Free Practice Questions for ISC2 ISSEP Exam

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE?Each correct answer represents a complete solution. Choose all that apply.

• An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
• An ISSE provides advice on the impacts of system changes.
• An ISSE provides advice on the continuous monitoring of the information system.
• An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
• An ISSO takes part in the development activities that are required to implement system changes.

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed?

• Level 4
• Level 5
• Level 1
• Level 2
• Level 3

What NIACAP certification levels are recommended by the certifier?Each correct answer represents a complete solution. Choose all that apply.

• Basic System Review
• Basic Security Review
• Maximum Analysis
• Comprehensive Analysis
• Detailed Analysis F.Minimum Analysis

Fill in the blank with an appropriate phrase.The process is used for allocating performance and designing the requirements to each function.

The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer?Each correct answer represents a complete solution. Choose all that apply.

• Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan
• Preserving high-level communications and working group relationships in an organization
• Establishing effective continuous monitoring program for the organization
• Facilitating the sharing of security risk-related information among authorizing officials

Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media?

• ATM
• RTM
• CRO
• DAA

Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls?

• IATO
• DATO
• ATO
• IATT

Which of the following protocols is built in the Web server and browser to encrypt data traveling over the Internet?

• UDP
• SSL
• IPSec
• HTTP

Fill in the blank with an appropriate phrase. seeks to improve the quality of process outputs by identifying and removing the causesof defects and variability in manufacturing and business processes.

Fill in the blank with an appropriate section name. is a section of the SEMP template, which specifies the methods and reasoning planned to build the requisite trade-offs between functionality, performance, cost, and risk.