ISC issep practice test

Which of the following guidelines is recommended for engineering, protecting, managing,
processing, and controlling national security and sensitive (although unclassified) information

• A. Federal Information Processing Standard (FIPS)
• B. Special Publication (SP)
• C. NISTIRs (Internal Reports)
• D. DIACAP by the United States Department of Defense (DoD)

Which of the following Security Control Assessment Tasks gathers the documentation and supporting
materials essential for the assessment of the security controls in the information system

• A. Security Control Assessment Task 4
• B. Security Control Assessment Task 3
• C. Security Control Assessment Task 1
• D. Security Control Assessment Task 2

Which of the following professionals plays the role of a monitor and takes part in the organization's
configuration management process

• A. Chief Information Officer
• B. Authorizing Official
• C. Common Control Provider
• D. Senior Agency Information Security Officer

Which of the following processes culminates in an agreement between key players that a system in
its current configuration and operation provides adequate protection controls

• A. Certification and accreditation (C&A)
• B. Risk Management
• C. Information systems security engineering (ISSE)
• D. Information Assurance (IA)

The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has
been accredited in Phase 3. What are the process activities of this phase Each correct answer
represents a complete solution. Choose all that apply.

• A. Security operations
• B. Continue to review and refine the SSAA
• C. Change management
• D. Compliance validation
• E. System operations
• F. Maintenance of the SSAA

Which of the following email lists is written for the technical audiences, and provides weekly
summaries of security issues, new vulnerabilities, potential impact, patches and workarounds, as
well as the actions recommended to mitigate risk

• A. Cyber Security Tip
• B. Cyber Security Alert
• C. Cyber Security Bulletin
• D. Technical Cyber Security Alert

Which of the following tasks obtains the customer agreement in planning the technical effort

• A. Task 9
• B. Task 11
• C. Task 8
• D. Task 10

Which of the following documents were developed by NIST for conducting Certification &
Accreditation (C&A) Each correct answer represents a complete solution. Choose all that apply.

• A. NIST Special Publication 800-59
• B. NIST Special Publication 800-60
• C. NIST Special Publication 800-37A
• D. NIST Special Publication 800-37
• E. NIST Special Publication 800-53
• F. NIST Special Publication 800-53A

Which of the following elements are described by the functional requirements task Each correct
answer represents a complete solution. Choose all that apply.

• A. Coverage
• B. Accuracy
• C. Quality
• D. Quantity

Which of the following documents is defined as a source document, which is most useful for the ISSE
when classifying the needed security functionality

• A. Information Protection Policy (IPP)
• B. IMM
• C. System Security Context
• D. CONOPS