CISSP-ISSEP Practice Test

Which of the following identifies the different function a system will need to perform in order to meet the documented business need?
A collection of information objects that share the same security policy for access is
DOD Information Systems should only be interconnected under the following circumstances
What is the level of impact if the information label is Moderate
What is necessary in order to determine the appropriate security category?
Who is responsible for defining the solution space?
Which requirement does NIST SP 800-59 tell us is required in order to be defined as a National Security System?
What phase of the ISSE defines the information management model and protections?
When should the System Design Review (SDR) take place?
What is the level of impact if the information label is High
Which philosophy is established by NSTISSI 7003 Protected Distribution Systems (PDS)?
A Target of Evaluation could be described as:
Which is not a class of attack according to the IATF?
Who is the best source of knowledge of potential threats?
What aspects are taken into account when defining a Mission Assurance Category (MAC)
Information Systems Security Engineering (ISSE) is best defined as:
FIPS Pub 199 uses what term when referring to a HIGH impact
FISMA was created by what organization?
Which of the following is not a requirement of OMB A-130?
The IATF has three primary elements for defense in depth. Which of the below is not one of these elements?
NIST SP 800-37 does not address
Which is not a primary task included in the Information Management Plan (IMP)?
Which of the following describes the Discover Information Protection needs phase?
Who provides and independent assessment of the security plan?
What IATF phase includes creating the Information Management Model (IMM)?
What is the level of impact if the information label is LOW
What document is key to the design and development processes?
Which statement most accurately defines residual risk?
After Design System Architecture Phase is completed, what occurs next?
Which IATF system engineering follows "Discover Needs"?
Who SUPPORTS the C&A process during development?
Risk assessment begins in which IATF phase?
What is the correct order of the six IATF systems engineering activities?
Which is not an element in the IATF Defense in Depth Strategy?
Which statement is not correct?
_____ defines the hardware, software, and interfaces used to develop a system.
Which step is not addressed during the NIST SP 800-60 analysis?
The Waterfall design methodology is best described as:
The Information Management Plan (IMP) helps determine
What ISSE phase defines the security needed for a system?
How does FIPS 199 define LOW impact items?

Comments

  1. VickM says:

    These are really difficult, I hope the actual test isn’t this bad.

  2. s0ndra says:

    where are the ans?

  3. LT says:

    I have noticed a few incorrect answers in this practice exam. One question asks about the SE processes but the answer relates to ISSE processes. You can tell because the word “Security” is not in the question but appears in the answer. Be careful on the the exam as I have heard that this is a “gotcha” type of question.

  4. LT says:

    The answer to this question is incorrect.

    Who is responsible for defining the solution space?

    The answer given states it is the customer, but the customer defines the “problem” space and the SE and ISSE define the “solution” space.

  5. bmc says:

    Thank you for providing this resource

  6. D James says:

    Very informative

Trackbacks

  1. [...] to see how much you may need to study prior to taking the test? Try taking our free CISSP-ISSEP practice test.  Use the results to focus your study plan toward areas where you didn’t do so [...]

Speak Your Mind

*