Cyber Monday 2022! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: CM2022
Welcome to Pass4Success

- Free Preparation Discussions

ISC2 Information Systems Security Engineering Professional Exam

Certification Provider: ISC2
Exam Name: Information Systems Security Engineering Professional
Duration: 150 Minutes
Number of questions in our database: 220
Exam Version: Nov. 23, 2022
Exam Official Topics:
  • Topic 1: Basics of system security engineering
  • Topic 2: Risk management
  • Topic 3: Security planning and design
  • Topic 4: Apply, test and verify the rules
  • Topic 5: Secure operation, change management and billing

Free ISC2 Information Systems Security Engineering Professional Exam Actual Questions

The questions for Information Systems Security Engineering Professional were last updated On Nov. 23, 2022

Question #1

Which of the following tasks describes the processes required to ensure that the project includes all

the work required, and only the work required, to complete the project successfully?

Reveal Solution Hide Solution
Correct Answer: D

The estimate project scope is the first task of planning the effort process that describes the

processes required to ensure that the project

includes all the work required, and only the work required, to complete the project successfully. This

task is used to accurately describe the

deliverables expected from the project.

Answer option C is incorrect. Identify Resources and Availability is the second task of planning the

effort process. It helps to complete and

maintain a project and ensures that an organization has the proper people, skills, and other

resources.

Answer option A is incorrect. Identify Roles and Responsibilities is the third task of planning the

effort process that specifies the numbers and

types of personnel required to conduct the project.

Answer option B is incorrect. Develop Project Schedule is the fifth task of the planning the effort

process. It determines the start and finish

dates for project activities and tasks.


Question #2

System Authorization is the risk management process. System Authorization Plan (SAP) is a

comprehensive and uniform approach to the System Authorization Process. What are the different

phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose

all that apply.

Reveal Solution Hide Solution
Correct Answer: A, B, D, E

The creation of System Authorization Plan (SAP) is mandated by System Authorization. System

Authorization Plan (SAP) is a comprehensive

and uniform approach to the System Authorization Process. It consists of four phases:

Phase 1 - Pre-certification

Phase 2 - Certification

Phase 3 - Authorization

Phase 4 - Post-Authorization


Question #3

Which of the following CNSS policies describes the national policy on securing voice

communications?

Reveal Solution Hide Solution
Correct Answer: C

The various CNSS policies are as follows:

NSTISSP No. 6: It describes the national policy on certification and accreditation of national security

telecommunications and

information systems.

NSTISSP No. 7: It describes the national policy on secure electronic messaging service.

NSTISSP No. 11: It describes the national policy governing the acquisition of information assurance

(IA) and IA-enabled Information

Technology (IT) products.

NSTISSP No. 101: It describes the national policy on securing voice communications.

NSTISSP No. 200: It describes the national policy on controlled access protection.

CNSSP No. 14: It describes the national policy governing the release of information assurance

products and services to authorized U.S.

persons or activities that are not a part of the federal government.

NCSC No. 5: It describes the national policy on use of cryptomaterial by activities operating in high

risk environments.


Question #4

Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for

acceptability, and prepares the final security accreditation package?

Reveal Solution Hide Solution
Correct Answer: D

The various phases of NIST SP 800-37 C&A are as follows:

Phase 1: Initiation- This phase includes preparation, notification and resource identification. It

performs the security plan analysis,

update, and acceptance.

Phase 2: Security Certification- The Security certification phase evaluates the controls and

documentation.

Phase 3: Security Accreditation- The security accreditation phase examines the residual risk for

acceptability, and prepares the final

security accreditation package.

Phase 4: Continuous Monitoring-This phase monitors the configuration management and control,

ongoing security control verification,

and status reporting and documentation.


Question #5

Which of the following are the phases of the Certification and Accreditation (C&A) process?

Each correct answer represents a complete solution. Choose two.

Reveal Solution Hide Solution
Correct Answer: B, C

The Certification and Accreditation (C&A) process consists of four distinct phases:

1.Initiation

2.Security Certification

3.Security Accreditation

4.Continuous Monitoring

The C&A activities can be applied to an information system at appropriate phases in the system

development life cycle by selectively tailoring

the various tasks and subtasks.

Answer options A and D are incorrect. Auditing and detection are not phases of the Certification and

Accreditation process.



Unlock all Information Systems Security Engineering Professional Exam Questions with Advanced Practice Test Features:
  • Select Question Types you want
  • Set your Desired Pass Percentage
  • Allocate Time (Hours : Minutes)
  • Create Multiple Practice tests with Limited Questions
  • Customer Support
Get Full Access Now
Disscuss ISC2 Information Systems Security Engineering Professional Topics, Questions or Ask Anything Related

Save Cancel