ISC2 - Limited Time Discount Offer - Ends In 1d 00h 00m 00s Coupon code: Y2430OFF
  1. Home
  2. ISC2
  3. ISSEP Dumps
  4. Free ISSEP Questions

Free Information Systems Security Engineering Professional Questions for ISC2 Information Systems Security Engineering Professional Exam as PDF & Practice Test Software

Page:    1 / 14   
Total 220 questions

Question 1

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199.

What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete

solution. Choose all that apply.



Answer : A, B, C

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. FIPS

199 is a standard for security categorization of Federal Information and Information Systems. It

defines three levels of potential impact:

Low: It causes a limited adverse effect.

Medium: It causes a serious adverse effect.

High: It causes a severe adverse effect.


Question 2

Which of the following federal agencies coordinates, directs, and performs highly specialized

activities to protect U.S. information systems and produces foreign intelligence information?



Answer : B

The National Security Agency/Central Security Service (NSA/CSS) is a crypto-logic intelligence agency

of the United States government. It is

administered as part of the United States Department of Defense. NSA is responsible for the

collection and analysis of foreign communications

and foreign signals intelligence, which involves cryptanalysis.

NSA is also responsible for protecting U.S. government communications and information systems

from similar agencies elsewhere, which

involves cryptography. NSA is a key component of the U.S. Intelligence Community, which is headed

by the Director of National Intelligence.

The Central Security Service is a co-located agency created to coordinate intelligence activities and

co-operation between NSA and U.S.

military cryptanalysis agencies. NSA's work is limited to communications intelligence. It does not

perform field or human intelligence activities.

Answer option A is incorrect. The National Institute of Standards and Technology (NIST), known

between 1901 and 1988 as the National

Bureau of Standards (NBS), is a measurement standards laboratory which is a non-regulatory agency

of the United States Department of

Commerce. The institute's official mission is to promote U.S. innovation and industrial

competitiveness by advancing measurement science,

standards, and technology in ways that enhance economic security and improve quality of life.

Answer option C is incorrect. The Committee on National Security Systems (CNSS) is a United States

intergovernmental organization that sets

policy for the security of the US security systems. The CNSS holds discussions of policy issues, sets

national policy, directions, operational

procedures, and guidance for the information systems operated by the U.S. Government, its

contractors, or agents that contain classified

information, involve intelligence activities, involve cryptographic activities related to national

security, etc.

Answer option D is incorrect. The United States Congress is the bicameral legislature of the federal

government of the United States of

America. It consists of the Senate and the House of Representatives. The Congress meets in the

United States Capitol in Washington, D.C.

Both senators and representatives are chosen through direct election.

Each of the 435 members of the House of Representatives represents a district and serves a two-

year term. House seats are apportioned

among the states by population. The 100 Senators serve staggered six-year terms. Each state has

two senators, regardless of population.

Every two years, approximately one-third of the Senate is elected at a time. The United States

Congress main function is to make laws. The

Office of the Law Revision Counsel organizes and publishes the United States Code (USC). It is a

consolidation and codification by subject

matter of the general and permanent laws of the United States.


Question 3

Which of the following firewall types operates at the Network layer of the OSI model and can filter

data by port, interface address, source address, and destination address?



Answer : D

Packet filtering is a method that allows or restricts the flow of specific types of packets to provide

security. It analyzes the incoming and

outgoing packets and lets them pass or stops them at a network interface based on the source and

destination addresses, ports, or

protocols. Packet filtering provides a way to define precisely which type of IP traffic is allowed to

cross the firewall of an intranet. IP packet

filtering is important when users from private intranets connect to public networks, such as the

Internet.

Answer option B is incorrect. An application gateway firewall applies security mechanisms to specific

applications, such as FTP and Telnet

servers. This is very effective, but can impose a performance degradation.

Answer option A is incorrect. A circuit-level gateway firewall applies security mechanisms when a

TCP or UDP connection is established. Once

the connection has been made, packets can flow between the hosts without further checking.

Answer option C is incorrect. A proxy server firewall intercepts all messages entering and leaving the

network. The proxy server effectively

hides the true network addresses.


Question 4

Which of the following are the subtasks of the Define Life-Cycle Process Concepts task?

Each correct answer represents a complete solution. Choose all that apply.



Answer : A, B, D

The various subtasks of the Define Life-Cycle Process Concepts are as follows:

Manpower: It categorizes the required job tasks and associated work load used to determine the

staffing level required to support the

system life-cycle processes.

Personnel: It recognizes the skills needed by the personnel who will support the system life-cycle

processes.

Training: It classifies the training necessary to provide the personnel with the appropriate knowledge

and skills to support the system

life-cycle processes.

Human engineering: It identifies the human cognitive, physical, and sensory characteristics of the

personnel who will support the

system life-cycle processes.

Safety: It identifies the potential system design features that create significant risks of death, injury,

or acute chronic illness, disability,

or reduce job performance of personnel who will support the system life-cycle processes.


Question 5

Which of the following types of cryptography defined by FIPS 185 describes a cryptographicalgorithm or a tool accepted by the National Security Agency for protecting classified information?



Answer : D

The types ofcryptography defined by FIPS 185 are as follows:

Type I cryptography: It describes a cryptographic algorithm or a tool accepted bythe NationalSecurity Agency for protecting classifiedinformation.

Type II cryptography: It describes a cryptographic algorithm or a tool accepted by theNationalSecurity Agency for protectingsensitive, unclassifiedinformation in the systems as stated in Section 2315 ofTitle 10, United StatesCode, or Section3502(2) ofTitle44, United States Code.

Type III cryptography: It describes a cryptographic algorithm or a tool accepted as a FederalInformation Processing Standard.

Type III (E) cryptography: It describes a Type III algorithm or a tool that is accepted for export fromthe United States.


Page:    1 / 14   
Total 220 questions