ISC issep practice test

Information Systems Security Engineering Professional

Last exam update: Dec 04 ,2025
Page 1 out of 15. Viewing questions 1-15 out of 214

Question 1

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a
methodology for assessing the security of information systems. Which of the following FITSAF levels
shows that the procedures and controls are tested and reviewed

  • A. Level 4
  • B. Level 5
  • C. Level 1
  • D. Level 2
  • E. Level 3
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 2

Which of the following is a type of security management for computers and networks in order to
identify security breaches

  • A. IPS
  • B. IDS
  • C. ASA
  • D. EAP
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which of the following types of firewalls increases the security of data packets by remembering the
state of connection at the network and the session layers as they pass through the filter

  • A. Stateless packet filter firewall
  • B. PIX firewall
  • C. Stateful packet filter firewall
  • D. Virtual firewall
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which of the following federal laws is designed to protect computer data from theft

  • A. Federal Information Security Management Act (FISMA)
  • B. Computer Fraud and Abuse Act (CFAA)
  • C. Government Information Security Reform Act (GISRA)
  • D. Computer Security Act
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which of the following is used to indicate that the software has met a defined quality level and is
ready for mass distribution either by electronic means or by physical media

  • A. ATM
  • B. RTM
  • C. CRO
  • D. DAA
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Part of your change management plan details what should happen in the change control system for
your project. Theresa, a junior project manager, asks what the configuration management activities
are for scope changes. You tell her that all of the following are valid configuration management
activities except for which one

  • A. Configuration Item Costing
  • B. Configuration Identification
  • C. Configuration Verification and Auditing
  • D. Configuration Status Accounting
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which of the following professionals is responsible for starting the Certification & Accreditation
(C&A) process

  • A. Authorizing Official
  • B. Information system owner
  • C. Chief Information Officer (CIO)
  • D. Chief Risk Officer (CRO)
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which of the following security controls is a set of layered security services that address
communications and data security problems in the emerging Internet and intranet application space

  • A. Internet Protocol Security (IPSec)
  • B. Common data security architecture (CDSA)
  • C. File encryptors
  • D. Application program interface (API)
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which of the following protocols is used to establish a secure terminal to a remote network device

  • A. WEP
  • B. SMTP
  • C. SSH
  • D. IPSec
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of the following elements of Registration task 4 defines the system's external interfaces as
well as the purpose of each external interface, and the relationship between the interface and the
system

  • A. System firmware
  • B. System software
  • C. System interface
  • D. System hardware
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Which of the following guidelines is recommended for engineering, protecting, managing,
processing, and controlling national security and sensitive (although unclassified) information

  • A. Federal Information Processing Standard (FIPS)
  • B. Special Publication (SP)
  • C. NISTIRs (Internal Reports)
  • D. DIACAP by the United States Department of Defense (DoD)
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Which of the following Security Control Assessment Tasks gathers the documentation and supporting
materials essential for the assessment of the security controls in the information system

  • A. Security Control Assessment Task 4
  • B. Security Control Assessment Task 3
  • C. Security Control Assessment Task 1
  • D. Security Control Assessment Task 2
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Which of the following professionals plays the role of a monitor and takes part in the organization's
configuration management process

  • A. Chief Information Officer
  • B. Authorizing Official
  • C. Common Control Provider
  • D. Senior Agency Information Security Officer
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Which of the following processes culminates in an agreement between key players that a system in
its current configuration and operation provides adequate protection controls

  • A. Certification and accreditation (C&A)
  • B. Risk Management
  • C. Information systems security engineering (ISSE)
  • D. Information Assurance (IA)
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has
been accredited in Phase 3. What are the process activities of this phase Each correct answer
represents a complete solution. Choose all that apply.

  • A. Security operations
  • B. Continue to review and refine the SSAA
  • C. Change management
  • D. Compliance validation
  • E. System operations
  • F. Maintenance of the SSAA
Mark Question:
Answer:

E,A,F,C,D

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
F
50%
Discussions
vote your answer:
A
B
C
D
E
F
0 / 1000
To page 2