Question 1

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting sensitive, unclassified information in the systems as stated in Section 2315 of Title 10, United States Code?

Options :

A : Type I cryptography

B : Type II cryptography

C : Type III (E) cryptography

D : Type III cryptography

Answer: B

Question 2

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation? Each correct answer represents a complete solution. Choose two.

Options :

A : Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system

B : Accreditation is the official management decision given by a senior agency official to authorize operation of an information system

C : Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.

D : Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Answer: B,C

Question 3

Which of the following are the most important tasks of the Information Management Plan (IMP)? Each correct answer represents a complete solution. Choose all that apply.

Options :

A : Define the Information Protection Policy (IPP)

B : Define the System Security Requirements

C : Define the mission need

D : Identify how the organization manages its information.

Answer: A,C,D

Question 4

Your project has several risks that may cause serious financial impact should they happen. You have

studied the risk events and made some potential risk responses for the risk events but management

wants you to do more. They'd like for you to create some type of a chart that identified the risk

probability and impact with a financial amount for each risk event. What is the likely outcome of

creating this type of chart?

Options :

A : Risk response plan

B : Quantitative analysis

C : Risk response

D : Contingency reserve

Answer: D

Question 5

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete solution. Choose all that apply.

Options :

A : High

B : Medium

C : Low

D : Moderate

Answer: A,B,C

Free ISSEP Mock Exam – Practice Online Confidently

Buying Options: