Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISC
  3. CISSP-ISSEP

ISC Information Systems Security Engineering Professional CISSP-ISSEP Exam Questions in PDF

Free ISC CISSP-ISSEP Dumps Questions (page: 5)

CISSP-ISSEP PDF — 214 Questions

Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after the implementation of new or enhanced controls.

  1. residual risk

Answer(s): A



Fill in the blank with an appropriate section name. _________________ is a section of the SEMP template, which specifies the methods and reasoning planned to build the requisite trade-offs between functionality, performance, cost, and risk.

  1. System Analysis

Answer(s): A



You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation of Federal Information Systems?

  1. NIST Special Publication 800-59
  2. NIST Special Publication 800-37
  3. NIST Special Publication 800-60
  4. NIST Special Publication 800-53

Answer(s): B



FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed?

  1. Level 4
  2. Level 5
  3. Level 1
  4. Level 2
  5. Level 3

Answer(s): A



The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase?
Each correct answer represents a complete solution. Choose all that apply.

  1. Assessment of the Analysis Results
  2. Certification analysis
  3. Registration
  4. System development
  5. Configuring refinement of the SSAA

Answer(s): A,B,D,E



Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system?

  1. System Owner
  2. Information Systems Security Officer (ISSO)
  3. Designated Approving Authority (DAA)
  4. Chief Information Security Officer (CISO)

Answer(s): C



You work as a security engineer for BlueWell Inc. According to you, which of the following statements determines the main focus of the ISSE process?

  1. Design information systems that will meet the certification and accreditation documentation.
  2. Identify the information protection needs.
  3. Ensure information systems are designed and developed with functional relevance.
  4. Instruct systems engineers on availability, integrity, and confidentiality.

Answer(s): B



You work as a systems engineer for BlueWell Inc. You are working on translating system requirements into detailed function criteria. Which of the following diagrams will help you to show all of the function requirements and their groupings in one diagram?

  1. Activity diagram
  2. Functional flow block diagram (FFBD)
  3. Functional hierarchy diagram
  4. Timeline analysis diagram

Answer(s): C



Viewing page 5 of 28

Share your comments for ISC CISSP-ISSEP exam with other users:

S
srameh
4/14/2026 10:09:29 AM

Question 3:

  • Correct answer: Phase 4, Post Accreditation

  • Explanation:
- In DITSCAP, the four phases are: - Phase 1: Definition (concept and requirements) - Phase 2: Verification (design and testing) - Phase 3: Validation (fielding and evaluation) - Phase 4: Post Accreditation (ongoing operations and lifecycle management) - The description—continuing operation of an accredited IT system and addressing changing threats throughout its life cycle—fits the Post Accreditation phase, which covers operations, maintenance, monitoring, and reauthorization as threats and environment evolve.

France
AI Tutor 👋 I’m here to help!