ISSEP ISC2 Exam Questions and Free Practice Test

Question 55

Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system

A. System Owner

B. Information Systems Security Officer (ISSO)

C. Designated Approving Authority (DAA)

D. Chief Information Security Officer (CISO)

Correct Answer:C

Question 56

Fill in the blank with the appropriate phrase. provides instructions and directions for completing the Systems Security Authorization Agreement (SSAA).

A. DoDI 5200.40

Correct Answer:A

Question 57

There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event

A. Acceptance

B. Enhance

C. Share

D. Exploit

Correct Answer:A

Question 58

Which of the following statements is true about residual risks

A. It can be considered as an indicator of threats coupled with vulnerability.

B. It is a weakness or lack of safeguard that can be exploited by a threat.

C. It is the probabilistic risk after implementing all security measures.

D. It is the probabilistic risk before implementing all security measures.

Correct Answer:C

Question 59

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting sensitive, unclassified information in the systems as stated in Section 2315 of Title 10, United States Code

A. Type I cryptography

B. Type II cryptography

C. Type III (E) cryptography

D. Type III cryptography

Correct Answer:B

Question 60

Which of the following sections of the SEMP template defines the project constraints, to include constraints on funding, personnel, facilities, manufacturing capability and capacity, critical resources, and other constraints

A. Section 3.1.5

B. Section 3.1.8

C. Section 3.1.9

D. Section 3.1.7

Correct Answer:B

START ISSEP EXAM