CISSP-ISSEP Information Systems Security Engineering Exam Set 6

Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one


Options are :

  • B. Configuration Identification
  • A. Configuration Item Costing (Correct)
  • D. Configuration Status Accounting
  • C. Configuration Verification and Auditing

Answer : A. Configuration Item Costing

CISSP - Security Engineering Mock Questions

Which of the following statements is true about residual risks



Options are :

  • D. It is the probabilistic risk before implementing all security measures.
  • B. It is a weakness or lack of safeguard that can be exploited by a threat.
  • A. It can be considered as an indicator of threats coupled with vulnerability.
  • C. It is the probabilistic risk after implementing all security measures. (Correct)

Answer : C. It is the probabilistic risk after implementing all security measures.

Which of the following federal laws is designed to protect computer data from theft


Options are :

  • D. Computer Security Act
  • C. Government Information Security Reform Act (GISRA)
  • B. Computer Fraud and Abuse Act (CFAA) (Correct)
  • A. Federal Information Security Management Act (FISMA)

Answer : B. Computer Fraud and Abuse Act (CFAA)

Which of the following refers to a process that is used for implementing information security


Options are :

  • A. Classic information security model
  • C. Information Assurance (IA)
  • B. Certification and Accreditation (C&A) (Correct)
  • D. Five Pillars model

Answer : B. Certification and Accreditation (C&A)

CISSP - Mock Questions with all domains

Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators


Options are :

  • C. SEI-CMM
  • A. ISO 90012000 (Correct)
  • D. Six Sigma
  • B. Benchmarking

Answer : A. ISO 90012000

Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process   


Options are :

  • D. Chief Risk Officer (CRO)
  • A.Authorizing Official
  • B. Information system owner (Correct)
  • C. Chief Information Officer (CIO)

Answer : B. Information system owner

Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information


Options are :

  • C. NISTIRs (Internal Reports)
  • D. DIACAP by the United States Department of Defense (DoD)
  • A. Federal Information Processing Standard (FIPS)
  • B. Special Publication (SP) (Correct)

Answer : B. Special Publication (SP)

CISSP - Security Operations Mock Questions

Which of the following Registration Tasks sets up the business or operational functional description and system identification


Options are :

  • C. Registration Task 3
  • D. Registration Task 4
  • B. Registration Task 1 (Correct)
  • A. Registration Task 2

Answer : B. Registration Task 1

Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems


Options are :

  • C. United States Congress
  • B. National Institute of Standards and Technology (NIST)
  • D. Committee on National Security Systems (CNSS) (Correct)
  • A. National Security AgencyCentral Security Service (NSACSS)

Answer : D. Committee on National Security Systems (CNSS)

Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality


Options are :

  • C. System Security Context
  • A. Information Protection Policy (IPP) (Correct)
  • D. CONOPS
  • B. IMM

Answer : A. Information Protection Policy (IPP)

CISSP Security Engineering Certification Practical Exam Set 5

You work as an ISSE for BlueWell Inc. You want to break down user roles, processes, and information until ambiguity is reduced to a satisfactory degree. Which of the following tools will help you to perform the above task


Options are :

  • D. Information Management Model (IMM) (Correct)
  • A. PERT Chart
  • B. Gantt Chart
  • C. Functional Flow Block Diagram

Answer : D. Information Management Model (IMM)

CISSP - Security Operations Mock Questions

Which of the following DoD policies establishes policies and assigns responsibilities to achieve DoD IA through a defense-in-depth approach that integrates the capabilities of personnel, operations, and technology, and supports the evolution to network-centric warfare



Options are :

  • B. DoD 8510.1-M DITSCAP
  • C. DoDI 5200.40
  • D. DoD 8500.1 Information Assurance (IA) (Correct)
  • A. DoD 8500.2 Information Assurance Implementation

Answer : D. DoD 8500.1 Information Assurance (IA)

Which of the following individuals is an upper-level manager who has the power and capability to evaluate the mission, business case, and budgetary needs of the system while also considering the security risks


Options are :

  • C. Certifier
  • D. DAA (Correct)
  • B. Program Manager
  • A. User Representative

Answer : D. DAA

Which of the following rated systems of the Orange book has mandatory protection of the TCB


Options are :

  • B. B-rated (Correct)
  • A. C-rated
  • C. D-rated
  • D. A-rated

Answer : B. B-rated

CISSP - Security Engineering Mock Questions

Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy   


Options are :

  • B. Supporting Infrastructures
  • C. Enclave Boundaries (Correct)
  • D. Local Computing Environments
  • A. Networks and Infrastructures

Answer : C. Enclave Boundaries

DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires high integrity and medium availability


Options are :

  • D. MAC IV
  • A. MAC I
  • B. MAC II (Correct)
  • C. MAC III

Answer : B. MAC II

Which of the following are the benefits of SE as stated by MIL-STD-499B Each correct answer represents a complete solution. Choose all that apply.

