100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
The ISSEP Study Cards Questions And Accurate Answers $9.99   Add to cart

Exam (elaborations)

The ISSEP Study Cards Questions And Accurate Answers

 0 view  0 purchase
  • Course
  • The ISSEP Study Cards
  • Institution
  • The ISSEP Study Cards

The ISSEP Study Cards Questions And Accurate Answers...

Preview 3 out of 16  pages

  • November 1, 2024
  • 16
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • The ISSEP Study Cards
  • The ISSEP Study Cards
avatar-seller
Easton
The ISSEP Study Cards Questions And
Accurate Answers


What are the activities in the ISSE per IATF App J? - Answer Identify Info Protection
Requirements,

Establish System Security Reqs,

System Security Architecture,

Detailed Security Design,

Implement System Security,

Info Protection Assurance,

Develop Technical Plan, Manage Technical Work



PHE are caused by what? IATF App H. - Answer Adversaries, or Non malicious threat
sources accounts for accidents and nature



What, in order, are the PNE Procedures? IATF App H. - Answer Approach the Customer,

Acquire the IMM,

Least Privilege IMM,

Threat Analysis,

Customer Priorities,

Prepare the IPP,

Customer Buy-in



What does IATF Consider the five classes of attacks (IATF, Chap 1) - Answer Passive,
Active, Close-IN, Insider, and Distribution

,"Per the IATF (Ch 2), Defense in Depth strategy is the achievement of IA requires a
balanced focus on three primary elements. What are the 3 elements?" - Answer People
Technology Operations



What is ISSE Activity 2 from the ISSE Master Activity and Task List? (App J) - Answer
Define System Security Requirements



What are the four categories of PHE? (App H) - Answer None, low, medium, and high.



What are the three principal aspects of IATF strategy and what is the main focus? (IATF,
Chap 1) -Answer The three principle aspects of the IATF are: People, Technology and
Operations and the main focus is technology and on providing a framework for
providing overlapping layers of protection against cyber threats.



Which one eliminates superfluous access to information and gives a far better baseline
for threat analysis? (App H) - A least privilege revision of the IMM.

What is ISSE Activity 9 from the ISSE Master Activity and Task List? (App J) - There are
only 8 Activities from the ISSE Master Activity and Task List.



Per DoD 8500.1, which MAC is beyond best practices? - Answer MAC II MAC II is High
Integrity, Med Availability, supports military and deployed forces, could delay services,
but tolerable short term, and beyond best practices.



Password Sniffing is what kind of Attack (IATF Ch 2) - Answer Passive Attack



Decrypting weakly encrypted traffic is what kind of Attack (IATF Ch 2) - Answer Passive
Attack



Per the IATF (CH 3) Principles, what defines the problem space? - Answer Defined by
the customer's mission or business needs



When identifying the Security Service Reqts in the IPP what do the security services

, include? Hint one is Access Control. (IATF App H) - Answer Access Control,
Confidentiality, Integrity, Availability, Nonrepudidation, Identification and
Authentication, and Security Management



What are some of the documentation that may be produced through the PNE process? -
Solution Project Plan/Task Definition—produced by the information systems security
engineers and briefed to the customer.

Customer Documentation—optional, but customer documentation further supports the
project plan and task definition with details of what is expected

MM—an initial model of the eventual information system, which embodies the important
concept of least privilege.

IPP-the most recent documented set of protection needs in the form of a policy, which is
the last result of the PNE, the policy contains a threat analysis-it describes potentially
harmful events and their effects. The IPP also contains a list of the needed security
services prioritized.



Who is one of the major targets for the application of the IPP?-Answer The IPP is useful
to the security architect.



What four areas use a framework, IATF that breaks up the IA technology aspects of
information systems? App H, Chap 1)

Local Computing Environments,

Enclave Boundaries (around the local computing environments), Networks and
Infrastructures, and

Supporting Infrastructures.

Define three levels of potential impact on organizations or individuals should there be a
breach of security i.e. a loss of confidentiality, integrity or availability? FIPS 199

Low, Moderate and High



FIPS 200 Organizations shall implement the minimum security requirements of this
standard by selecting the applicable security controls and assurance requirements
defined in NIST Special Publication 800-53, Recommended Security Controls for Federal
Information Systems. - Answer FIPS 200

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Easton. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $9.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

82871 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$9.99
  • (0)
  Add to cart