ISSEP Online Practice Questions and Answers

Which of the following elements of Registration task 4 defines the system's external interfaces as well as the purpose of each external interface, and the relationship between the interface and the system

A. System firmware

B. System software

C. System interface

D. System hardware

What are the responsibilities of a system owner Each correct answer represents a complete solution. Choose all that apply.

A. Integrates security considerations into application and system purchasing decisions and development projects.

B. Ensures that the necessary security controls are in place.

C. Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on.

D. Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.

Which of the following statements is true about residual risks

A. It can be considered as an indicator of threats coupled with vulnerability.

B. It is a weakness or lack of safeguard that can be exploited by a threat.

C. It is the probabilistic risk after implementing all security measures.

D. It is the probabilistic risk before implementing all security measures.

Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document Each correct answer represents a complete solution. Choose all that apply.

A. It identifies the information protection problems that needs to be solved.

B. It allocates security mechanisms to system security design elements.

C. It identifies custom security products.

D. It identifies candidate commercial off-the-shelf (COTS)government off-the-shelf (GOTS) security products.

Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response

A. Enhancing

B. Positive

C. Opportunistic

D. Exploiting

Which of the following is NOT an objective of the security program

A. Security education

B. Information classification

C. Security organization

D. Security plan

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards Each correct answer represents a complete solution. Choose all that apply.

A. CA Certification, Accreditation, and Security Assessments

B. Information systems acquisition, development, and maintenance

C. IR Incident Response

D. SA System and Services Acquisition

Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information

A. NSTISSP No. 11

B. NSTISSP No. 101

C. NSTISSP No. 7

D. NSTISSP No. 6

Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding

of risks at all levels Each correct answer represents a complete solution.

Choose all that apply.

A. Chief Information Officer

B. AO Designated Representative

C. Senior Information Security Officer

D. User Representative

E. Authorizing Official

Fill in the blank with the appropriate phrase. __________ provides instructions and directions for completing the Systems Security Authorization Agreement (SSAA).