Download ISSEP Misc Exam Questions And Accurate Answers (A+ Graded) and more Exams Advanced Education in PDF only on Docsity!
ISSEP Misc Exam Questions And Accurate Answers
(A+ Graded)
SDLC Phases - Solution Initiation need for system is expressed/ documented Development/Acquisition system designed, purchased and developed Implementation/Assessment Operation/ Maintenance Disposal
CNSSP 14 Solution Disposition of security information to contractors and other non-government personnel
CNSSP 15 Solution AES
CNSSD 500 Solution IA training, awareness, etc
INFOSEC 2-00 Solution NIAP partnership notification
CNSSP 6 Solution C&A
CNSSP 7 Solution commercial solutions
CNSSP 11 - Response acquisition of IA enabled products
CNSSP 35 - Response PKI
NSTISSP 101 - Response secure voice comms
NACSI 6002 - Response National comsec instruction exchange of classified information with contractors
CNSS IA 1-04 - Response Defense in Depth
NIST 800-30 - Response Risk Assessment
NIST 800-25 - Response PKI
NIST 800-88 - Response Media Sanitization
NIST 800-27a - Response Security engineering principles
NIST 800-100 - Response Info security handbook for manager
NIST 800-122 - Answer Protecting Confidentiality of PII
NIST 800-128 - Answer CM
FIPS 180 - Answer SHA
FIPS 186 - Answer DES
hash, pp key pair, message digest
ISO 21827 - Comment SSE-CMM
ISO 26703 - Comment Tasks throughout SDLC
ISO 27001 - Comment Information Security Management
risk - Answer likelihood of threat source exercising a potential vulnerability and the resulting impact
Risk Management - Answer Risk Assessment Risk Mitigation Evaluation & Assessment
DoD 5000.2 - Answer DoD Acquisition Process
DoD 5220.22-M - Answer NISPOM
Managing access to classified information for private industry
OMB M-00-7 - Answer Funding security
Computer Security Act of 1987 - Answer - minimum acceptable security practices
- assigns responsibility to NIST for developing standards and guidelines
- Mandatory periodic training
E-Gov Act of 2002 - Answer FISMA Title III
- federal agencies are required to provide security
- we must secure our systems
DIACAP DIP - Answer strategy for system implementation
DIACAP Phases - Answer - Initiate & Plan (reg sys, assign controls, assemble team, start DIP)
- Implement & Validate (validate, POAM, scorecard)
- Make C&A Decision
- Maintain ATO Decommission
DoD 851o - Answer DIACAP
DITSCAP/NIACAP Phases - Answer Definition (boundaries, draft SSAA, tailor process/scope) Development of verification system, start C&A document outcome of C&A Validation test & C&A Post-Accreditation system operation, security operations, C&M/Change Control Maintain SSAA NIST Assessment Process - Prepare Plan Conduct assessment Analyze reports OMB A-11 Budget prep Risk Management Process Steps Frame establish the risk context; produces risk management strategy Assess output: determine risk Respond Monitor
conduct BIA identify preventative controls develop recovery strategies develop contingency plan plan, testing, training, exercise, plan maintenance
CNSSI 4012 - Answer Training Standard for Senior System Managers
CNSSI 4013 - Answer Training Standard for SA's
CNSSI 4014 - Training Standard for System Security Officers CNSSI 4015 - Training Standard for Certifying Officials CNSSI 4016 - Training Standard for Risk Analysts NIST 800-47 - Interconnections planning, establishing, maintaining, disconnecting NIST 800-94 - IDS NSTISSAM/COMPUSEC 1-98 - Firewalls/Guards NCSC 5 - National Communications Security Committee Use of Crypto material in high-risk environment DoDD 8100.1 - GIG overarching policy clinger-coven act ISO 15504 - SPICE
Framework for software process evaluation (5)
OCTAVE - Answer
Project Management - Answer Initiate Plan Execute Govern Control Close
SSE CMM - Answer 1. Initial (Done informally)
- Repeatable (documented & measured)
- Well Defined
- Controlled (measured & controlled)
- Optimizing
SEMP - Answer System Engineering Management Plan unifies several integrated, plans
Six SIgma - Answer Risk Based Strategic Assessment
Technical Effort Planning - Answer - Estimate Project Scope
- Identify resources & availability
- identify roles/responsibilities
- estimate project costs
- develop project schedule identify technical activities identify deliverables define management interfaces
information objects
IMP - Answer Information Management Plan
identifies mission need IMM IPP
likelihood - Answer threat * vulnerability
PNE Docs - Answer Project Plan/Task Definition Customer Documentation IMM IPP
risk = - Answer likelihood * consequences
Solution Sets - Answer System context preliminary CONOPS system requirements
IATF information system areas - Answer LAN Enclave network * infrastructure support infrastructure
SDLC/(Security Engineering + System Engineering) - Answer Secure System
ICD 503 - Answer Risk management C&A
