The ISSEP Study Cards Answers and Question 2024
What are the activities in the ISSE per IATF App J? **** Discover Info Protection
Needs,
Define System Security Reqts,
Design System Security Architecture,
Develop Detailed Security Design,
Implement System Security,
Assess Info Protection Effectiveness,
Plan Technical Effort, Management Technical Effort
PHE are caused by what? IATF App H. **** Adversaries (malicious), or Non malicious
threat sources (accidents and nature)
What are the PNE Procedures, in order? IATF App H. **** Approaching the Customer,
Acquiring the IMM,
Least Privilege IMM,
Threat Analysis,
Customer Priorities,
Preparing the IPP,
Customer Buy-in
What does IATF Consider the five classes of attacks (IATF, Chap 1) **** Passive,
Active, Close-IN, Insider, and Distribution
"Per the IATF (Ch 2), Defense in Depth strategy is the achievement of IA requires a
balanced focus on three primary elements. What are the 3 elements?" **** People
Technology Operations
What is ISSE Activity 2 from the ISSE Master Activity and Task List? (App J) ****
Define System Security Requirements
What are the four categories of PHE? (App H) **** None, low, medium, and high.
What are the three principal aspects of the IATF strategy and what is the main focus?
(IATF, Chap 1) **** The three principle aspects of the IATF are: People, Technology
and Operations and the main focus is technology and on providing a framework for
providing overlapping layers of protection against cyber threats.
What helps to eliminate unnecessary access to information and provides a better
baseline for threat analysis? (App H) **** A least-privilege revision of the IMM.
, What is ISSE Activity 9 from the ISSE Master Activity and Task List? (App J) **** There
are only 8 Activities from the ISSE Master Activity and Task List.
Per DoD 8500.1, which MAC is beyond best practices? **** MAC II MAC II is High
Integrity, Med Availability, supports military and deployed forces, could delay services,
but tolerable short term, and beyond best practices.
Password Sniffing is what kind of Attack (IATF Ch 2) **** Passive Attack
Decrypting weakly encrypted traffic is what kind of Attack (IATF Ch 2) **** Passive
Attack
Per the IATF (CH 3) Principles, what defines the problem space? **** Defined by the
customer's mission or business needs
When identifying the Security Service Reqts in the IPP, what do the security services
include? Hint one is Access Control. (IATF App H) **** Access Control, Confidentiality,
Integrity, Availability, Nonrepudidation, Identification and Authentication, and Security
Management
What documentation could result from the PNE process? **** Project Plan/Task
Definition—prepared by the information systems security engineers and briefed to the
customer.
Customer Documentation—although optional, customer documentation further supports
the project plan and task definition with details of what is expected
MM—an initial model of the eventual information system, which embodies the important
concept of least privilege.
IPP—the latest documented set of protection needs in the form of a policy, which
represents the final result of the PNE. The policy contains a threat analysis describing
potentially harmful events and their effects. The IPP also contains a prioritized list of
needed security services.
Who is one of the principal targets for the IPP application? **** The IPP is useful to the
security architect.
What four areas employ a framework (IATF) that partitions the IA technology aspects of
information systems? (App H, Chap 1) **** Local Computing Environments,
Enclave Boundaries (around the local computing environments), Networks and
Infrastructures, and
Supporting Infrastructures.
Define three levels of potential impact on organizations or individuals should there be a
breach of security (i.e., a loss of confidentiality, integrity, or availability)? (FIPS 199) ****
Low, Moderate and High
What are the activities in the ISSE per IATF App J? **** Discover Info Protection
Needs,
Define System Security Reqts,
Design System Security Architecture,
Develop Detailed Security Design,
Implement System Security,
Assess Info Protection Effectiveness,
Plan Technical Effort, Management Technical Effort
PHE are caused by what? IATF App H. **** Adversaries (malicious), or Non malicious
threat sources (accidents and nature)
What are the PNE Procedures, in order? IATF App H. **** Approaching the Customer,
Acquiring the IMM,
Least Privilege IMM,
Threat Analysis,
Customer Priorities,
Preparing the IPP,
Customer Buy-in
What does IATF Consider the five classes of attacks (IATF, Chap 1) **** Passive,
Active, Close-IN, Insider, and Distribution
"Per the IATF (Ch 2), Defense in Depth strategy is the achievement of IA requires a
balanced focus on three primary elements. What are the 3 elements?" **** People
Technology Operations
What is ISSE Activity 2 from the ISSE Master Activity and Task List? (App J) ****
Define System Security Requirements
What are the four categories of PHE? (App H) **** None, low, medium, and high.
What are the three principal aspects of the IATF strategy and what is the main focus?
(IATF, Chap 1) **** The three principle aspects of the IATF are: People, Technology
and Operations and the main focus is technology and on providing a framework for
providing overlapping layers of protection against cyber threats.
What helps to eliminate unnecessary access to information and provides a better
baseline for threat analysis? (App H) **** A least-privilege revision of the IMM.
, What is ISSE Activity 9 from the ISSE Master Activity and Task List? (App J) **** There
are only 8 Activities from the ISSE Master Activity and Task List.
Per DoD 8500.1, which MAC is beyond best practices? **** MAC II MAC II is High
Integrity, Med Availability, supports military and deployed forces, could delay services,
but tolerable short term, and beyond best practices.
Password Sniffing is what kind of Attack (IATF Ch 2) **** Passive Attack
Decrypting weakly encrypted traffic is what kind of Attack (IATF Ch 2) **** Passive
Attack
Per the IATF (CH 3) Principles, what defines the problem space? **** Defined by the
customer's mission or business needs
When identifying the Security Service Reqts in the IPP, what do the security services
include? Hint one is Access Control. (IATF App H) **** Access Control, Confidentiality,
Integrity, Availability, Nonrepudidation, Identification and Authentication, and Security
Management
What documentation could result from the PNE process? **** Project Plan/Task
Definition—prepared by the information systems security engineers and briefed to the
customer.
Customer Documentation—although optional, customer documentation further supports
the project plan and task definition with details of what is expected
MM—an initial model of the eventual information system, which embodies the important
concept of least privilege.
IPP—the latest documented set of protection needs in the form of a policy, which
represents the final result of the PNE. The policy contains a threat analysis describing
potentially harmful events and their effects. The IPP also contains a prioritized list of
needed security services.
Who is one of the principal targets for the IPP application? **** The IPP is useful to the
security architect.
What four areas employ a framework (IATF) that partitions the IA technology aspects of
information systems? (App H, Chap 1) **** Local Computing Environments,
Enclave Boundaries (around the local computing environments), Networks and
Infrastructures, and
Supporting Infrastructures.
Define three levels of potential impact on organizations or individuals should there be a
breach of security (i.e., a loss of confidentiality, integrity, or availability)? (FIPS 199) ****
Low, Moderate and High
