CISSP-ISSEP Information Systems Security Engineering Exam Set 7

Which of the following categories of system specification describes the technical requirements that cover a service, which is performed on a component of the system


Options are :

  • A. Product specification
  • B. Process specification (Correct)
  • C. Material specification
  • D. Development specification

Answer : B. Process specification

You work as a systems engineer for BlueWell Inc. You want to communicate the quantitative and qualitative system characteristics to all stakeholders. Which of the following documents will you use to achieve the above task


Options are :

  • C. IPP
  • D. System Security Context
  • A. IMM
  • B. CONOPS (Correct)

Answer : B. CONOPS

CISSP - Software Development Security Mock Questions

Which of the following is a 1996 United States federal law, designed to improve the way the  federal government acquires, uses, and disposes information technology


Options are :

  • A. Lanham Act
  • B. Clinger-Cohen Act (Correct)
  • D. Paperwork Reduction Act
  • C. Computer Misuse Act

Answer : B. Clinger-Cohen Act

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199 Each correct answer represents a complete solution. Choose all that apply.

A. High

B. Medium

C. Low

D. Moderate



Options are :

  • D,B,C
  • A,D,C
  • A,B,C (Correct)

Answer : A,B,C

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information



Options are :

  • D. Type I cryptography (Correct)
  • A. Type III cryptography
  • C. Type II cryptography
  • B. Type III (E) cryptography

Answer : D. Type I cryptography

CISSP - Security Operations Mock Questions

Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States


Options are :

  • C. Computer Fraud and Abuse Act
  • A. Lanham Act
  • B. FISMA (Correct)
  • D. Computer Misuse Act

Answer : B. FISMA

John works as a security engineer for BlueWell Inc. He wants to identify the different functions that the system will need to perform to meet the documented missionbusiness needs. Which of the following processes will John use to achieve the task



Options are :

  • A. Modes of operation
  • D. Technical performance measures
  • C. Functional requirement (Correct)
  • B. Performance requirement

Answer : C. Functional requirement

Which of the following security controls will you use for the deployment phase of the SDLC to build secure software Each correct answer represents a complete solution. Choose all that apply.

A. Risk Adjustments

B. Security Certification and Accreditation (C&A)

C. Vulnerability Assessment and Penetration Testing

D. Change and Configuration Control



Options are :

  • A,B,D
  • D,B,C
  • A,B,C (Correct)

Answer : A,B,C

CISSP - Software Development Security Mock Questions

Which of the following firewall types operates at the Network layer of the OSI model and can filter data by port, interface address, source address, and destination address



Options are :

  • D. Packet Filtering (Correct)
  • A. Circuit-level gateway
  • B. Application gateway
  • C. Proxy server

Answer : D. Packet Filtering

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident


Options are :

  • C. Detective controls
  • B. Safeguards
  • A. Corrective controls (Correct)
  • D. Preventive controls

Answer : A. Corrective controls

You work as a systems engineer for BlueWell Inc. You want to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. Which of the following processes will you use to accomplish the task



Options are :

  • D. Information Systems Security Engineering (ISSE)
  • B. Risk Management
  • A. Information Assurance (IA) (Correct)
  • C.Risk Analysis

Answer : A. Information Assurance (IA)

CISSP - Software Development Security Mock Questions

Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems


Options are :

  • D. Digital Millennium Copyright Act
  • A. Computer Fraud and Abuse Act (Correct)
  • B. Computer Security Act
  • C. Gramm-Leach-Bliley Act

Answer : A. Computer Fraud and Abuse Act

Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs



Options are :

  • C. Certification Agent
  • A. User representative
  • B. DAA
  • D. IS program manager (Correct)

Answer : D. IS program manager

Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities



Options are :

  • C. Instructions
  • B. Directives
  • A. Advisory memoranda
  • D. Policies (Correct)

Answer : D. Policies

CISSP (Information Systems Security) Practice Tests 2019 Set 2

An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official Each correct answer represents a complete solution. Choose all that apply.

A. Ascertaining the security posture of the organization's information system

B. Reviewing security status reports and critical security documents

C. Determining the requirement of reauthorization and reauthorizing information systems when required

D. Establishing and implementing the organization's continuous monitoring program



Options are :

  • C,B,A
  • A,B,C (Correct)
  • A,B,D

Answer : A,B,C

There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event


Options are :

  • B. Enhance
  • D. Exploit
  • A. Acceptance (Correct)
  • C. Share

Answer : A. Acceptance

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation Each correct answer represents a complete solution. Choose all that apply.

A. Type accreditation

B. Site accreditation

C. System accreditation

D. Secure accreditation   


Options are :

  • C,B,A
  • A,B,C (Correct)
  • D,B,A

Answer : A,B,C

CISSP - Software Development Security Mock Questions

Which of the following federal agencies coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produces foreign intelligence information

 


Options are :

  • D. United States Congress
  • A. National Institute of Standards and Technology (NIST)
  • C. Committee on National Security Systems (CNSS)
  • B. National Security AgencyCentral Security Service (NSACSS) (Correct)

Answer : B. National Security AgencyCentral Security Service (NSACSS)

Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation


Options are :

  • A. Parkerian Hexad
  • D. Classic information security model
  • B. Five Pillars model (Correct)
  • C. Capability Maturity Model (CMM)

Answer : B. Five Pillars model

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies Each correct answer represents a complete solution. Choose all that apply.

A. Regulatory

B. Advisory

C. Systematic

D. Informative 


Options are :

  • C,B,D
  • A,B,D (Correct)
  • A,B,C

Answer : A,B,D

CISSP Security Engineering Certification Practical Exam Set 1

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions