Free Information Systems Security Engineering Professional ISSEP Exam Practice Test

Which of the following DITSCAP/NIACAP model phases is used to confirm that the evolving system development and integration complies with the agreements between role players documented in the first phase?VerificationValidationPost accreditationDefinition

• The objective of the validation phase is to show the required evidence to support the DAA in accreditation process.
• Post Accreditation: The Post Accreditation is the final phase of DITSCAP assessment and it starts after the system has been certified and accredited for operations. This phase ensures secure system management, operation, and maintenance to save an acceptable level of residual risk.

Which of the following are the phases of the Certification and Accreditation (C&A) process? Each correct answer represents a complete solution. Choose two.

• Auditing
• Initiation
• Continuous Monitoring
• Detection

Which of the following elements of Registration task 4 defines the system's external interfaces as well as the purpose of each external interface, and the relationship between the interface and the system?

• System firmware
• System software
• System interface
• System hardware

Fill in the blank with an appropriate phrase. seeks to improve the quality of process outputs by identifying and removing the causesof defects and variability in manufacturing and business processes.

DoD 8500.2 establishes IA controls for information systems according to the Mission AssuranceCategories (MAC) and confidentiality levels. Which of the following MAC levels requires basic integrity and availability?

• MAC I
• MAC II
• MAC IV
• MAC III

You work as a security engineer for BlueWell Inc. According to you, which of the following statements determines the main focus of the ISSE process?

• Design information systems that will meet the certification and accreditation documentation.
• Identify the information protection needs.
• Ensure information systems are designed and developed with functional relevance.
• Instruct systems engineers on availability, integrity, and confidentiality.

Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system?

• Security Control Assessment Task 4
• Security Control Assessment Task 3
• Security Control Assessment Task 1
• Security Control Assessment Task 2

Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which of the following is the correct order of C&A phases in a DITSCAP assessment?Definition, Validation, Verification, and Post AccreditationVerification, Definition, Validation, and Post AccreditationVerification, Validation, Definition, and Post AccreditationDefinition, Verification, Validation, and Post Accreditation

• The objective of the validation phase is to show the required evidence to support the DAA in accreditation process.
• Post Accreditation: The Post Accreditation is the final phase of DITSCAP assessment and it starts after the system has been certified and accredited for operations. This phase ensures secure system management, operation, and maintenance to save an acceptable level of residual risk.

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation?Each correct answer represents a complete solution. Choose all that apply.

• Type accreditation
• Site accreditation
• System accreditation
• Secure accreditation

Which of the following CNSS policies describes the national policy on use of cryptomaterial by activities operating in high risk environments?

• CNSSP No. 14
• NCSC No. 5
• NSTISSP No. 6
• NSTISSP No. 7