CISSP PRACTICE QUESTIONS – 20190830

CISSP Practice Questions-red

  1. Your company is engineering an information system to support the new business of selling toys online. As a security professional, you recommend following the ISO/IEC/IEEE 15288 standard (Systems and software engineering – System life cycle processes) to ensure the use of secure information system development processes. You also emphasize that “Information Management” is one of the most critical processes. To which of the following process families does the “Information Management” belong?
    A. Agreement Processes
    B. Organizational Project-Enabling Processes
    C. Technical Management Processes
    D. Technical Processes
  2. Your company is engineering an information system to support the new business of selling toys online. As a security professional, in which phase should you ensure the use of secure information system development processes according to the System Development Life Cycle (SDLC) from the National Institute of Standards and Technology (NIST)?
    A. Initiation
    B. Development/Acquisition
    C. Implementation/Assessment
    D. Operations and Maintenance

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answers are as follows:
1. C. Technical Management Processes
2. A. Initiation

QUESTION #1

ISO 15288 - System Life Cycle Processes

QUESTION #2

SDLC

NIST SP 800-64 R2

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s