getcertified4sure.com

CISSP-ISSEP Exam

ISC2 CISSP-ISSEP Dumps Questions 2021




We provide in two formats. Download PDF & Practice Tests. Pass ISC2 CISSP-ISSEP Exam quickly & easily. The CISSP-ISSEP PDF type is available for reading and printing. You can print more and practice many times. With the help of our product and material, you can easily pass the CISSP-ISSEP exam.

Also have CISSP-ISSEP free dumps questions for you:

NEW QUESTION 1
Which of the following is a 1996 United States federal law, designed to improve the way the federal government acquires, uses, and disposes information technology

  • A. Lanham Act
  • B. Clinger-Cohen Act
  • C. Computer Misuse Act
  • D. Paperwork Reduction Act

Answer: B

NEW QUESTION 2
Which of the following tasks prepares the technical management plan in planning the technical effort

  • A. Task 10
  • B. Task 9
  • C. Task 7
  • D. Task 8

Answer: B

NEW QUESTION 3
Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

  • A. Parkerian Hexad
  • B. Five Pillars model
  • C. Capability Maturity Model (CMM)
  • D. Classic information security model

Answer: B

NEW QUESTION 4
The principle of the SEMP is not to repeat the information, but rather to ensure that there are processes in place to conduct those functions. Which of the following sections of the SEMP template describes the work authorization procedures as well as change management approval processes

  • A. Section 3.1.8
  • B. Section 3.1.9
  • C. Section 3.1.5
  • D. Section 3.1.7

Answer: B

NEW QUESTION 5
Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information

  • A. NSTISSP N
  • B. 11
  • C. NSTISSP N
  • D. 101
  • E. NSTISSP N
  • F. 7
  • G. NSTISSP N
  • H. 6

Answer: D

NEW QUESTION 6
Which of the following individuals is responsible for monitoring the information system
environment for factors that can negatively impact the security of the system and its accreditation

  • A. Chief Information Officer
  • B. Chief Information Security Officer
  • C. Chief Risk Officer
  • D. Information System Owner

Answer: D

NEW QUESTION 7
Which of the following is NOT used in the practice of Information Assurance (IA) to define assurance requirements

  • A. Classic information security model
  • B. Five Pillars model
  • C. Communications Management Plan
  • D. Parkerian Hexad

Answer: C

NEW QUESTION 8
Certification and Accreditation (C&A or CnA) is a process for implementing information
security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.

  • A. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
  • B. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
  • C. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
  • D. Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Answer: BC

NEW QUESTION 9
Continuous Monitoring is the fourth phase of the security certification and accreditation process. What activities are performed in the Continuous Monitoring process Each correct answer represents a complete solution. Choose all that apply.

  • A. Status reporting and documentation
  • B. Security control monitoring and impact analyses of changes to the information system
  • C. Configuration management and control
  • D. Security accreditation documentation
  • E. Security accreditation decision

Answer: ABC

NEW QUESTION 10
Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality

  • A. Information Protection Policy (IPP)
  • B. IMM
  • C. System Security Context
  • D. CONOPS

Answer: A

NEW QUESTION 11
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies Each correct answer represents a complete solution. Choose all that apply.

  • A. Regulatory
  • B. Advisory
  • C. Systematic
  • D. Informative

Answer: ABD

NEW QUESTION 12
Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support

  • A. Registration Task 4
  • B. Registration Task 1
  • C. Registration Task 3
  • D. Registration Task 2

Answer: D

NEW QUESTION 13
You work as a systems engineer for BlueWell Inc. You want to communicate the quantitative and qualitative system characteristics to all stakeholders. Which of the following documents will you use to achieve the above task

  • A. IMM
  • B. CONOPS
  • C. IPP
  • D. System Security Context

Answer: B

NEW QUESTION 14
Which of the following are the benefits of SE as stated by MIL-STD-499B Each correct answer represents a complete solution. Choose all that apply.

  • A. It develops work breakdown structures and statements of work.
  • B. It establishes and maintains configuration management of the system.
  • C. It develops needed user training equipment, procedures, and data.
  • D. It provides high-quality products and services, with the correct people and performance features, at an affordable price, and on time.

Answer: ABC

NEW QUESTION 15
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event

  • A. Earned value management
  • B. Risk audit
  • C. Corrective action
  • D. Technical performance measurement

Answer: C

NEW QUESTION 16
Which of the following are the ways of sending secure e-mail messages over the Internet Each correct answer represents a complete solution. Choose two.

  • A. PGP
  • B. SMIME
  • C. TLS
  • D. IPSec

Answer: AB

NEW QUESTION 17
Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply.

  • A. Chief Information Officer
  • B. AO Designated Representative
  • C. Senior Information Security Officer
  • D. User Representative
  • E. Authorizing Official

Answer: ABCE

Recommend!! Get the Full CISSP-ISSEP dumps in VCE and PDF From Certleader, Welcome to Download: https://www.certleader.com/CISSP-ISSEP-dumps.html (New 213 Q&As Version)