Question 1

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation? Each correct answer represents a complete solution. Choose two.

Options :

A : Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system

B : Accreditation is the official management decision given by a senior agency official to authorize operation of an information system

C : Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.

D : Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Answer: B,C

Question 2

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting sensitive, unclassified information in the systems as stated in Section 2315 of Title 10, United States Code?

Options :

A : Type I cryptography

B : Type II cryptography

C : Type III (E) cryptography

D : Type III cryptography

Answer: B

Question 3

Continuous Monitoring is the fourth phase of the security certification and accreditation process.

What activities are performed in the Continuous Monitoring process?

Each correct answer represents a complete solution. Choose all that apply.

Options :

A : Status reporting and documentation

B : Security control monitoring and impact analyses of changes to the information system

C : Configuration management and control

D : Security accreditation documentation

E : Security accreditation decision

Answer: A,B,C

Question 4

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted as a Federal Information Processing Standard?

Options :

A : Type III (E) cryptography

B : Type III cryptography

C : Type I cryptography

D : Type II cryptography

Answer: B

Question 5

Your project has several risks that may cause serious financial impact should they happen. You have

studied the risk events and made some potential risk responses for the risk events but management

wants you to do more. They'd like for you to create some type of a chart that identified the risk

probability and impact with a financial amount for each risk event. What is the likely outcome of

creating this type of chart?

Options :

A : Risk response plan

B : Quantitative analysis

C : Risk response

D : Contingency reserve

Answer: D

Free ISSEP Mock Exam – Practice Online Confidently

Buying Options: