CISSP-ISSEP Information Systems Security Engineering Exam Set 5

Which of the following email lists is written for the technical audiences, and provides weekly summaries of security issues, new vulnerabilities, potential impact, patches and workarounds, as well as the actions recommended to mitigate risk


Options are :

  • D. Technical Cyber Security Alert
  • B. Cyber Security Alert
  • C. Cyber Security Bulletin
  • A. Cyber Security Tip

Answer : C. Cyber Security Bulletin

CISSP - Mock Questions with all domains

What are the responsibilities of a system owner Each correct answer represents a complete solution. Choose all that apply.

A. Integrates security considerations into application and system purchasing decisions and development projects.

B. Ensures that the necessary security controls are in place.

C. Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on.

D. Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.



Options are :

  • C,A,B
  • A,C,D
  • B,A,D

Answer : A,C,D

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.

A. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.

B. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system. C. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.

D. Certification is the official management decision given by a senior agency official to authorize operation of an information system.


Options are :

  • D,A
  • C,A
  • B,C

Answer : B,C

Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media   


Options are :

  • B. RTM
  • A. ATM
  • C. CRO
  • D. DAA

Answer : B. RTM

CISSP Security Engineering Certification Practice Exam Set 3

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed


Options are :

  • C. Level 1
  • A. Level 4
  • D. Level 2
  • B. Level 5
  • E. Level 3

Answer : A. Level 4

Which of the following individuals is responsible for the oversight of a program that is supported by  a team of people that consists of, or be exclusively comprised of contractors   


Options are :

  • B. Senior Analyst
  • C. System Owner
  • A. Quality Assurance Manager
  • D. Federal program manager

Answer : D. Federal program manager

Which of the following elements are described by the functional requirements task Each correct answer represents a complete solution. Choose all that apply.

A. Coverage

B. Accuracy   

C. Quality

D.Quantity 


Options are :

  • B,A,D
  • A,C,D
  • C,A,B

Answer : A,C,D

CISSP - Software Development Security Mock Questions

What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

A. Develop DIACAP strategy.

B. Initiate IA implementation plan.

C. Conduct validation activity.

D. Assemble DIACAP team.

E. Register system with DoD Component IA Program.

F. Assign IA controls.


Options are :

  • C,B,D,E,F
  • C,B,D,E,A
  • A,B,D,E,F

Answer : A,B,D,E,F

Which of the following agencies serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related information available today


Options are :

  • C. DTIC
  • B. DIAP
  • D. DARPA
  • A. DISA

Answer : C. DTIC

Which of the following documents is described in the statement below It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning.


Options are :

  • A. Risk management plan
  • B. Project charter
  • C. Quality management plan
  • D. Risk register

Answer : D. Risk register

CISSP Security and Risk Management Certified Practice Exam Set 4

Which of the following tasks obtains the customer agreement in planning the technical effort


Options are :

  • D. Task 10
  • B. Task 11
  • C. Task 8
  • A. Task 9

Answer : B. Task 11

Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process


Options are :

  • C. Common Control Provider
  • B. Authorizing Official
  • A. Chief Information Officer
  • D. Senior Agency Information Security Officer

Answer : C. Common Control Provider

In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47, do the organizations build and execute a plan for establishing the interconnection, including executing or configuring appropriate security controls


Options are :

  • C. Disconnecting the interconnection
  • D. Maintaining the interconnection
  • B. Planning the interconnection
  • A. Establishing the interconnection

Answer : A. Establishing the interconnection

CISSP - Mock Questions with all domains

According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD Each correct answer represents a complete solution. Choose all that apply.

A. DC Security Design & Configuration

B. EC Enclave and Computing Environment

C. VI Vulnerability and Incident Management

D. Information systems acquisition, development, and maintenance


Options are :

  • A,B,C
  • D,B,C
  • C,B,C

Answer : A,B,C

Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A) Each correct answer represents a complete solution. Choose all that apply.

