ISC2 CAP Exam - Topic 5 Question 66 Discussion

Actual exam question for ISC2's CAP exam

Question #: 66
Topic #: 5

[All CAP Questions]

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE?

Each correct answer represents a complete solution. Choose all that apply.

AAn ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).

BAn ISSO takes part in the development activities that are required to implement system changes.

CAn ISSE provides advice on the continuous monitoring of the information system.

DAn ISSE provides advice on the impacts of system changes.

EAn ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).

Show Suggested Answer

Suggested Answer: C, D, E

by Lorean at Apr 02, 2023, 01:37 PM

Limited Time Offer

25%

Off

Get Premium CAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Marta

5 months ago

Yep, ISSE is all about continuous monitoring advice!

upvoted 0 times

...

Hector

5 months ago

Wait, can an ISSE really manage security? That seems off.

upvoted 0 times

...

Brinda

6 months ago

Totally agree, ISSO is more about implementation!

upvoted 0 times

...

Yuki

6 months ago

I thought ISSO handled the C&A process?

upvoted 0 times

...

Maybelle

6 months ago

ISSE definitely advises on system changes.

upvoted 0 times

...

Ashley

6 months ago

I feel like both roles overlap a bit, especially with system changes, but I’m uncertain about which one manages C&A.

upvoted 0 times

...

Wilda

6 months ago

I practiced a similar question where the ISSO was involved in system changes, so I think option B might be correct.

upvoted 0 times

...

Torie

6 months ago

I think the ISSE definitely advises on continuous monitoring, but I can't recall if they manage security for C&A.

upvoted 0 times

...

Maile

6 months ago

I remember that the ISSO is more focused on the overall security management, but I'm not sure if they handle C&A directly.

upvoted 0 times

...

Buck

6 months ago

I feel pretty confident about this one. The objective of the Hi test environment is to find non-functional errors, not just functional errors, so option A is incorrect. And the HiL environment is more complex than the MiL or SiL environments, so option B is also wrong. I think the correct answer is D.

upvoted 0 times

...

Shanda

6 months ago

I feel pretty confident about this one. If Sarah was unaware that she was infringing, then she should not be found guilty. The key is establishing her state of mind.

upvoted 0 times

...

Cheryl

6 months ago

This question seems straightforward, I think the key is to identify the two required steps from the options provided.

upvoted 0 times

...

Stephanie

6 months ago

Using the customer organization's processes could work, but I'm not sure if that aligns with the service provider's own ways of working. Might be better to use their own as a starting point.

upvoted 0 times

...

Svetlana

6 months ago

Wait, I'm a bit confused. What exactly are we looking for that's "useless" when evaluating the exit criteria? I need to make sure I understand the question properly.

upvoted 0 times

...