Free ISC2 ISSEP Exam Questions

Become ISC2 Certified with updated ISSEP exam questions and correct answers

Page: 1 / 44

Total 220 Questions | Updated On: Mar 28, 2025

Add To Cart

Question 1

Continuous Monitoring is the fourth phase of the security certification and accreditation process.

What activities are performed in the Continuous Monitoring process?

Each correct answer represents a complete solution. Choose all that apply.

A : atus reporting and documentation

B : curity control monitoring and impact analyses of changes to the information system

C : nfiguration management and control

D : curity accreditation documentation

E : curity accreditation decision

Answer: A,B,C

Question 2

Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task?

A : curity Certification

B : curity Accreditation

C : itiation

D : ntinuous Monitoring

Answer: D

Question 3

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted as a Federal Information Processing Standard?

A : pe III (E) cryptography

B : pe III cryptography

C : pe I cryptography

D : pe II cryptography

Answer: B

Question 4

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation? Each correct answer represents a complete solution. Choose two.

A : creditation is a comprehensive assessment of the management, operational, and technical security controls in an information system

B : creditation is the official management decision given by a senior agency official to authorize operation of an information system

C : rtification is a comprehensive assessment of the management, operational, and technical security controls in an information system.

D : rtification is the official management decision given by a senior agency official to authorize operation of an information system.

Answer: B,C

Question 5

Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States?

A : nham Act

B : MA

C : mputer Fraud and Abuse Act

D : mputer Misuse Act

Answer: B

Page: 1 / 44

Total 220 Questions | Updated On: Mar 28, 2025

Add To Cart