Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ISC ISSEP - ISSEP Information Systems Security Engineering Professional

ISC ISSEP Premium Access     Download Demo    
Page: 6 / 7
Total 216 questions

The Concept of Operations (CONOPS) is a document describing the characteristics of a proposed system from the viewpoint of an individual who will use that system. Which of the following points are included in CONOPS Each correct answer represents a complete solution. Choose all that apply.

A.

Strategies, tactics, policies, and constraints affecting the system

B.

Organizations, activities, and interactions among participants and stakeholders

C.

Statement of the structure of the system

D.

Clear statement of responsibilities and authorities delegated

E.

Statement of the goals and objectives of the system

Which of the following DoD policies provides assistance on how to implement policy, assign responsibilities, and prescribe procedures for applying integrated, layered protection of the DoD information systems and networks

A.

DoD 8500.1 Information Assurance (IA)

B.

DoDI 5200.40

C.

DoD 8510.1-M DITSCAP

D.

DoD 8500.2 Information Assurance Implementation

The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer Each correct answer represents a complete solution. Choose all that apply.

A.

Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan

B.

Preserving high-level communications and working group relationships in an organization

C.

Establishing effective continuous monitoring program for the organization

D.

Facilitating the sharing of security risk-related information among authorizing officials

Which of the following acts assigns the Chief Information Officers (CIO) with the responsibility to develop Information Technology Architectures (ITAs) and is also referred to as the Information Technology Management Reform Act (ITMRA)

A.

Paperwork Reduction Act

B.

Computer Misuse Act

C.

Lanham Act

D.

Clinger Cohen Act

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment Each correct answer represents a part of the solution. Choose all that apply.

A.

Information Assurance Manager

B.

Designated Approving Authority

C.

Certification agent

D.

IS program manager

E.

User representative

Which of the following rated systems of the Orange book has mandatory protection of the TCB

A.

C-rated

B.

B-rated

C.

D-rated

D.

A-rated

Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques and measures selected or developed

A.

Security Control Assessment Task 3

B.

Security Control Assessment Task 1

C.

Security Control Assessment Task 4

D.

Security Control Assessment Task 2

What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

A.

Develop DIACAP strategy.

B.

Initiate IA implementation plan.

C.

Conduct validation activity.

D.

Assemble DIACAP team.

E.

Register system with DoD Component IA Program.

F.

Assign IA controls.

The functional analysis process is used for translating system requirements into detailed function criteria. Which of the following are the elements of functional analysis process Each correct answer represents a complete solution. Choose all that apply.

A.

Model possible overall system behaviors that are needed to achieve the system requirements.

B.

Develop concepts and alternatives that are not technology or component bound.

C.

Decompose functional requirements into discrete tasks or activities, the focus is still on technology not functions or components.

D.

Use a top-down with some bottom-up approach verification.

Choose and reorder the steps involved in the trade-off analysis.

A.