Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment

A.

Phase 4

B.

Phase 2

C.

Phase 1

D.

Phase 3

Full Access
Question # 5

What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

A.

Conduct activities related to the disposition of the system data and objects.

B.

Combine validation results in DIACAP scorecard.

C.

Conduct validation activities.

D.

Execute and update IA implementation plan.

Full Access
Question # 6

Which of the following security controls will you use for the deployment phase of the SDLC to build secure software Each correct answer represents a complete solution. Choose all that apply.

A.

Risk Adjustments

B.

Security Certification and Accreditation (C&A)

C.

Vulnerability Assessment and Penetration Testing

D.

Change and Configuration Control

Full Access
Question # 7

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information

A.

Type III cryptography

B.

Type III (E) cryptography

C.

Type II cryptography

D.

Type I cryptography

Full Access
Question # 8

Which of the following are the major tasks of risk management Each correct answer represents a complete solution. Choose two.

A.

Risk identification

B.

Building Risk free systems

C.

Assuring the integrity of organizational data

D.

Risk control

Full Access
Question # 9

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy Each correct answer represents a part of the solution. Choose all that apply.

A.

What is being secured

B.

Who is expected to comply with the policy

C.

Where is the vulnerability, threat, or risk

D.

Who is expected to exploit the vulnerability

Full Access
Question # 10

Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response. Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created

A.

The level of detail must define exactly the risk response for each identified risk.

B.

The level of detail is set of project risk governance.

C.

The level of detail is set by historical information.

D.

The level of detail should correspond with the priority ranking.

Full Access
Question # 11

Which of the following acts is endorsed to provide a clear statement of the proscribed activity concerning computers to the law enforcement community, those who own and operate computers, and those tempted to commit crimes by unauthorized access to computers

A.

Computer Fraud and Abuse Act

B.

Government Information Security Reform Act (GISRA)

C.

Computer Security Act

D.

Federal Information Security Management Act (FISMA)

Full Access
Question # 12

Which of the following protocols is built in the Web server and browser to encrypt data traveling over the Internet

A.

UDP

B.

SSL

C.

IPSec

D.

HTTP

Full Access
Question # 13

Which of the following Registration Tasks sets up the system architecture description, and describes the C&A boundary

A.

Registration Task 3

B.

Registration Task 4

C.

Registration Task 2

D.

Registration Task 1

Full Access
Question # 14

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the international information security standards Each correct answer represents a complete solution. Choose all that apply.

A.

Organization of information security

B.

Human resources security

C.

Risk assessment and treatment

D.

AU audit and accountability

Full Access
Question # 15

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE Each correct answer represents a complete solution. Choose all that apply.

A.

An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).

B.

An ISSE provides advice on the impacts of system changes.

C.

An ISSE provides advice on the continuous monitoring of the information system.

D.

An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).

E.

An ISSO takes part in the development activities that are required to implement system changes.

Full Access
Question # 16

Which of the following processes provides guidance to the system designers and form the basis of major events in the acquisition phases, such as testing the products for system integration

A.

Operational scenarios

B.

Functional requirements

C.

Human factors

D.

Performance requirements

Full Access
Question # 17

Which of the following federal agencies coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produces foreign intelligence information

A.

National Institute of Standards and Technology (NIST)

B.

National Security AgencyCentral Security Service (NSACSS)

C.

Committee on National Security Systems (CNSS)

D.

United States Congress

Full Access
Question # 18

Which of the following is a 1996 United States federal law, designed to improve the way the federal government acquires, uses, and disposes information technology

A.

Lanham Act

B.

Clinger-Cohen Act

C.

Computer Misuse Act

D.

Paperwork Reduction Act

Full Access
Question # 19

The principle of the SEMP is not to repeat the information, but rather to ensure that there are processes in place to conduct those functions. Which of the following sections of the SEMP template describes the work authorization procedures as well as change management approval processes

A.

Section 3.1.8

B.

Section 3.1.9

C.

Section 3.1.5

D.

Section 3.1.7

Full Access
Question # 20

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident

A.

Corrective controls

B.

Safeguards

C.

Detective controls

D.

Preventive controls

Full Access
Question # 21

Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after the implementation of new or enhanced controls.

A.

residual risk

Full Access
Question # 22

Which of the following memorandums directs the Departments and Agencies to post clear privacy policies on World Wide Web sites, and provides guidance for doing it

A.

OMB M-99-18

B.

OMB M-00-13

C.

OMB M-03-19

D.

OMB M-00-07

Full Access
Question # 23

Which of the following NIST documents describes that minimizing negative impact on an organization and a need for sound basis in decision making are the fundamental reasons organizations implement a risk management process for their IT systems

A.

NIST SP 800-37

B.

NIST SP 800-30

C.

NIST SP 800-53

D.

NIST SP 800-60

Full Access
Question # 24

Which of the following is NOT an objective of the security program

A.

Security education

B.

Information classification

C.

Security organization

D.

Security plan

Full Access
Question # 25

Which of the following assessment methodologies defines a six-step technical security evaluation

A.

FITSAF

B.

OCTAVE

C.

FIPS 102

D.

DITSCAP

Full Access
Question # 26

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted as a Federal Information Processing Standard

A.

Type III (E) cryptography

B.

Type III cryptography

C.

Type I cryptography

D.

Type II cryptography

Full Access
Question # 27

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies Each correct answer represents a complete solution. Choose all that apply.

A.

Regulatory

B.

Advisory

C.

Systematic

D.

Informative

Full Access
Question # 28

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards Each correct answer represents a complete solution. Choose all that apply.

A.

CA Certification, Accreditation, and Security Assessments

B.

Information systems acquisition, development, and maintenance

C.

IR Incident Response

D.

SA System and Services Acquisition

Full Access
Question # 29

Which of the following configuration management system processes keeps track of the changes so that the latest acceptable configuration specifications are readily available

A.

Configuration Identification

B.

Configuration Verification and Audit

C.

Configuration Status and Accounting

D.

Configuration Control

Full Access
Question # 30

According to which of the following DoD policies, the implementation of DITSCAP is mandatory for all the systems that process both DoD classified and unclassified information?

A.

DoD 8500.2

B.

DoDI 5200.40

C.

DoD 8510.1-M DITSCAP

D.

DoD 8500.1 (IAW)

Full Access
Question # 31

Which of the following federal laws are related to hacking activities Each correct answer represents a complete solution. Choose three.

A.

18 U.S.C. 1030

B.

18 U.S.C. 1029

C.

18 U.S.C. 2510

D.

18 U.S.C. 1028

Full Access
Question # 32

For interactive and self-paced preparation of exam ISSEP, try our practice exams.

Practice exams also include self assessment and reporting features!

Fill in the blank with an appropriate word. _______ has the goal to securely interconnect people and systems independent of time or location.

A.

Netcentric

Full Access