CISSP-ISSEP

You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A methodology, which is based on four well defined phases. In which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occurA . Continuous MonitoringB . InitiationC ....

Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through the filterA . Stateless packet filter firewallB . PIX firewallC . Stateful packet filter firewallD . Virtual firewallView AnswerAnswer: C

Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document Each correct answer represents a complete solution. Choose all that apply.A . It identifies the information protection problems that needs to be solved.B . It...

Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systemsA . National Security AgencyCentral Security Service (NSACSS)B . National Institute of Standards and Technology (NIST)C . United States...

What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process Each correct answer represents a complete solution. Choose all that apply.A . Conduct activities related to the disposition of the system data and objects.B . Combine validation results in DIACAP scorecard.C ....

Which of the following security controls is standardized by the Internet Engineering Task Force (IETF) as the primary network layer protection mechanismA . Internet Key Exchange (IKE) ProtocolB . SMIMEC . Internet Protocol Security (IPSec)D . Secure Socket Layer (SSL)View AnswerAnswer: C

Which of the following agencies serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business-related information available todayA . DISAB . DIAPC . DTICD . DARPAView AnswerAnswer: C

Which of the following refers to a process that is used for implementing information securityA . Classic information security modelB . Certification and Accreditation (C&A)C . Information Assurance (IA)D . Five Pillars modelView AnswerAnswer: B

What are the responsibilities of a system owner Each correct answer represents a complete solution. Choose all that apply.A . Integrates security considerations into application and system purchasing decisions and development projects.B . Ensures that the necessary security controls are in place.C . Ensures that adequate security is being provided...

SIMULATION Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after the implementation of new or enhanced controls.View AnswerAnswer: residual risk