
ベストな準備プランCISSP-ISSEP試験2025年最新のCISSP Concentrations無制限220問題
注目すべき時短になるCISSP-ISSEPオールインワン試験ガイド
質問 # 128
Which of the following types of CNSS issuances describes how to implement the policy or prescribes the manner of a policy
- A. Directives
- B. Instructions
- C. Advisory memoranda
- D. Policies
正解:B
質問 # 129
Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life
- A. Committee on National Security Systems (CNSS)
- B. National Security Agency (NSA)
- C. United States Congress
- D. National Institute of Standards and Technology (NIST)
正解:D
質問 # 130
Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document Each correct answer represents a complete solution. Choose all that apply.
- A. It allocates security mechanisms to system security design elements.
- B. It identifies candidate commercial off-the-shelf (COTS)government off-the-shelf (GOTS) security products.
- C. It identifies custom security products.
- D. It identifies the information protection problems that needs to be solved.
正解:A、B、C
解説:
Explanation
質問 # 131
You work as a security engineer for BlueWell Inc. You are working on the ISSE model. In which of the following phases of the ISSE model is the system defined in terms of what security is needed
- A. Discover information protection needs
- B. Define system security architecture
- C. Define system security requirements
- D. Develop detailed security design
正解:C
質問 # 132
Which of the following processes provides guidance to the system designers and form the basis of major events in the acquisition phases, such as testing the products for system integration
- A. Functional requirements
- B. Performance requirements
- C. Operational scenarios
- D. Human factors
正解:C
解説:
Explanation/Reference:
質問 # 133
Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards Each correct answer represents a complete solution. Choose all that apply.
- A. Information systems acquisition, development, and maintenance
- B. CA Certification, Accreditation, and Security Assessments
- C. IR Incident Response
- D. SA System and Services Acquisition
正解:B、C、D
質問 # 134
The functional analysis process is used for translating system requirements into detailed function criteria. Which of the following are the elements of functional analysis process? Each correct answer represents a complete solution. Choose all that apply.
- A. Decompose functional requirements into discrete tasks or activities, the focus is still on technology not functions or components.
- B. Model possible overall system behaviors that are needed to achieve the system requirements.
- C. Develop concepts and alternatives that are not technology or component bound.
- D. Use a top-down with some bottom-up approach verification.
正解:B、C、D
質問 # 135
Which of the following agencies provides command and control capabilities and enterprise infrastructure to continuously operate and assure a global net-centric enterprise in direct support to joint warfighters, National level leaders, and other mission and coalition partners across the full spectrum of operations
- A. DARPA
- B. DTIC
- C. DISA
- D. DIAP
正解:C
質問 # 136
SIMULATION
Fill in the blank with an appropriate phrase. _________________ is used to verify and accredit systems by making a standard process, set of activities, general tasks, and management structure.
正解:
解説:
DITSCAPNIACAP
質問 # 137
Which of the following acts assigns the Chief Information Officers (CIO) with the responsibility to develop Information Technology Architectures (ITAs) and is also referred to as the Information Technology Management Reform Act (ITMRA)
- A. Lanham Act
- B. Computer Misuse Act
- C. Paperwork Reduction Act
- D. Clinger Cohen Act
正解:D
質問 # 138
Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media
- A. ATM
- B. CRO
- C. RTM
- D. DAA
正解:C
質問 # 139
Which of the following protocols is built in the Web server and browser to encrypt data traveling over the Internet
- A. HTTP
- B. UDP
- C. IPSec
- D. SSL
正解:D
質問 # 140
Which of the following DITSCAPNIACAP model phases is used to confirm that the evolving system development and integration complies with the agreements between role players documented in the first phase
- A. Definition
- B. Verification
- C. Validation
- D. Post accreditation
正解:B
質問 # 141
Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels? Each correct answer represents a complete solution. Choose all that apply.
- A. Senior Information Security Officer
- B. User Representative
- C. Authorizing Official
- D. Chief Information Officer
- E. AO Designated Representative
正解:A、C、D、E
質問 # 142
Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through the filter
- A. PIX firewall
- B. Stateless packet filter firewall
- C. Virtual firewall
- D. Stateful packet filter firewall
正解:D
質問 # 143
Which of the following email lists is written for the technical audiences, and provides weekly summaries of security issues, new vulnerabilities, potential impact, patches and workarounds, as well as the actions recommended to mitigate risk
- A. Cyber Security Bulletin
- B. Cyber Security Tip
- C. Cyber Security Alert
- D. Technical Cyber Security Alert
正解:A
質問 # 144
Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation
- A. Classic information security model
- B. Parkerian Hexad
- C. Capability Maturity Model (CMM)
- D. Five Pillars model
正解:D
質問 # 145
Which of the following NIST Special Publication documents provides a guideline on network security testing
- A. NIST SP 800-42
- B. NIST SP 800-59
- C. NIST SP 800-37
- D. NIST SP 800-53A
- E. NIST SP 800-53
- F. NIST SP 800-60
正解:A
質問 # 146
Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process
- A. Information system owner
- B. Chief Risk Officer (CRO)
- C. Authorizing Official
- D. Chief Information Officer (CIO)
正解:A
質問 # 147
Fill in the blank with an appropriate phrase. _________________ is used to verify and accredit systems by making a standard process, set of activities, general tasks, and management structure.
- A. DITSCAPNIACAP
正解:A
質問 # 148
What NIACAP certification levels are recommended by the certifier Each correct answer represents a complete solution. Choose all that apply.
- A. Detailed Analysis
- B. Comprehensive Analysis
- C. Basic Security Review
- D. Maximum Analysis
- E. Minimum Analysis
- F. Basic System Review
正解:A、B、C、E
質問 # 149
Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support
- A. Registration Task 4
- B. Registration Task 3
- C. Registration Task 1
- D. Registration Task 2
正解:D
質問 # 150
Fill in the blank with an appropriate section name. _________________ is a section of the SEMP template, which specifies the methods and reasoning planned to build the requisite trade-offs between functionality, performance, cost, and risk.
- A. System Analysis
正解:A
質問 # 151
Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions
- A. DARPA
- B. DTIC
- C. NSA IAD
- D. DIAP
正解:C
質問 # 152
Which of the following agencies is responsible for funding the development of many technologies such as computer networking, as well as NLS
- A. DARPA
- B. DTIC
- C. DISA
- D. DIAP
正解:A
質問 # 153
......
合格保証付きCISSP-ISSEP問題集:https://www.goshiken.com/ISC/CISSP-ISSEP-mondaishu.html
あなたを合格さすISC CISSP-ISSEP試験専門はここにある:https://drive.google.com/open?id=1s77RStcMP1uC-KuhYIUWb-UKijrCsGUr