100% Free ISC2 ISSEP Practice Test Questions and Answers 2026

Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one?

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting sensitive, unclassified information in the systems as stated in Section 2315 of Title 10, United States Code?

Your project has several risks that may cause serious financial impact should they happen. You havestudied the risk events and made some potential risk responses for the risk events but managementwants you to do more. They'd like for you to create some type of a chart that identified the riskprobability and impact with a financial amount for each risk event. What is the likely outcome ofcreating this type of chart?

Which of the following Registration Tasks sets up the system architecture description, and describes the C&A boundary?

Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task?