This article offers you a solid foundation for the Certified Information Systems Security Professional (CISSP) exam. This article is designed for readers and students who want to study for the CISSP certification exam.
The CISSP exam is governed by the International Information Systems Security Certification Consortium, Inc. (ISC)2 organization.
- CISSP – MCQ – Security Management Practices
- CISSP – MCQ – Access Control Systems
- CISSP – MCQ – Telecommunications and Network Security
- CISSP – MCQ – Cryptography
- CISSP – MCQ – Security Architecture and models
- CISSP – MCQ – Operations Security
- CISSP – MCQ – Applications and Systems Development
- CISSP – MCQ – Business Continuity Planning and Disaster Recovery Planning
- CISSP – MCQ – Law, Investigation and Ethics
- CISSP – MCQ – Physical Security
- CISSP – MCQ – Systems Security Engineering
- CISSP – MCQ – Certification and Accreditation
- CISSP – MCQ – Technical Management
- CISSP – MCQ – U.S. Government Information Assurance (IA) Regulations
(ISC)2 is a global not-for-profit organization. It has four primary mission goals:
- Maintain the Common Body of Knowledge for the field of information systems security
- Provide certification for information systems security professionals and practitioners
- Conduct certification training and administer the certification exams
- Oversee the ongoing accreditation of qualified certification candidates through continued education
In this article, all the questions are related to “Systems Security Engineering” and are as follows:
1) Which statement about the SSE-CMM is incorrect?
- The SSE-CMM defines two dimensions that are used to measure the capability of an organization to perform specific activities.
- The domain dimension consists of all of the practices that collectively define security engineering.
- The domain dimension represents practices that indicate process management and institutionalization capability.
- The capability dimension represents practices that indicate process management and institutionalization capability.
2) Which description of the SSE-CMM level is 5 Generic Practice is correct?
- Planned and Tracked
- Continuously Improving
- Quantitatively Controlled
- Performed Informally
3) Which statement about testing and evaluation is NOT true?
- A TEMP is required for most large programs.
- A DT&E is equivalent to Analytical, Type 1, and Type 2 testing.
- A OT&E is equivalent to Type 5 and Type 6 testing.
- A OT&E is equivalent to Type 3 and Type 4 testing.
4) Which attribute about the Level 1 SSE-CMM Generic Practice is correct?
- Performed Informally
- Planned and Tracked
- Well Defined
- Continuously Improving
5) Which choice below is NOT a true statement about good cost control?
- Cost control starts with the initiation of corrective action.
- Cost control requires good overall cost management.
- Cost control requires immediate initiation of corrective action.
- Cost control starts with the initial development of cost estimates for the program.
6) Which statement about the SE-CMM is NOT correct?
- The SE-CMM describes the essential elements of an organization’s systems engineering process that must exist in order to ensure good systems engineering.
- The SE-CMM provides a reference to compare existing systems engineering practices against the essential systems engineering elements described in the model.
- The SE-CMM goal is to Improve the system-or product-engineering process.
- The SE-CMM was created to define, improve, and assess security engineering capability.
7) Which statement about system security testing and evaluation (ST&E) categories is correct?
- Type 1 testing is performed during the latter stages of the detail design and development phase.
- Type 2 testing is design evaluation conducted early in the system life cycle.
- Type 3 testing is performed during the latter stages of the detail design and development phase.
- Type 4 testing is conducted during the system operational use and life cycle support phase.
8) Which choice is NOT an activity in the cost control process?
- Identifying potential suppliers
- Developing a functional cost data collection capability
- Developing the costs as estimated for each task
- Creating a procedure for cost evaluation
9) Which choice does NOT describe a common outsourcing activity?
- Review of proposals
- Develop a functional cost reporting capability
- Contract negotiation
- Development of an RFP
10) Which choice is NOT an accurate description of an activity level of the WBS?
- Level 1 may be used as the basis for the authorization of the program work.
