CISSP PRACTICE QUESTIONS – 20190830

CISSP Practice Questions-red

  1. Your company is engineering an information system to support the new business of selling toys online. As a security professional, you recommend following the ISO/IEC/IEEE 15288 standard (Systems and software engineering – System life cycle processes) to ensure the use of secure information system development processes. You also emphasize that “Information Management” is one of the most critical processes. To which of the following process families does the “Information Management” belong?
    A. Agreement Processes
    B. Organizational Project-Enabling Processes
    C. Technical Management Processes
    D. Technical Processes
  2. Your company is engineering an information system to support the new business of selling toys online. As a security professional, in which phase should you ensure the use of secure information system development processes according to the System Development Life Cycle (SDLC) from the National Institute of Standards and Technology (NIST)?
    A. Initiation
    B. Development/Acquisition
    C. Implementation/Assessment
    D. Operations and Maintenance

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answers are as follows:
1. C. Technical Management Processes
2. A. Initiation

QUESTION #1

QUESTION #2

NIST SP 800-64 R2

Leave a Reply