ISSEP Demo and Sample
Note: Answers are below each question.
Samples are taken from full version.
Adjustments: Contingency plans and exceptions should be generated so that the residual risk be above the acceptable threshold.
Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities?
The various CNSS issuances are as follows: Policies: It assigns responsibilities and establishes criteria (NSTISSP) or (CNSSP). Directives: It establishes or describes policy and programs, provides authority, or assigns responsibilities (NSTISSD). Instructions: It describes how to implement the policy or prescribes the manner of a policy (NSTISSI). Advisory memoranda: It provides guidance on policy and may cover a variety of topics involving information assurance, telecommunications security, and network security (NSTISSAM).
Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information?
Type III cryptography
Type III (E) cryptography
Type II cryptography
Type I cryptography
The types of cryptography defined by FIPS 185 are as follows: Type I cryptography: It describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information. Type II cryptography: It describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting sensitive, unclassified information in
the systems as stated in Section 2315 of Title 10, United States Code, or Section 3502(2) of Title 44, United States Code. Type III cryptography: It describes a cryptographic algorithm or a tool accepted as a Federal Information Processing Standard. Type III (E) cryptography: It describes a Type III algorithm or a tool that is accepted for export from the United States.
Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two.
Building Risk free systems
Assuring the integrity of organizational data
Answer: A, D
The following are the two major tasks of risk management: 1.Risk identification
Risk identification is the task of examining and documenting the security posture of an organization's information technology and the risks it faces. Risk control is the task of applying controls to reduce risks to an organization's data and information systems. Answer options B and C are incorrect. Building risk free systems and assuring the integrity of organizational data are the tasks related to the implementation of security measures.
You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?
Quantitative risk analysis
Qualitative risk analysis
Of all the choices presented, only requested changes is an output of the monitor and control risks process. You might also have risk register updates, recommended corrective and preventive actions, organizational process assets, and updates to the project management plan. Answer options D and A are incorrect. These are the plan risk management processes. Answer option B is incorrect. Risk audit is a risk monitoring and control technique.
Continuous Monitoring is the fourth phase of the security certification and accreditation process. What activities are performed in the Continuous Monitoring process?
Each correct answer represents a complete solution. Choose all that apply.
Status reporting and documentation
Security control monitoring and impact analyses of changes to the information system
Configuration management and control
Security accreditation documentation
Security accreditation decision
Answer: C, B, A
Continuous Monitoring is the fourth phase of the security certification and accreditation process. The Continuous Monitoring process consists of the following three main activities:
Configuration management and control Security control monitoring and impact analyses of
changes to the information system Status reporting and documentation The objective of these tasks is to observe and evaluate the information system security controls during the system life cycle. These tasks determine whether the changes that have occurred will negatively impact the system security. Answer options E and D are incorrect. Security accreditation decision and security accreditation documentation are the two tasks of the security accreditation phase.
Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions?
Answer option A is incorrect. The Defense Technical Information Center (DTIC) is a repository of scientific and technical documents for the United States Department of Defense. DTIC serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related information available today. DTIC's documents are available to DoD personnel and defense contractors, with unclassified documents also available to the public. DTIC's aim is to serve a vital link in the transfer of information among DoD personnel, DoD contractors, and potential contractors and other U.S. Government agency personnel and their contractors. Answer option D is incorrect. The Defense Advanced Research Projects Agency (DARPA) is an agency of the United States Department of Defense responsible for the development of new technology for use by the military. DARPA has been responsible for funding the development of many technologies which have had a major effect on the world, including computer networking, as well as NLS, which was both the first hypertext system, and an important precursor to the contemporary ubiquitous graphical user interface. DARPA supplies technological options for the entire Department, and is designed to be the "technological engine" for transforming DoD. Answer option C is incorrect. The Defense-wide Information Assurance Program (DIAP) protects and supports DoD information, information systems, and information networks, which is important to the Department and the armed forces throughout the day-to-day operations, and in the time of crisis.The DIAP uses the OSD method to plan, observe, organize, and incorporate IA activities. The role of DIAP is to act as a facilitator for program execution by the combatant commanders, Military Services, and Defense Agencies. The DIAP staff combines functional and programmatic skills for a comprehensive Defense-wide approach to IA. The DIAP's main objective is to ensure that the DoD's vital information resources are secured and
protected by incorporating IA activities to get a secure net-centric GIG operation enablement and
information supremacy by applying a Defense-in-Depth
Read more Details »