- Program budgets are usually prepared at level 1
- Level 2 identifies the various projects that must be completed.
- Program schedules are generally prepared at level 3.
11) Which choice below is NOT a phase in the IDEAL model?
- Authorizing
- Learning
- Diagnosing
- Establishing
12) Which choice below best describes systems engineering, as defined in the SSE-CMM?
- An integrated composite of people, products, and processes that provides a capability to satisfy a need or objective.
- The selective application of scientific and engineering efforts to integrate the efforts of all engineering disciplines and specialties into the total engineering effort.
- A narrative description of the work required for a given project.
- The contracting with one or more outside suppliers for the procurement and acquisition of materials and services.
13) Which choice below is NOT a benefit of the WBS?
- The WBS facilitates the initial allocation of budgets.
- The WBS facilitates the collection and reporting of costs.
- The system can easily be described through the logical breakout of its elements into work packages.
- The WBS integrates the efforts of all engineering disciplines and specialties into the total engineering effort.
14) Which choice is NOT an element of the Statement of Work (SOW)?
- An identification of the input requirements from other tasks.
- A description of specific result to be achieved.
- Management of security awareness, training, and education programs.
- A proposed schedule for delivery of the product
15) Which statement below best describes the difference between a Type 1 testing and evaluation category and a Type 2 category?
- Type 1 testing is the evaluation of system components in the laboratory, designed to verify performance and physical characteristics.
- Type 2 testing is the evaluation of system components in the laboratory, designed to verify performance and physical characteristics.
- Type 1 testing establishes design evaluations conducted early in the system life cycle.
- Type 2 testing is conducted after initial system qualification and prior to the completion of the production or construction phase.
16) Which choice has the outsourcing activities listed in their proper order?
- Review and evaluation of supplier proposals, supplier monitoring and control, development of a Request For Proposal (RFP), and selection of suppliers.
- Development of a Request For Proposal (RP), review and evaluation of supplier proposals, supplier monitoring and control, and selection of suppliers.
- Development of a Request For Proposal (RFP), review and evaluation of supplier proposals, selection of suppliers, and supplier monitoring and control.
- Review and evaluation of supplier proposals, selection of suppliers, development of a Request For Proposals (RFP), and supplier monitoring and control.
17) Which answer BEST describes a Statement of Work (SOW)?
- A narrative description of the work required for a given project.
- An integrated composite of people, products, and processes that provides a capability to satisfy a need or objective.
- The contracting with one or more outside suppliers for the procurement and acquisition of materials and services.
- The development of a functional cost reporting capability.
18) Which statement about SSE-CMM Base Practices is correct?
- BPs are mandatory characteristics that must exist within an implemented security engineering process before an organization can claim satisfaction in a given PA.
- BPs are ordered in degrees of maturity and are grouped to form and distinguish among five levels of security engineering maturity.
- BPs are ordered in degrees of maturity and are grouped to form and distinguish among 22 levels of security engineering maturity.
- BPs are optical characteristics that must exist within an implemented security engineering process before an organization can claim satisfaction in a given PA.
19) As per the SE-CMM, which statement defining a system is incorrect?
- An interacting combination of elements that are viewed in relation to function.
- A continuous cycle of evaluating the current status of an organization, making improvements, and repeating the cycle.
- An assembly of things or parts forming a complex or unitary whole.
- An integrated composite of people, products, and processes that provides a capability to satisfy a need or objective.
20) Which choice below best describes the purpose of the Learning phase of the IDEAL model?
- The Learning phase is the implementation phase and requires the greatest level of effort of all the phases both in terms of resources and time.
- The Learning phase is both the final stage of the initial process improvement cycle and the initial phase of the next process improvement effort.
- In the Learning phase, it is imperative that an understanding of the organization’s current and desired future state of process maturity be established.
- In the Learning phase, a detailed plan of action based on the goals of the effort and the recommendations developed during the Diagnosing phase is developed.
