ISSEP Online Practice Questions and Answers

Fill in the blank with an appropriate phrase. _________________ is used to verify and accredit systems by making a standard process, set of activities, general tasks, and management structure.

Fill in the blanks with an appropriate phrase. The______________ is the process of translating system requirements into detailed function criteri a.

Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process

A. Chief Information Officer

B. Authorizing Official

C. Common Control Provider

D. Senior Agency Information Security Officer

What are the subordinate tasks of the Initiate and Plan IA CandA phase of the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

A. Develop DIACAP strategy.

B. Initiate IA implementation plan.

C. Conduct validation activity.

D. Assemble DIACAP team.

E. Register system with DoD Component IA Program.

F. Assign IA controls.

Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle

A. Phase 1, Definition

B. Phase 3, Validation

C. Phase 4, Post Accreditation Phase

D. Phase 2, Verification

In which of the following DIACAP phases is residual risk analyzed

A. Phase 2

B. Phase 3

C. Phase 5

D. Phase 1

E. Phase 4

Which of the following acts assigns the Chief Information Officers (CIO) with the responsibility to develop Information Technology Architectures (ITAs) and is also referred to as the Information Technology Management Reform Act (ITMRA)

A. Paperwork Reduction Act

B. Computer Misuse Act

C. Lanham Act

D. Clinger Cohen Act

Which of the following phases of NIST SP 800-37 CandA methodology examines the residual risk for acceptability, and prepares the final security accreditation package

A. Initiation

B. Security Certification

C. Continuous Monitoring

D. Security Accreditation

Which of the following is the acronym of RTM

A. Resource tracking method

B. Requirements Testing Matrix

C. Requirements Traceability Matrix

D. Resource timing method

Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation

A. Chief Information Officer

B. Chief Information Security Officer

C. Chief Risk Officer

D. Information System Owner