December 9, 2020 by admin ISC ISSEP practice test Welcome to your ISC ISSEP practice test QUESTION 1 Certification and Accreditation (CandA or CNA) is a process for implementing information security. Which of thefollowing is the correct order of CandA phases in a DITSCAP assessment A. Definition, Validation, Verification, and Post Accreditation B. Verification, Definition, Validation, and Post Accreditation C. Verification, Validation, Definition, and Post Accreditation D. Definition, Verification, Validation, and Post Accreditation None QUESTION 2 Which of the following is a type of security management for computers and networks in order to identify securitybreaches A. IPS B. IDS C. ASA D. EAP None QUESTION 3 DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) andconfidentiality levels. Which of the following MAC levels requires basic integrity and availability A. MAC I B. MAC II C. MAC IV D. MAC III None QUESTION 4 What are the responsibilities of a system owner Each correct answer represents a complete solution? Choose all that apply. (Choose three) A. Integrates security considerations into application and system purchasing decisions and development projects. B. Ensures that the necessary security controls are in place. C. Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on. D. Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner. QUESTION 5 Which of the following protocols is built in the Web server and browser to encrypt data traveling over the Internet A. UDP B. SSL C. IPSec D. HTTP None QUESTION 6 Which of the following are the functional analysis and allocation tools Each correct answer represents a complete solution. Choose all that apply. (Choose three) A. Functional flow block diagram (FFBD) B. Activity diagram C. Timeline analysis diagram D. Functional hierarchy diagram QUESTION 7 Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system A. Data security requirement B. Network connection rule C. Applicable instruction or directive D. Security concept of operation None QUESTION 8 Fill in the blank with an appropriate section name. _________________ is a section of the SEMP template, whichspecifies the methods and reasoning planned to build the requisite trade-offs between functionality, performance, cost,and risk. Correct Answer: System Analysis None QUESTION 9 Which of the following Registration Tasks sets up the business or operational functional description and system identification A. Registration Task 2 B. Registration Task 1 C. Registration Task 3 D. Registration Task 4 None QUESTION 10 Which of the following individuals is an upper-level manager who has the power and capability to evaluate the mission, business case, and budgetary needs of the system while also considering the security risks A. User Representative B. Program Manager C. Certifier D. DAA None QUESTION 11 Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators A. ISO 90012000 B. Benchmarking C. SEI-CMM D. Six Sigma None QUESTION 12 The Phase 2 of DITSCAP CandA is known as Verification. The goal of this phase is to obtain a fully integrated systemfor certification testing and accreditation. What are the process activities of this phase Each correct answer represents acomplete solution? Choose all that apply. (Choose four) A. Assessment of the Analysis Results B. Certification analysis C. Registration D. System development E. Configuring refinement of the SSAA QUESTION 13 In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47, do the organizationsbuild and execute a plan for establishing the interconnection, including executing or configuring appropriate securitycontrols A. Establishing the interconnection B. Planning the interconnection C. Disconnecting the interconnection D. Maintaining the interconnection None Time's up