21) Which statement about the System Engineering Management Plan (SEMP) is NOT true?
- Development program planning and control is a SEMP element.
- The goal of SEMP is to establish a continuous cycle of evaluating the current status of the organization.
- The SEMP contains detailed statements of how the systems security engineering functions are to be carried out during development.
- The security systems engineering process is a SEMP element.
22) Which choice has the correct order of activities in the IDEAL model?
- Learning, Initiating, Diagnosing, Establishing, and Acting
- Initiating, Learning, Diagnosing, Establishing, and Acting
- Learning, Diagnosing, Initiating, Establishing, and Acting
- Initiating, Diagnosing, Establishing, Acting and Learning
23) Which choice is an incorrect statement regarding the Systems Engineering Management Plan (SEMP)?
- The SEMP covers all management functions associated with the performance of security systems engineering activities for a given program.
- It starts as an outline and is updated as the security system development process goes on.
- It contains detailed statements of how the systems security engineering functions are to be carried out during development.
- The SEMP is a static document, intended to remain unchanged.
24) Which choice best describes an outsourced supplier?
- A broad class of external organizations that provide products, components, materials, and/or services to a producer or prime contractor.
- An interacting combination of elements that are viewed in relation to function.
- An integrated composite of people, products, and processes that provides a capability to satisfy a need or objective.
- Practices that indicate process management and Institutionalization capability.
25) Which statement below best describes the main premise of process improvement?
- Major changes must be sponsored by senior management.
- The quality of services produced is a direct function of the quality of the associated development and maintenance processes.
- Focus on fixing the process, not assigning blame.
- All suppliers must be security vetted prior to contracting.
26) What is the main purpose of the Work Breakdown Structure (WBS)?
- It creates a hierarchical tree of work packages.
- It may be a contractual requirement in competitive bid system developments.
- It ensures the authorization for the program work.
- It ensures that all essential tasks are properly defined, assigned, scheduled, and controlled.
27) Which choice is not an activity in the Development Program Planning and Control element of the SEMP?
- System Test and Evaluation Strategy
- Scheduling and Cost Estimation
- Technical Performance Measurement
- Statement of Work
28) At what point in the project is the Work Breakdown Structure (WBS) usually created?
- After the generation of the SOW and the identification of the organizational structure.
- After the development of a functional cost data collection and reporting capability.
- After the costs for each task are estimated.
- After the development of an RFP but before the identification of the organizational structure.
29) Which choice accurately lists the five levels of security engineering maturity as defined by the SSE-CMM?
- Planned and Tracked, Well Defined, Performed Informally, Quantitatively controlled, and continuously Improving.
- Planned and Tracked, Performed Informally, Well Defined, Quantitatively Controlled, and Continuously Improving.
- Performed Informally, Planned and Tracked, Well Defined, Quantitatively Controlled, and Continuously Improving.
- Performed Informally, Planned and Tracked, Quantitatively Controlled, Well Defined, and Continuously Improving.
30) Which choice has the correct order of activities in the security system design testing process?
- Acquisition, Testing, Analysis, Planning, and Correction.
- Acquisition, Planning, Testing, Analysis, and Correction.
- Planning, Analysis, Testing, Acquisition, and Correction.
- Planning, Acquisition, Testing, Analysis, and Correction.
- Top 30 Linux Questions (MCQs) with Answers and Explanations
- 75 Important Cybersecurity Questions (MCQs with Answers)
- 260 One-Liner Information Security Questions and Answers for Fast Learning
- Top 20 HTML5 Interview Questions with Answers
- 80 Most Important Network Fundamentals Questions With Answers
- 100 Most Important SOC Analyst Interview Questions
- Top 40 Cyber Security Questions and Answers
- Top 10 React JS Interview Theory Questions and Answers
- CISSP – Practice Test Questions – 2024 – Set 20 (53 Questions)
- Part 2: Exploring Deeper into CCNA – Wireless (145 Practice Test Questions)