ISC ISSEP Exam Questions

Questions for the ISSEP were updated on : Dec 14 ,2025

Page 1 out of 15. Viewing questions 1-15 out of 214

Question 1

Which of the following CNSS policies describes the national policy on controlled access protection

  • A. NSTISSP No. 101
  • B. NSTISSP No. 200
  • C. NCSC No. 5
  • D. CNSSP No. 14
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which of the following organizations incorporates building secure audio and video communications
equipment, making tamper protection products, and providing trusted microelectronics solutions

  • A. DTIC
  • B. NSA IAD
  • C. DIAP
  • D. DARPA
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Continuous Monitoring is the fourth phase of the security certification and accreditation process.
What activities are performed in the Continuous Monitoring process Each correct answer represents
a complete solution. Choose all that apply.

  • A. Status reporting and documentation
  • B. Security control monitoring and impact analyses of changes to the information system
  • C. Configuration management and control
  • D. Security accreditation documentation E. Security accreditation decision
Answer:

C,B,A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

You are working as a project manager in your organization. You are nearing the final stages of project
execution and looking towards the final risk monitoring and controlling activities. For your project
archives, which one of the following is an output of risk monitoring and control

  • A. Quantitative risk analysis
  • B. Risk audits
  • C. Requested changes
  • D. Qualitative risk analysis
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which of the following are the major tasks of risk management Each correct answer represents a
complete solution. Choose two.

  • A. Risk identification
  • B. Building Risk free systems
  • C. Assuring the integrity of organizational data
  • D. Risk control
Answer:

A,D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic
algorithm or a tool accepted by the National Security Agency for protecting classified information

  • A. Type III cryptography
  • B. Type III (E) cryptography
  • C. Type II cryptography
  • D. Type I cryptography
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities

  • A. Advisory memoranda
  • B. Directives
  • C. Instructions
  • D. Policies
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which of the following security controls will you use for the deployment phase of the SDLC to build
secure software Each correct answer represents a complete solution. Choose all that apply.

  • A. Risk Adjustments
  • B. Security Certification and Accreditation (C&A)
  • C. Vulnerability Assessment and Penetration Testing
  • D. Change and Configuration Control
Answer:

C,B,A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Registration Task 5 identifies the system security requirements. Which of the following elements of
Registration Task 5 defines the type of data processed by the system

  • A. Data security requirement
  • B. Network connection rule
  • C. Applicable instruction or directive
  • D. Security concept of operation
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

John works as a security engineer for BlueWell Inc. He wants to identify the different functions that
the system will need to perform to meet the documented missionbusiness needs. Which of the
following processes will John use to achieve the task

  • A. Modes of operation
  • B. Performance requirement
  • C. Functional requirement
  • D. Technical performance measures
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Which of the following requires all general support systems and major applications to be fully
certified and accredited before these systems and applications are put into production Each correct
answer represents a part of the solution. Choose all that apply.

  • A. Office of Management and Budget (OMB)
  • B. NIST
  • C. FISMA
  • D. FIPS
Answer:

C,

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Which of the following are the benefits of SE as stated by MIL-STD-499B Each correct answer
represents a complete solution. Choose all that apply.

  • A. It develops work breakdown structures and statements of work.
  • B. It establishes and maintains configuration management of the system.
  • C. It develops needed user training equipment, procedures, and data.
  • D. It provides high-quality products and services, with the correct people and performance features, at an affordable price, and on time.
Answer:

C,B,A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic
algorithm or a tool accepted as a Federal Information Processing Standard

  • A. Type III (E) cryptography
  • B. Type III cryptography
  • C. Type I cryptography
  • D. Type II cryptography
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Which of the following are the functional analysis and allocation tools Each correct answer
represents a complete solution. Choose all that apply.

  • A. Functional flow block diagram (FFBD)
  • B. Activity diagram
  • C. Timeline analysis diagram
  • D. Functional hierarchy diagram
Answer:

D, A,C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Which of the following DoD policies establishes policies and assigns responsibilities to achieve DoD
IA through a defense-in-depth approach that integrates the capabilities of personnel, operations, and
technology, and supports the evolution to network-centric warfare

  • A. DoD 8500.2 Information Assurance Implementation
  • B. DoD 8510.1-M DITSCAP
  • C. DoDI 5200.40
  • D. DoD 8500.1 Information Assurance (IA)
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2