Free ISC2 ISSEP Exam Questions
Try our Free Demo Practice Tests for Comprehensive ISSEP Exam Preparation
-
ISC2 ISSEP Exam Questions
-
Provided By: ISC2
- Exam: Information Systems Security Engineering Professional
- Certification: CISSP Concentrations
-
Total Questions: 220
-
Updated On: Feb 18, 2025
-
Rated: 4.9 |
-
Online Users: 440
-
Question 1
-
Your project has several risks that may cause serious financial impact should they happen. You havestudied the risk events and made some potential risk responses for the risk events but managementwants you to do more. They'd like for you to create some type of a chart that identified the riskprobability and impact with a financial amount for each risk event. What is the likely outcome ofcreating this type of chart?
Answer: D
-
-
Question 2
-
In which of the following DIACAP phases is residual risk analyzed?
Answer: A
-
In which of the following DIACAP phases is residual risk analyzed?
-
Question 3
-
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is
a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and
Accreditation? Each correct answer represents a complete solution. Choose two.
Answer: B,C
-
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is
a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and
Accreditation? Each correct answer represents a complete solution. Choose two.
-
Question 4
-
Della works as a security engineer for BlueWell Inc. She wants to establish configuration
management and control procedures that will document proposed or actual changes to the
information system. Which of the following phases of NIST SP 800-37 C&A methodology will define
the above task?
Answer: D
-
Della works as a security engineer for BlueWell Inc. She wants to establish configuration
management and control procedures that will document proposed or actual changes to the
information system. Which of the following phases of NIST SP 800-37 C&A methodology will define
the above task?
-
Question 5
-
According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight InformationAssurance (IA) areas, and the controls are referred to as IA controls. Which of the following areamong the eight areas of IA defined by DoD?Each correct answer represents a complete solution. Choose all that apply
Answer: A,B,C
-