Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ISC ISSEP - ISSEP Information Systems Security Engineering Professional

ISC ISSEP Premium Access     Download Demo    
Page: 3 / 7
Total 216 questions

FIPS 199 defines the three levels of potential impact on organizations low, moderate, and high. Which of the following are the effects of loss of confidentiality, integrity, or availability in a high level potential impact

A.

The loss of confidentiality, integrity, or availability might cause severe degradation in or loss of mission capability to an extent.

B.

The loss of confidentiality, integrity, or availability might result in major financial losses.

C.

The loss of confidentiality, integrity, or availability might result in a major damage to organizational assets.

D.

The loss of confidentiality, integrity, or availability might result in severe damages like life threatening injuries or loss of life.

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using

A.

Risk acceptance

B.

Risk mitigation

C.

Risk avoidance

D.

Risk transfer

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site

A.

ASSET

B.

NSA-IAM

C.

NIACAP

D.

DITSCAP

The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3 Each correct answer represents a complete solution. Choose all that apply.

A.

Agree on a strategy to mitigate risks.

B.

Evaluate mitigation progress and plan next assessment.

C.

Identify threats, vulnerabilities, and controls that will be evaluated.

D.

Document and implement a mitigation plan.

You work as a Network Administrator for PassGuide Inc. You need to secure web services of your company in order to have secure transactions. Which of the following will you recommend for providing security

A.

HTTP

B.

VPN

C.

SMIME

D.

SSL

According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD Each correct answer represents a complete solution. Choose all that apply.

A.

DC Security Design & Configuration

B.

EC Enclave and Computing Environment

C.

VI Vulnerability and Incident Management

D.

Information systems acquisition, development, and maintenance

Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system

A.

Phase 3

B.

Phase 2

C.

Phase 4

D.

Phase 1

Which of the following documents is described in the statement below It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning.

A.

Risk management plan

B.

Project charter

C.

Quality management plan

D.

Risk register

Which of the following terms describes the measures that protect and support information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

A.

Information Systems Security Engineering (ISSE)

B.

Information Protection Policy (IPP)

C.

Information systems security (InfoSec)

D.

Information Assurance (IA)

Stella works as a system engineer for BlueWell Inc. She wants to identify the performance thresholds of each build. Which of the following tests will help Stella to achieve her task

A.

Regression test

B.

Reliability test

C.

Functional test

D.

Performance test