ISSEP Online Practice Questions and Answers
Which of the following documents were developed by NIST for conducting Certification and Accreditation (CandA) Each correct answer represents a complete solution. Choose all that apply.
A. NIST Special Publication 800-59
B. NIST Special Publication 800-60
C. NIST Special Publication 800-37A
D. NIST Special Publication 800-37
E. NIST Special Publication 800-53
F. NIST Special Publication 800-53A
You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 CandA methodology, which is based on four well defined phases. In which of the following phases of NIST SP 800-37 CandA methodology does the security categorization occur
A. Continuous Monitoring
B. Initiation
C. Security Certification
D. Security Accreditation
Which of the following acts promote a risk-based policy for cost effective security Each correct answer represents a part of the solution. Choose all that apply.
A. Clinger-Cohen Act
B. Lanham Act
C. Paperwork Reduction Act (PRA)
D. Computer Misuse Act
Which of the following tasks prepares the technical management plan in planning the technical effort
A. Task 10
B. Task 9
C. Task 7
D. Task 8
NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews
A. Abbreviated
B. Significant
C. Substantial
D. Comprehensive
Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy
A. Trusted computing base (TCB)
B. Common data security architecture (CDSA)
C. Internet Protocol Security (IPSec)
D. Application program interface (API)
Which of the following individuals is an upper-level manager who has the power and capability to evaluate the mission, business case, and budgetary needs of the system while also considering the security risks
A. User Representative
B. Program Manager
C. Certifier
D. DAA
Which of the following firewall types operates at the Network layer of the OSI model and can filter data by port, interface address, source address, and destination address
A. Circuit-level gateway
B. Application gateway
C. Proxy server
D. Packet Filtering
FIPS 199 defines the three levels of potential impact on organizations low, moderate, and high. Which of the following are the effects of loss of confidentiality, integrity, or availability in a high level potential impact
A. The loss of confidentiality, integrity, or availability might cause severe degradation in or loss of mission capability to an extent.
B. The loss of confidentiality, integrity, or availability might result in major financial losses.
C. The loss of confidentiality, integrity, or availability might result in a major damage to organizational assets.
D. The loss of confidentiality, integrity, or availability might result in severe damages like life threatening injuries or loss of life.
Fill in the blank with an appropriate phrase. _________________ is used to verify and accredit systems by making a standard process, set of activities, general tasks, and management structure.