ISC CISSP-ISSEP Actual Free Exam Questions & Community Discussion

Exam Code/Number: CISSP-ISSEP
Exam Name/Title: CISSP-ISSEP - Information Systems Security Engineering Professional
Certification Provider: ISC
Corresponding Certification: CISSP Concentrations

Exam Questions: 220
Updated On: May 31, 2026

Question #29

Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support?

A. Registration Task 4

B. Registration Task 3

C. Registration Task 1

D. Registration Task 2

Discussion 0

Correct Answer: D Vote an answer

Question #30

Which of the following is the application of statistical methods to the monitoring and control of a process to ensure that it operates at its full potential to produce conforming product?

A. Information management model (IMM)

B. Statistical process control (SPC)

C. Information Assurance (IA)

D. Information Protection Policy (IPP)

Discussion 0

Correct Answer: B Vote an answer

Question #31

Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system?

A. Security concept of operation

B. Data security requirement

C. Applicable instruction or directive

D. Network connection rule

Discussion 0

Correct Answer: B Vote an answer

Question #32

Which of the following individuals is an upper-level manager who has the power and capability to evaluate the mission, business case, and budgetary needs of the system while also considering the security risks?

A. Certifier

B. Program Manager

C. User Representative

D. DAA

Discussion 0

Correct Answer: D Vote an answer

Question #33

Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs?

A. User representative

B. IS program manager

C. DAA

D. Certification Agent

Discussion 0

Correct Answer: B Vote an answer

Question #34

You work as a systems engineer for BlueWell Inc. You want to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non- repudiation. Which of the following processes will you use to accomplish the task?

A. Risk Management

B. Information Assurance (IA)

C. Risk Analysis

D. Information Systems Security Engineering (ISSE)

Discussion 0

Correct Answer: B Vote an answer

Question #35

Fill in the blanks with an appropriate phrase. A ________ is an approved build of the product, and can be a single component or a combination of components.

A. development baseline

Discussion 0

Correct Answer: A Vote an answer

Question #36

Which of the following phases of the ISSE model is used to determine why the system needs to be built and what information needs to be protected?

A. Discover information protection needs

B. Define system security architecture

C. Develop detailed security design

D. Define system security requirements

Discussion 0

Correct Answer: A Vote an answer

Question #37

Which of the following is a subset discipline of Corporate Governance focused on information security systems and their performance and risk management?

A. Lanham Act

B. Clinger-Cohen Act

C. Computer Misuse Act

D. ISG

Discussion 0

Correct Answer: D Vote an answer

Question #38

Stella works as a system engineer for BlueWell Inc. She wants to identify the performance thresholds of each build. Which of the following tests will help Stella to achieve her task?

A. Functional test

B. Regression test

C. Reliability test

D. Performance test

Discussion 0

Correct Answer: D Vote an answer

Question #39

The DoD 8500 policy series represents the Department's information assurance strategy.
Which of the following objectives are defined by the DoD 8500 series? Each correct answer represents a complete solution. Choose all that apply.

A. Protecting information

B. Providing command and control and situational awareness

C. Providing IA Certification and Accreditation

D. Defending systems

Discussion 0

Correct Answer: A,B,D Vote an answer

Question #40

You work as a security engineer for BlueWell Inc. You are working on the ISSE model. In which of the following phases of the ISSE model is the system defined in terms of what security is needed?

A. Discover information protection needs

B. Define system security architecture

C. Develop detailed security design

D. Define system security requirements

Discussion 0

Correct Answer: D Vote an answer

Question #41

Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life?

A. United States Congress

B. National Institute of Standards and Technology (NIST)

C. Committee on National Security Systems (CNSS)

D. National Security Agency (NSA)

Discussion 0

Correct Answer: B Vote an answer

Question #42

Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy?

A. Application program interface (API)

B. Common data security architecture (CDSA)

C. Trusted computing base (TCB)

D. Internet Protocol Security (IPSec)

Discussion 0

Correct Answer: C Vote an answer

Download Free ISC CISSP-ISSEP Demo

Simply submit your e-mail address below to get started with our free demo of your ISC CISSP-ISSEP exam.