A. It develops work breakdown structures and statements of work.

B. It establishes and maintains configuration management of the system.

C. It develops needed user training equipment, procedures, and data.

D. It provides high-quality products and services, with the correct people and performance features, at an affordable price, and on time.



Options are :

  • D,B,C
  • A,B,D
  • A,B,C (Correct)

Answer : A,B,C

CISSP - Software Development Security Mock Questions

Which of the following terms describes the measures that protect and support information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation


Options are :

  • D. Information Assurance (IA) (Correct)
  • A. Information Systems Security Engineering (ISSE)
  • B. Information Protection Policy (IPP)
  • C. Information systems security (InfoSec)

Answer : D. Information Assurance (IA)

Which of the following are the major tasks of risk management Each correct answer represents a complete solution. Choose two.

A. Risk identification

B. Building Risk free systems

C. Assuring the integrity of organizational data

D. Risk control



Options are :

  • B,A
  • C,A
  • A,D (Correct)

Answer : A,D

Which of the following are the subtasks of the Define Life-Cycle Process Concepts task Each correct answer represents a complete solution. Choose all that apply.

A. Training

B. Personnel

C. Control

D. Manpower


Options are :

  • A,B,D (Correct)
  • C,B,D
  • A,C,D

Answer : A,B,D

CISSP Security Engineering Certification Practice Exam Set 6

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production Each correct answer represents a part of the solution. Choose all that apply.


Options are :

  • B. NIST
  • D. FIPS
  • C. FISMA (Correct)
  • A. Office of Management and Budget (OMB)

Answer : C. FISMA

Which of the following DITSCAPNIACAP model phases is used to show the required evidence to support the DAA in accreditation process and conclude in an Approval To Operate (ATO)


Options are :

  • B. Validation (Correct)
  • C. Post accreditation
  • A. Verification
  • D. Definition

Answer : B. Validation

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted as a Federal Information Processing Standard


Options are :

  • A. Type III (E) cryptography
  • C. Type I cryptography
  • B. Type III cryptography (Correct)
  • D. Type II cryptography

Answer : B. Type III cryptography

CISSP - Software Development Security Mock Questions

Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply.

A. Chief Information Officer

B. AO Designated Representative

C. Senior Information Security Officer   

D. User Representative

E. Authorizing Official



Options are :

  • D,B,C,E
  • A,B,C,E (Correct)
  • A,D,C,E

Answer : A,B,C,E

Which of the following are the functional analysis and allocation tools Each correct answer represents a complete solution. Choose all that apply.

A. Functional flow block diagram (FFBD)

B. Activity diagram

C. Timeline analysis diagram

D. Functional hierarchy diagram


Options are :

  • A,C,B
  • A,C,D (Correct)
  • B,C,D

Answer : A,C,D

Which of the following agencies provides command and control capabilities and enterprise infrastructure to continuously operate and assure a global net-centric enterprise in direct support to joint warfighters, National level leaders, and other mission and coalition partners across the full spectrum of operations


Options are :

  • A. DARPA
  • B. DTIC
  • C. DISA (Correct)
  • D. DIAP

Answer : C. DISA

CISSP - Security Operations Mock Questions

Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system



Options are :

  • B. Network connection rule
  • D. Security concept of operation
  • C. Applicable instruction or directive
  • A. Data security requirement (Correct)

Answer : A. Data security requirement

Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information



Options are :

  • B. NSTISSP No. 101
  • C. NSTISSP No. 7
  • D. NSTISSP No. 6 (Correct)
  • A. NSTISSP No. 11

Answer : D. NSTISSP No. 6

Which of the following types of CNSS issuances establishes or describes policy and programs, provides authority, or assigns responsibilities


Options are :

  • D. Advisory memoranda
  • B. Directives (Correct)
  • C. Policies
  • A. Instructions

Answer : B. Directives

CISSP Security and Risk Management Certified Practice Exam Set 4

FIPS 199 defines the three levels of potential impact on organizations low, moderate, and high. Which of the following are the effects of loss of confidentiality, integrity, or availability in a high level potential impact.?

A. The loss of confidentiality, integrity, or availability might cause severe degradation in or loss of mission capability to an extent.

B. The loss of confidentiality, integrity, or availability might result in major financial losses.

C. The loss of confidentiality, integrity, or availability might result in a major damage to organizational assets.

D. The loss of confidentiality, integrity, or availability might result in severe damages like life threatening injuries or loss of life.



Options are :

  • A,C,D
  • A,B,C,D (Correct)
  • B,C,D

Answer : A,B,C,D

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now