Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISC
  3. CISSP-ISSEP

ISC Information Systems Security Engineering Professional CISSP-ISSEP Exam Questions in PDF

Free ISC CISSP-ISSEP Dumps Questions (page: 1)

CISSP-ISSEP PDF — 214 Questions

Which of the following approaches can be used to build a security program?
Each correct answer represents a complete solution. Choose all that apply.

  1. Right-Up Approach
  2. Left-Up Approach
  3. Bottom-Up Approach
  4. Top-Down Approach

Answer(s): C,D



Fill in the blank with the appropriate phrase. __________ provides instructions and directions for completing the Systems Security Authorization Agreement (SSAA).

  1. DoDI 5200.40

Answer(s): A



Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle?

  1. Phase 1, Definition
  2. Phase 3, Validation
  3. Phase 4, Post Accreditation Phase
  4. Phase 2, Verification

Answer(s): C



Which of the following DoD policies provides assistance on how to implement policy, assign responsibilities, and prescribe procedures for applying integrated, layered protection of the DoD information systems and networks?

  1. DoD 8500.1 Information Assurance (IA)
  2. DoDI 5200.40
  3. DoD 8510.1-M DITSCAP
  4. DoD 8500.2 Information Assurance Implementation

Answer(s): D



Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document?
Each correct answer represents a complete solution. Choose all that apply.

  1. It identifies the information protection problems that needs to be solved.
  2. It allocates security mechanisms to system security design elements.
  3. It identifies custom security products.
  4. It identifies candidate commercial off-the-shelf (COTS) government off-the-shelf (GOTS) security products.

Answer(s): B,C,D



Which of the following are the functional analysis and allocation tools?
Each correct answer represents a complete solution. Choose all that apply.

  1. Functional flow block diagram (FFBD)
  2. Activity diagram
  3. Timeline analysis diagram
  4. Functional hierarchy diagram

Answer(s): A,C,D



Which of the following Net-Centric Data Strategy goals are required to increase enterprise and community data over private user and system data?
Each correct answer represents a complete solution. Choose all that apply.

  1. Understandability
  2. Visibility
  3. Interoperability
  4. Accessibility

Answer(s): B,D



System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan?
Each correct answer represents a part of the solution. Choose all that apply.

  1. Certification
  2. Authorization
  3. Post-certification
  4. Post-Authorization
  5. Pre-certification

Answer(s): A,B,D,E



Viewing page 1 of 28

Share your comments for ISC CISSP-ISSEP exam with other users:

S
srameh
4/14/2026 10:09:29 AM

Question 3:

  • Correct answer: Phase 4, Post Accreditation

  • Explanation:
- In DITSCAP, the four phases are: - Phase 1: Definition (concept and requirements) - Phase 2: Verification (design and testing) - Phase 3: Validation (fielding and evaluation) - Phase 4: Post Accreditation (ongoing operations and lifecycle management) - The description—continuing operation of an accredited IT system and addressing changing threats throughout its life cycle—fits the Post Accreditation phase, which covers operations, maintenance, monitoring, and reauthorization as threats and environment evolve.

France
AI Tutor 👋 I’m here to help!