CISSP-ISSEP Information Systems Security Engineering Exam Set 4

Which of the following organizations assists the President in overseeing the preparation of the federal budget and to supervise its administration in Executive Branch agencies


Options are :

  • D. NIST
  • C. DCAA
  • A. NSACSS
  • B. OMB (Correct)

Answer : B. OMB

The functional analysis process is used for translating system requirements into detailed function criteria. Which of the following are the elements of functional analysis process Each correct answer represents a complete solution. Choose all that apply.

A. Model possible overall system behaviors that are needed to achieve the system requirements.

B. Develop concepts and alternatives that are not technology or component bound.   

C. Decompose functional requirements into discrete tasks or activities, the focus is still on technology not functions or components. D. Use a top-down with some bottom-up approach verification.


Options are :

  • C,B,D
  • A,B,D (Correct)
  • D,B,D

Answer : A,B,D

Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation .


Options are :

  • A. Chief Information Officer
  • C. Chief Risk Officer
  • D.Information System Owner (Correct)
  • B. Chief Information Security Officer

Answer : D.Information System Owner

CISSP Security Engineering Certification Practice Exam Set 7

Which of the following terms describes the security of an information system against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users or the provision of service to unauthorized users


Options are :

  • C. Information Protection Policy (IPP)
  • B.Information Systems Security Engineering (ISSE)
  • D. Information systems security (InfoSec) (Correct)
  • A. Information Assurance (IA)

Answer : D. Information systems security (InfoSec)

Which of the following sections of the SEMP template defines the project constraints, to include constraints on funding, personnel, facilities, manufacturing capability and capacity, critical resources, and other constraints


Options are :

  • C. Section 3.1.9
  • B. Section 3.1.8 (Correct)
  • D. Section 3.1.7
  • A. Section 3.1.5

Answer : B. Section 3.1.8

Which of the following are the ways of sending secure e-mail messages over the Internet Each correct answer represents a complete solution. Choose two.

A. PGP

B. SMIME

C.  TLS

D. IPSec



Options are :

  • C,A
  • A,C
  • A,B (Correct)

Answer : A,B

CISSP Security Engineering Certification Practice Exam Set 2

Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual


Options are :

  • B. DoD 7950.1-M (Correct)
  • A. DoD 8910.1
  • D. DoD 5200.1-R
  • C. DoD 5200.22-M
  • E. DoDD 8000.1

Answer : B. DoD 7950.1-M

Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task



Options are :

  • D. Continuous Monitoring (Correct)
  • C. Initiation
  • A. Security Certification
  • B. Security Accreditation

Answer : D. Continuous Monitoring

Which of the following CNSS policies describes the national policy on use of cryptomaterial by activities operating in high risk environments



Options are :

  • B. NCSC No. 5 (Correct)
  • C. NSTISSP No. 6
  • D. NSTISSP No. 7
  • A. CNSSP No. 14

Answer : B. NCSC No. 5

CISSP-ISSEP Information Systems Security Engineering Exam Set 6

Which of the following are the phases of the Certification and Accreditation (C&A) process Each correct answer represents a complete solution. Choose two.

A. Auditing

B. Initiation 

C.Continuous Monitoring

D. Detection


Options are :

  • D,A
  • C,A
  • B,C (Correct)

Answer : B,C

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards Each correct answer represents a complete solution. Choose all that apply.

A. CA Certification, Accreditation, and Security Assessments   

B.Information systems acquisition, development, and maintenance

C. IR Incident Response

D. SA System and Services Acquisition



Options are :

  • B,C,D
  • D,C,A
  • A,C,D (Correct)

Answer : A,C,D

Which of the CNSS policies describes the national policy on certification and accreditation of national security telecommunications and information systems


Options are :

  • D. NSTISSP No. 101
  • A. NSTISSP No. 7
  • C. NSTISSP No. 6 (Correct)
  • B. NSTISSP No. 11

Answer : C. NSTISSP No. 6

CISSP - Security and Risk Management Pratice Questions

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting sensitive, unclassified information in the systems as stated in Section 2315 of Title 10, United States Code


Options are :

  • A. Type I cryptography
  • C. Type III (E) cryptography
  • B. Type II cryptography (Correct)
  • D. Type III cryptography

Answer : B. Type II cryptography

Which of the following characteristics are described by the DIAP Information Readiness Assessment function Each correct answer represents a complete solution. Choose all that apply.

A. It performs vulnerabilitythreat analysis assessment.

B. It provides for entry and storage of individual system data.

C. It provides data needed to accurately assess IA readiness.

D. It identifies and generates IA requirements.


Options are :

  • A,C,D (Correct)
  • B,A,D
  • C,A,D

Answer : A,C,D

Which of the following categories of system specification describes the technical, performance, operational, maintenance, and support characteristics for the entire system


Options are :

  • C. Development specification
  • B. Product specification
  • D.System specification (Correct)
  • A. Process specification

Answer : D.System specification

CISSP - Mock Questions with all domains

The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3 Each correct answer represents a complete solution. Choose all that apply.

