Demo ISC2 CSSLP Exam Questions

The NIACAP roles are nearly the same as the DITSCAP roles. Four minimum participants (roles) are
required to perform a NIACAP security
assessment:
IS program manager: The IS program manager is the primary authorization advocate. He is
responsible for the Information Systems
(IS) throughout the life cycle of the system development.
Designated Approving Authority (DAA): The Designated Approving Authority (DAA), in the United
States Department of Defense, is the
official with the authority to formally assume responsibility for operating a system at an acceptable
level of risk.
Certification agent: The certification agent is also referred to as the certifier. He provides the
technical expertise to conduct the
certification throughout the system life cycle.
User representative: The user representative focuses on system availability, access, integrity,
functionality, performance, and
confidentiality in a Certification and Accreditation (C&A) process.
Answer D is incorrect. Information Assurance Manager (IAM) is one of the key participants in the
DIACAP process.

The demon dialing technique automatically tests every phone line in an exchange and tries to locate
modems that are attached to the
network. Information about these modems can then be used to attempt external unauthorized
access.
Answer B is incorrect. In sniffing, a protocol analyzer is used to capture data packets that are later
decoded to collect information such
as passwords or infrastructure configurations.
Answer D is incorrect. Dumpster diving technique is used for searching paper disposal areas for
unshredded or otherwise improperly
disposed-of reports.
Answer C is incorrect. Social engineering is the most commonly used technique of all, getting
information (like passwords) just by
asking for them. 

Designated Approving Authority (DAA) is also known as the accreditor.

Answer A is incorrect. The data owner (information owner) is usually a member of management, in

charge of a specific business unit,

and is ultimately responsible for the protection and use of a specific subset of information.

Answer B is incorrect. A Chief Risk Officer (CRO) is also known as Chief Risk Management Officer

(CRMO). The Chief Risk Officer or Chief

Risk Management Officer of a corporation is the executive accountable for enabling the efficient and

effective governance of significant risks,

and related opportunities, to a business and its various segments. Risks are commonly categorized as

strategic, reputational, operational,

financial, or compliance-related. CRO's are accountable to the Executive Committee and The Board

for enabling the business to balance risk

and reward. In more complex organizations, they are generally responsible for coordinating the

organization's Enterprise Risk Management

(ERM) approach. 

Answer C is incorrect. The Chief Information Officer (CIO), or Information Technology (IT) director, is 

a job title commonly given to the 

most senior executive in an enterprise responsible for the information technology and computer 

systems that support enterprise goals. The 

CIO plays the role of a leader and reports to the chief executive officer, chief operations officer, or 

chief financial officer. In military 

organizations, they report to the commanding officer.

The various MAC levels are as follows:
MAC I: It states that the systems have high availability and high integrity.
MAC II: It states that the systems have high integrity and medium availability.
MAC III: It states that the systems have basic integrity and availability.

The confidentiality service of a cryptographic system ensures that information will not be disclosed to any unauthorized person on a local network.