Information Systems Security Engineering Professional Practice Test (ISSEP) Free Practice Test

Question 1

Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information

A. DIACAP by the United States Department of Defense (DoD)

B. NISTIRs (Internal Reports)

C. Federal Information Processing Standard (FIPS)

D. Special Publication (SP)

Correct Answer: D

Question 2

Which of the following is the acronym of RTM

A. Requirements Testing Matrix

B. Resource tracking method

C. Resource timing method

D. Requirements Traceability Matrix

Correct Answer: D

Question 3

Which of the following federal laws establishes roles and responsibilities for information security, risk management, testing, and training, and authorizes NIST and NSA to provide guidance for security planning and implementation

A. Computer Fraud and Abuse Act

B. Computer Security Act

C. Government Information Security Reform Act (GISRA)

D. Federal Information Security Management Act (FISMA)

Correct Answer: C

Question 4

You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of the following tests will help you to perform the above task

A. Functional test

B. Reliability test

C. Regression test

D. Performance test

Correct Answer: A

Question 5

Which of the following elements are described by the functional requirements task Each correct answer represents a complete solution. Choose all that apply.

A. Accuracy

B. Quality

C. Coverage

D. Quantity

Correct Answer: B,C,D

Question 6

Which of the following principles are defined by the IATF model Each correct answer represents a complete solution. Choose all that apply.

A. The problem space is defined by the customer's mission or business needs.

B. The degree to which the security of the system, as it is defined, designed, and implemented, meets the security needs.

C. Always keep the problem and solution spaces separate.

D. The systems engineer and information systems security engineer define the solution space, which is driven by the problem space.

Correct Answer: A,C,D

Question 7

Which of the following characteristics are described by the DIAP Information Readiness Assessment function Each correct answer represents a complete solution. Choose all that apply.

A. It performs vulnerability threat analysis assessment.

B. It identifies and generates IA requirements.

C. It provides data needed to accurately assess IA readiness.

D. It provides for entry and storage of individual system data.

Correct Answer: A,B,C

Question 8

Which of the following phases of the ISSE model is used to determine why the system needs to be built and what information needs to be protected

A. Define system security requirements

B. Develop detailed security design

C. Discover information protection needs

D. Define system security architecture

Correct Answer: C

Question 9

You work as a security engineer for BlueWell Inc. According to you, which of the following statements determines the main focus of the ISSE process

A. Design information systems that will meet the certification and accreditation documentation.

B. Ensure information systems are designed and developed with functional relevance.

C. Instruct systems engineers on availability, integrity, and confidentiality.

D. Identify the information protection needs.

Correct Answer: D

Question 10

Which of the following NIST documents describes that minimizing negative impact on an organization and a need for sound basis in decision making are the fundamental reasons organizations implement a risk management process for their IT systems

A. NIST SP 800-30

B. NIST SP 800-60

C. NIST SP 800-53

D. NIST SP 800-37

Correct Answer: A

Question 11

Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package

A. Initiation

B. Continuous Monitoring

C. Security Certification

D. Security Accreditation

Correct Answer: D

Question 12

Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual

A. DoD 5200.22-M

B. DoD 7950.1-M

C. DoD 5200.1-R

D. DoDD 8000.1

E. DoD 8910.1

Correct Answer: B

Question 13

Which of the following elements of Registration task 4 defines the operating system, database management system, and software applications, and how they will be used

A. System interface

B. System firmware

C. System software

D. System hardware

Correct Answer: C

Question 14

Which of the following configuration management system processes defines which items will be configuration managed, how they are to be identified, and how they are to be documented

A. Configuration status accounting

B. Configuration verification and audit

C. Configuration identification

D. Configuration control

Correct Answer: C

Welcome to TestSimulate

ISC Information Systems Security Engineering Professional Practice Test (ISSEP) Free Practice Test