
オンライン問題で最適なCISSP-ISSEP試験練習問題(最新の220問題)
練習問題CISSP-ISSEP素晴らしい練習用のCISSP-ISSEP - Information Systems Security Engineering Professionalテスト問題
質問 # 66
Which of the following cooperative programs carried out by NIST speed ups the development of modern technologies for broad, national benefit by co-funding research and development partnerships with the private sector
- A. Advanced Technology Program
- B. NIST Laboratories
- C. Manufacturing Extension Partnership
- D. Baldrige National Quality Program
正解:A
質問 # 67
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies Each correct answer represents a complete solution. Choose all that apply.
- A. Systematic
- B. Regulatory
- C. Advisory
- D. Informative
正解:B、C、D
質問 # 68
Which of the following acts promote a risk-based policy for cost effective security Each correct answer represents a part of the solution. Choose all that apply.
- A. Computer Misuse Act
- B. Paperwork Reduction Act (PRA)
- C. Clinger-Cohen Act
- D. Lanham Act
正解:B、C
質問 # 69
Which of the following tasks obtains the customer agreement in planning the technical effort
- A. Task 10
- B. Task 8
- C. Task 9
- D. Task 11
正解:D
質問 # 70
Which of the following statements is true about residual risks
- A. It is a weakness or lack of safeguard that can be exploited by a threat.
- B. It can be considered as an indicator of threats coupled with vulnerability.
- C. It is the probabilistic risk before implementing all security measures.
- D. It is the probabilistic risk after implementing all security measures.
正解:D
質問 # 71
Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document Each correct answer represents a complete solution.
Choose all that apply.
- A. It identifies the information protection problems that needs to be solved.
- B. It allocates security mechanisms to system security design elements.
- C. It identifies candidate commercial off-the-shelf (COTS)government off-the-shelf (GOTS) security products.
- D. It identifies custom security products.
正解:B、C、D
質問 # 72
Which of the following is NOT used in the practice of Information Assurance (IA) to define assurance requirements
- A. Classic information security model
- B. Communications Management Plan
- C. Five Pillars model
- D. Parkerian Hexad
正解:B
質問 # 73
Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives
- A. NIST SP 800-60
- B. NIST SP 800-26
- C. NIST SP 800-53A
- D. NIST SP 800-37
- E. NIST SP 800-59
- F. NIST SP 800-53
正解:B
質問 # 74
Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems
- A. Computer Fraud and Abuse Act
- B. Computer Security Act
- C. Gramm-Leach-Bliley Act
- D. Digital Millennium Copyright Act
正解:A
質問 # 75
Which of the following documents is described in the statement below It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning.
- A. Risk register
- B. Risk management plan
- C. Quality management plan
- D. Project charter
正解:A
質問 # 76
Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs
- A. DAA
- B. User representative
- C. Certification Agent
- D. IS program manager
正解:D
質問 # 77
Which of the following terms describes the security of an information system against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users or the provision of service to unauthorized users
- A. Information Protection Policy (IPP)
- B. Information Systems Security Engineering (ISSE)
- C. Information systems security (InfoSec)
- D. Information Assurance (IA)
正解:C
質問 # 78
Fill in the blank with an appropriate phrase. A ____________________ is defined as any activity that has an effect on defining, designing, building, or executing a task, requirement, or procedure.
- A. technical effort
正解:A
質問 # 79
Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems
- A. National Institute of Standards and Technology (NIST)
- B. National Security AgencyCentral Security Service (NSACSS)
- C. Committee on National Security Systems (CNSS)
- D. United States Congress
正解:C
質問 # 80
You work as a system engineer for BlueWell Inc. Which of the following documents will help you to describe the detailed plans, procedures, and schedules to guide the transition process
- A. Acquisition plan
- B. Transition plan
- C. Configuration management plan
- D. Systems engineering management plan (SEMP)
正解:B
質問 # 81
Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls
- A. ATO
- B. IATO
- C. IATT
- D. DATO
正解:B
質問 # 82
Which of the following is a document, usually in the form of a table, that correlates any two baseline documents that require a many-to-many relationship to determine the completeness of the relationship
- A. FIPS 200
- B. FIPS 199
- C. NIST SP 800-50
- D. Traceability matrix
正解:D
質問 # 83
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation Each correct answer represents a complete solution. Choose all that apply.
- A. Secure accreditation
- B. System accreditation
- C. Type accreditation
- D. Site accreditation
正解:B、C、D
質問 # 84
During a fingerprint verification process, which of the following is used to verify identity and authentication?
- A. Sets of digits are matched with stored values
- B. A hash table is matched to a database of stored value
- C. A pressure value is compared with a stored template
- D. A template of minutiae is compared with a stored template
正解:D
質問 # 85
What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process Each correct answer represents a complete solution. Choose all that apply.
- A. Assign IA controls.
- B. Initiate IA implementation plan.
- C. Register system with DoD Component IA Program.
- D. Develop DIACAP strategy.
- E. Assemble DIACAP team.
- F. Conduct validation activity.
正解:A、B、C、D、E
質問 # 86
......
リアルなCISSP-ISSEP試験別格な練習試験問題:https://www.goshiken.com/ISC/CISSP-ISSEP-mondaishu.html
100%合格率でリアルなCISSP-ISSEP試験成功ゲット:https://drive.google.com/open?id=1s77RStcMP1uC-KuhYIUWb-UKijrCsGUr