Information Systems Security Engineering Professional (CISSP – ISSEP) Sample Questions

  1. Home
  2. Information Systems Security Engineering Professional (CISSP – ISSEP) Sample Questions
Information Systems Security Engineering Professional (CISSP - ISSEP) Sample Questions

If candidates want to advance in their particular disciplines of security and have the knowledge to incorporate security into all aspects of company endeavours, they should take the Information Systems Security Engineering Professional (CISSP-ISSEP) test. The candidates’ practical application of systems engineering ideas and methods to develop and build safe and robust systems in the actual world is acknowledged and tested through this security engineering certification. The article provides a list of Information Systems Security Engineering Professional (CISSP – ISSEP) Sample Questions that cover core exam topics including –

  • Systems Security Engineering Foundations
  • Risk Management
  • Security Planning and Design
  • Systems Implementation, Verification and Validation
  • Secure Operations, Change Management and Disposal 

Q1)Federal Information Technology Security Assessment Framework is referred to as FITSAF. It is a mechanism for determining how secure to information systems are. Which of the following FITSAF levels demonstrates that the controls and processes are examined and tested?

  • A. Level 4
  • B. Level 5
  • C. Level 1
  • D. Level 2
  • E. Level 3

Correct Answer: A

Q2)Which of the following describes a sort of computer and network security management that looks for security flaws?

  • A. IPS
  • B. IDS
  • C. ASA
  • D. EAP

Correct Answer: B

Q3)By preserving the status of the connection at the network and session layers while data packets transit through the filter, which of the following types of firewalls promotes data packet security?

  • A. Stateless packet filter firewall
  • B. PIX firewall
  • C. Stateful packet filter firewall
  • D. Virtual firewall

Correct Answer: C

Q4)Which of the following federal legislation aims to prevent the theft of computer data?

  • A. Federal Information Security Management Act (FISMA)
  • B. Computer Fraud and Abuse Act (CFAA)
  • C. Government Information Security Reform Act (GISRA)
  • D. Computer Security Act

Correct Answer: B

Q5)Which of the following is used to signal that software has attained a certain level of quality and is prepared for widespread distribution via electronic or physical media?

  • A. ATM
  • B. RTM
  • C. CRO
  • D. DAA

Correct Answer: B

Q6)What should occur in the project’s change control system is covered in detail in a section of your change management plan. A junior project manager named Theresa inquires about the configuration management procedures for scope adjustments. You inform her that all but one of the following are acceptable configuration management actions.

  • A. Configuration Item Costing
  • B. Configuration Identification
  • C. Configuration Verification and Auditing
  • D. Configuration Status Accounting

Correct Answer: A

Q7)Which of the subsequent experts is in charge of initiating the Certification & Accreditation (C&A) procedure?

  • A. Authorizing Official
  • B. Information system owner
  • C. Chief Information Officer (CIO)
  • D. Chief Risk Officer (CRO)

Correct Answer: B

Q8)Which of the following security measures addresses issues with data and communications security in the developing Internet and intranet application space?

  • A. Internet Protocol Security (IPSec)
  • B. Common data security architecture (CDSA)
  • C. File encryptors
  • D. Application program interface (API)

Correct Answer: B

Q9)To establish a secure terminal to a remote network device, which of the following protocols is used?

  • A. WEP
  • B. SMTP
  • C. SSH
  • D. IPSec

Correct Answer: C

Q10)Which of the following components of Registration Task 4 specifies the external interfaces of the system, their functions, and the connection between each external interface and the system?

  • A. System firmware
  • B. System software
  • C. System interface
  • D. System hardware

Correct Answer: C

Q11)Which of the following recommendations is best for managing, processing, and controlling sensitive (but unclassified) information and national security engineering?

  • A. Federal Information Processing Standard (FIPS)
  • B. Special Publication (SP)
  • C. NISTIRs (Internal Reports)
  • D. DIACAP by the United States Department of Defense (DoD)

Correct Answer: B

Q12)Any of the subsequent paperwork and supporting materials required for the assessment of the security controls in the information system are gathered through security control assessment tasks.

  • A. Security Control Assessment Task 4
  • B. Security Control Assessment Task 3
  • C. Security Control Assessment Task 1
  • D. Security Control Assessment Task 2

Correct Answer: C

Q13)Which of the following professionals participates in the organization’s configuration management process as a monitor?

  • A. Chief Information Officer
  • B. Authorizing Official
  • C. Common Control Provider
  • D. Senior Agency Information Security Officer

Correct Answer: C

Q14)Which of the following procedures results in key participants agreeing that a system’s current setup and operation offer sufficient protection controls?

  • A. Certification and accreditation (C&A)
  • B. Risk Management
  • C. Information systems security engineering (ISSE)
  • D. Information Assurance (IA)

Correct Answer: A

Q15)Post Accreditation is the name of Phase 4 of DITSCAP C&A. After the system has received accreditation in Phase 3, this phase begins. What are the steps in this phase’s process? A full solution is represented by each accurate response. Decide which options apply.

  • A. Security operations
  • B. Continue to review and refine the SSAA
  • C. Change management
  • D. Compliance validation
  • E. System operations
  • F. Maintenance of the SSAA

Correct Answer: EAFCD

Q16)Which of the following email lists is composed for technical readers and offers weekly reviews of security issues, new vulnerabilities, potential impact, patches, workarounds, and the precautions advised to reduce risk?

  • A. Cyber Security Tip
  • B. Cyber Security Alert
  • C. Cyber Security Bulletin
  • D. Technical Cyber Security Alert

Correct Answer: C

Q17)Which of the following jobs secures client consent for the technical effort planning?

  • A. Task 9
  • B. Task 11
  • C. Task 8
  • D. Task 10

Correct Answer: B

Q18)Which of the following NIST-created papers is used for certification and accreditation? (C&A) A full solution is represented by each accurate response. Decide which options apply.

  • A. NIST Special Publication 800-59
  • B. NIST Special Publication 800-60
  • C. NIST Special Publication 800-37A
  • D. NIST Special Publication 800-37
  • E. NIST Special Publication 800-53
  • F. NIST Special Publication 800-53A

Correct Answer: DEFAB

Q19)Which of the following components does the functional requirements task describe? A full solution is represented by each accurate response. Decide which options apply.

  • A. Coverage
  • B. Accuracy
  • C. Quality
  • D. Quantity

Correct Answer: DCA

Q20)Which of the following sources is the most helpful to the ISSE when classifying the required security functionality?

  • A. Information Protection Policy (IPP)
  • B. IMM
  • C. System Security Context
  • D. CONOPS

Correct Answer: A

Information Systems Security Engineering Professional (CISSP - ISSEP)  Free practice test
Menu