A. NIST Special Publication 800-59

B. NIST Special Publication 800-60

C. NIST Special Publication 800-37A

D. NIST Special Publication 800-37

E. NIST Special Publication 800-53

F. NIST Special Publication 800-53A



Options are :

  • C,B,D,E,A
  • C,B,D,E,F
  • A,B,D,E,F

Answer : A,B,D,E,F

Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system


Options are :

  • C. Security Control Assessment Task 1
  • A. Security Control Assessment Task 4
  • D. Security Control Assessment Task 2
  • B. Security Control Assessment Task 3

Answer : C. Security Control Assessment Task 1

CISSP Security Engineering Certification Practical Exam Set 4

Which of the following elements of Registration task 4 defines the system's external interfaces as well as the purpose of each external interface, and the relationship between the interface and the system


Options are :

  • B. System software
  • A. System firmware
  • C. System interface
  • D. System hardware

Answer : C. System interface

Which of the following protocols is built in the Web server and browser to encrypt data traveling over the Internet


Options are :

  • B. SSL
  • A. UDP
  • C. IPSec
  • D. HTTP

Answer : B. SSL

Which of the following configuration management system processes defines which items will be configuration managed, how they are to be identified, and how they are to be documented


Options are :

  • D. Configuration identification
  • C. Configuration status accounting
  • A. Configuration verification and audit
  • B. Configuration control

Answer : D. Configuration identification

CISSP (Information Systems Security) Practice Tests 2019 Set 5

Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls


Options are :

  • C. Information systems security engineering (ISSE)
  • B. Risk Management
  • D. Information Assurance (IA)
  • A. Certification and accreditation (C&A)

Answer : A. Certification and accreditation (C&A)

Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats


Options are :

  • C. CONOPS
  • A. System Security Context
  • B. Information Protection Policy (IPP)
  • D. IMM

Answer : B. Information Protection Policy (IPP)

Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should respond to the risk with the preplanned risk response


Options are :

  • C. Diane
  • A. Project sponsor
  • B. Risk owner
  • D. Subject matter expert

Answer : B. Risk owner

CISSP Security Engineering Certification Practice Exam Set 1

Which of the following security controls is a set of layered security services that address communications and data security problems in the emerging Internet and intranet application space


Options are :

  • A. Internet Protocol Security (IPSec)
  • B. Common data security architecture (CDSA)
  • D. Application program interface (API)
  • C. File encryptors

Answer : B. Common data security architecture (CDSA)

Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through the filter


Options are :

  • B. PIX firewall
  • A. Stateless packet filter firewall
  • None of the Above
  • D. Virtual firewall
  • C. Stateful packet filter firewall

Answer : C. Stateful packet filter firewall

Which of the following is a type of security management for computers and networks in order to identify security breaches


Options are :

  • C. ASA
  • D. EAP
  • A. IPS
  • B. IDS

Answer : B. IDS

CISSP Security Assessment Testing Security Operations Exam Set 5

DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires basic integrity and availability


Options are :

  • B. MAC II
  • A. MAC I
  • C. MAC IV
  • D. MAC III

Answer : D. MAC III

Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document Each correct answer represents a complete solution. Choose all that apply.

A. It identifies the information protection problems that needs to be solved.

B. It allocates security mechanisms to system security design elements.

C. It identifies custom security products.

D. It identifies candidate commercial off-the-shelf (COTS)government off-the-shelf (GOTS) security products.


Options are :

  • C,A,D
  • B,C,D
  • A,C,D

Answer : B,C,D

Which of the following protocols is used to establish a secure terminal to a remote network device


Options are :

  • C. SSH
  • A. WEP B.
  • B. SMTP
  • D. IPSec

Answer : C. SSH

CISSP - Identity and Access Management (IAM)

The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.

A. Security operations

B. Continue to review and refine the SSAA

C. Change management

D. Compliance validation   

E. System operations

F. Maintenance of the SSAA 


Options are :

  • B,C,D,E,F
  • A,C,D,E,F
  • B,C,D,E,A

Answer : A,C,D,E,F

You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation of Federal Information Systems


Options are :

  • A. NIST Special Publication 800-59
  • D. NIST Special Publication 800-53
  • C. NIST Special Publication 800-60
  • B. NIST Special Publication 800-37

Answer : B. NIST Special Publication 800-37

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now