The ISC2 CISSP-ISSEP Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the CISSP-ISSEP certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. These study guide for the ISC2 Information Systems Security Engineering Professional will help guide you through the study process for your certification.
CISSP-ISSEP ISC2 Information Systems Security Engineering Professional Exam Summary
Exam Name: ISC2 Information Systems Security Engineering Professional
Exam Code: CISSP-ISSEP
Exam Price: $399 (USD)
Duration: 180 mins
Number of Questions: 150
Passing Score: 700/1000
Schedule Exam: Pearson VUE
Sample Questions: ISC2 CISSP-ISSEP Sample Questions
Recommended Practice: ISC2 CISSP-ISSEP Certification Practice Exam
Exam Syllabus: CISSP-ISSEP ISC2 Information Systems Security Engineering Professional (CISSP-ISSEP)
1. Identity and Access Management Architecture
- Design identity management and lifecycle
- Design access control management and lifecycle
2. Security Operations Architecture
- Determine security operation capability requirements and strategy
- Design continuous security monitoring (e.g., SIEM, insider threat, enterprise log management, cyber crime, advanced persistent threat)
- Design continuity, availability and recovery solutions
- Design security operations (e.g., interoperability, scalability, availability, supportability)
- Integrate physical security controls
- Design incident management capabilities
- Security communications and networks
3. Infrastructure Security
- Determine infrastructure security capability requirements and strategy
- Design layer 2/3 architecture (e.g., access control segmentation, out-of-band management, OSI layers)
- Secure common services (e.g., wireless, email, VoIP, unified communications)
- Architect detective, deterrent, preventative and control systems
- Architect infrastructure monitoring
- Design integrated cryptographic solutions (e.g., Public Key Infrastructure (PKI), identity system integration)
4. Architect for Governance, Compliance and Risk Management
- Architect for governance and compliance
- Design threat and risk management capabilities
- Architect security solutions for off-site data use and storage
- Operating environment (e.g., virtualization, cloud computing)
5. Security Architecture Modeling
- Identify security architecture approach (e.g., reference architectures, build guides, blueprints, patterns)
- Verify and validate design (e.g., POT, FAT, regression)
6. Architect for Application Security
- Review software development lifecycle (SDLC) integration of application security architecture (e.g., requirements traceability matrix, security architecture documentation, secure coding)
- Review application security (e.g., custom, commercial off-the-shelf (COTS), in-house cloud)
- Determine application security capability requirements and strategy (e.g., open source, cloud service providers, SaaS/IaaS providers)
- Design application cryptographic solutions (e.g., cryptographic API selection, PRNG selection, software-based key management)
- Evaluate application controls against existing threats and vulnerabilities
- Determine and establish application security approaches for all system components (mobile, web and thick client applications; proxy, application and database services)
ISC2 CISSP-ISSEP Certification Sample Questions and Answers
To make you familiar with ISC2 Information Systems Security Engineering Professional (CISSP-ISSEP) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for ISSEP CISSP-ISSEP Certification to test your understanding of ISC2 CISSP-ISSEPprocess with real ISC2 certification exam environment.
CISSP-ISSEP ISC2 Information Systems Security Engineering Professional Sample Questions:-
01. Which of the following federal laws are related to hacking activities?
(Choose three.)
a) 18 U.S.C. 1030
b) 18 U.S.C. 1029
c) 18 U.S.C. 2510
d) 18 U.S.C. 1028
02. In which of the following DIACAP phases is residual risk analyzed?
a) Phase 2
b) Phase 3
c) Phase 5
d) Phase 1
e) Phase 4
03. Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities?
a) Advisory memoranda
b) Directives
c) Instructions
d) Policies
04. Which of the following DITSCAP/NIACAP model phases is used to show the required evidence to support the DAA in accreditation process and conclude in an Approval To Operate (ATO)?
a) Verification
b) Validation
c) Post accreditation
d) Definition
05. NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews?
a) Abbreviated
b) Significant
c) Substantial
d) Comprehensive
06. Which of the following roles is also known as the accreditor?
a) Data owner
b) Chief Information Officer
c) Chief Risk Officer
d) Designated Approving Authority
07. Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense?
a) DoD 5200.22-M
b) DoD 8910.1
c) DoD 5200.40
d) DoD 8000.1
08. Which of the following is NOT an objective of the security program?
a) Security education
b) Information classification
c) Security organization
d) Security plan
09. Which of the following are the ways of sending secure e-mail messages over the Internet?
(Choose two.)
a) PGP
b) S/MIME
c) TLS
d) IPSec
10. Which of the following principles are defined by the IATF model?
(Choose two.)
a) The degree to which the security of the system, as it is defined, designed, and implemented, meets the security needs.
b) The problem space is defined by the customer's mission or business needs
c) The systems engineer and information systems security engineer define the solution space, which is driven by the problem space.
d) Always keep the problem and solution spaces separate.
Answers:-
Answer 1 :- a, b, c
Answer 2 :- e
Answer 3 :- d
Answer 4 :- b
Answer 5 :- a
Answer 6 :- d
Answer 7 :- c
Answer 8 :- d
Answer 9 :- a, b
Answer 10:- b, c, d