A. Agree on a strategy to mitigate risks.

B. Evaluate mitigation progress and plan next assessment.

C. Identify threats, vulnerabilities, and controls that will be evaluated.

D. Document and implement a mitigation plan.



Options are :

  • C,B,D
  • B,C,D
  • A,B,D (Correct)

Answer : A,B,D

Which of the following is the application of statistical methods to the monitoring and control of a process to ensure that it operates at its full potential to produce conforming product


Options are :

  • B. Statistical process control (SPC) (Correct)
  • A. Information Assurance (IA)
  • C. Information Protection Policy (IPP)
  • D. Information management model (IMM)

Answer : B. Statistical process control (SPC)

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives


Options are :

  • F. NIST SP 800-60
  • C. NIST SP 800-53
  • E. NIST SP 800-59
  • B. NIST SP 800-37
  • A. NIST SP 800-53A
  • D. NIST SP 800-26 (Correct)

Answer : D. NIST SP 800-26

CISSP Security Engineering Certification Practical Exam Set 6

Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy



Options are :

  • A. Trusted computing base (TCB) (Correct)
  • B. Common data security architecture (CDSA)
  • D. Application program interface (API)
  • C. Internet Protocol Security (IPSec)

Answer : A. Trusted computing base (TCB)

QUESTION NO: 144 Which of the following describes a residual risk as the risk remaining after a risk mitigation has occurred



Options are :

  • D. DIACAP (Correct)
  • C. DAA
  • A. SSAA
  • B. ISSO

Answer : D. DIACAP

The DoD 8500 policy series represents the Department's information assurance strategy. Which of the following objectives are defined by the DoD 8500 series Each correct answer represents a complete solution. Choose all that apply.

A. Providing IA Certification and Accreditation

B. Providing command and control and situational awareness

C. Defending systems

D. Protecting information



Options are :

  • B,C,D (Correct)
  • A,B,D
  • C,A,D

Answer : B,C,D

CISSP Security Engineering Certification Practice Exam Set 7

In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47 does the participating organizations perform the following tasks Perform preliminary activities. Examine all relevant technical, security and administrative issues. Form an agreement governing the management, operation, and use of the interconnection.


Options are :

  • C. Planning the interconnection (Correct)
  • B.Disconnecting the interconnection
  • A. Establishing the interconnection
  • D. Maintaining the interconnection

Answer : C. Planning the interconnection

Which of the following elements of Registration task 4 defines the operating system, database management system, and software applications, and how they will be used


Options are :

  • A. System firmware
  • C. System software (Correct)
  • B. System interface
  • D. System hardware

Answer : C. System software

Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment


Options are :

  • D. Phase 3 (Correct)
  • C. Phase 1
  • A. Phase 4
  • B. Phase 2

Answer : D. Phase 3

CISSP - Security Engineering Mock Questions

Which of the following acts is endorsed to provide a clear statement of the proscribed activity concerning computers to the law enforcement community, those who own and operate computers, and those tempted to commit crimes by unauthorized access to computers


Options are :

  • D. Federal Information Security Management Act (FISMA)
  • A. Computer Fraud and Abuse Act (Correct)
  • B. Government Information Security Reform Act (GISRA)
  • C. Computer Security Act

Answer : A. Computer Fraud and Abuse Act

Which of the following CNSS policies describes the national policy on securing voice communications



Options are :

  • A. NSTISSP No. 6
  • C. NSTISSP No. 101 (Correct)
  • D. NSTISSP No. 200
  • B.NSTISSP No. 7

Answer : C. NSTISSP No. 101

You have been tasked with finding an encryption methodology that will encrypt most types of email attachments. The requirements are that your solution must use the RSA algorithm. Which of the following is your best choice


Options are :

  • D. Blowfish
  • C. DES
  • A. PGP
  • B. SMIME (Correct)

Answer : B. SMIME

CISSP - Security and Risk Management Pratice Questions

Which of the following tasks describes the processes required to ensure that the project includes all the work required, and only the work required, to complete the project successfully



Options are :

  • D. Estimate project scope (Correct)
  • A. Identify Roles and Responsibilities
  • C. Identify Resources and Availability
  • B. Develop Project Schedule

Answer : D. Estimate project scope

Which of the following is the acronym of RTM


Options are :

  • D. Resource timing method
  • A. Resource tracking method
  • C. Requirements Traceability Matrix (Correct)
  • B. Requirements Testing Matrix

Answer : C. Requirements Traceability Matrix

Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event


Options are :

  • C. Corrective action (Correct)
  • A. Earned value management
  • D. Technical performance measurement
  • B. Risk audit

Answer : C. Corrective action

CISSP Security and Risk Management Certified Practice Exam Set 2

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now