :

  • C. Baldrige National Quality Program
  • A. Manufacturing Extension Partnership
  • D. Advanced Technology Program
  • B. NIST Laboratories (Correct)

Answer : B. NIST Laboratories

Which of the following is designed to detect unwanted attempts at accessing, manipulating, and disabling of computer systems through the Internet


Options are :

  • C. ACL
  • D. Ipsec
  • A. DAS
  • B. IDS (Correct)

Answer : B. IDS

CISSP - Security and Risk Management Pratice Questions

Which of the following approaches can be used to build a security program Each correct answer represents a complete solution. Choose all that apply.

A. Right-Up Approach

B. Left-Up Approach

C. Bottom-Up Approach

D. Top-Down Approach


Options are :

  • C,A
  • C,D (Correct)
  • A,D

Answer : C,D

Which of the following configuration management system processes keeps track of the changes so that the latest acceptable configuration specifications are readily available



Options are :

  • B. Configuration Verification and Audit
  • A. Configuration Identification
  • D. Configuration Control
  • C. Configuration Status and Accounting (Correct)

Answer : C. Configuration Status and Accounting

The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.

A. Assessment of the Analysis Results

B. Certification analysis

C. Registration

D. System development

E. Configuring refinement of the SSAA



Options are :

  • A,B,D,E (Correct)
  • A,C,D,E
  • C,B,D,E

Answer : A,B,D,E

CISSP - Security Operations Mock Questions

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems


Options are :

  • B. FITSAF
  • D. TCSEC
  • C. FIPS
  • A. SSAA (Correct)

Answer : A. SSAA

You work as a Network Administrator for PassGuide Inc. You need to secure web services of your company in order to have secure transactions. Which of the following will you recommend for providing security


Options are :

  • B. VPN
  • C. SMIME
  • D. SSL (Correct)
  • A. HTTP

Answer : D. SSL

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using


Options are :

  • A. Risk acceptance
  • B. Risk mitigation
  • D. Risk transfer (Correct)
  • C. Risk avoidance

Answer : D. Risk transfer

CISSP (Information Systems Security) Practice Tests 2019 Set 7

You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A methodology, which is based on four well defined phases. In which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occur


Options are :

  • C. Security Certification
  • B. Initiation (Correct)
  • D. Security Accreditation
  • A. Continuous Monitoring

Answer : B. Initiation

Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system


Options are :

  • C. Designated Approving Authority (DAA) (Correct)
  • B. Information Systems Security Officer (ISSO)
  • A. System Owner
  • D. Chief Information Security Officer (CISO)

Answer : C. Designated Approving Authority (DAA)

Which of the following tasks prepares the technical management plan in planning the technical effort


Options are :

  • B. Task 9 (Correct)
  • A. Task 10
  • C. Task 7
  • D. Task 8

Answer : B. Task 9

CISSP Security Engineering Certification Practice Exam Set 7

Which of the following cooperative programs carried out by NIST speed ups the development of modern technologies for broad, national benefit by co-funding research and development partnerships with the private sector   


Options are :

  • D. NIST Laboratories
  • C. Manufacturing Extension Partnership
  • B. Advanced Technology Program (Correct)
  • A.Baldrige National Quality Program

Answer : B. Advanced Technology Program

CISSP - Software Development Security Mock Questions

Della works as a systems engineer for BlueWell Inc. She wants to convert system requirements into a comprehensive function standard, and break the higher-level functions into lower-level functions. Which of the following processes will Della use to accomplish the task


Options are :

  • A. Risk analysis
  • C. Functional analysis (Correct)
  • D. Functional baseline
  • B. Functional allocation

Answer : C. Functional analysis

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy Each correct answer represents a part of the solution. Choose all that apply.

A. What is being secured

B. Who is expected to comply with the policy

C. Where is the vulnerability, threat, or risk

D. Who is expected to exploit the vulnerability



Options are :

  • D,B,C
  • A,B,C (Correct)
  • A,D,C

Answer : A,B,C

Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package


Options are :

  • B. Security Certification
  • D. Security Accreditation (Correct)
  • C. Continuous Monitoring
  • A. Initiation

Answer : D. Security Accreditation

CISSP - Software Development Security Mock Questions

Which of the following memorandums directs the Departments and Agencies to post clear privacy policies on World Wide Web sites, and provides guidance for doing it


Options are :

  • D. OMB M-00-07
  • B. OMB M-00-13
  • A. OMB M-99-18 (Correct)
  • C. OMB M-03-19

Answer : A. OMB M-99-18

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan Each correct answer represents a part of the solution. Choose all that apply.

A. Certification

B. Authorization

C. Post-certification

D. Post-Authorization

E. Pre-certification


Options are :

  • A,C,D,E
  • A,B,D,E (Correct)
  • C,B,D,E

Answer : A,B,D,E

Which of the following DITSCAPNIACAP model phases is used to confirm that the evolving system development and integration complies with the agreements between role players documented in the first phase



Options are :

  • A. Verification (Correct)
  • C. Post accreditation
  • B. Validation
  • D. Definition

Answer : A. Verification

CISSP Security and Risk Management Certified Practice Exam Set 3

Which of the following individuals reviews and approves project deliverables from a QA perspective


Options are :

  • D. Project manager
  • A. Information systems security engineer
  • C. Quality assurance manager (Correct)
  • B. System owner

Answer : C. Quality assurance manager

Which of the following certification levels requires the completion of the minimum security checklist and more in-depth, independent analysis


Options are :

  • D. CL 1
  • B. CL 4
  • A. CL 3 (Correct)
  • C. CL 2

Answer : A. CL 3

Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology systems and architectures and of the decision criteria which is used to evaluate security for information systems investments


Options are :

  • B. OMB M-99-18
  • C. OMB M-00-07 (Correct)
  • D.OMB M-03-19
  • A. OMB M-00-13

Answer : C. OMB M-00-07

CISSP - Mock Questions with all domains

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now