FITSP-M Knowledge Check questions
with solutions
What is the main function of Step 1 in the RMF? - ANSWER Categorize the information system
and the information processed, stored, and transmitted by that system based on an impact
analysis
During which step and task are the security control weaknesses and deficiencies addressed? -
ANSWER Assess - using an POAM by the assessor
What types of remediation actions can be utilized? - ANSWER Accept
Reject
Share
Transfer
Remediate
Which document provides a policy framework for information resources management across
the Federal government? - ANSWER OMB Circular A-130 p. 58
Name an initiative to create security configuration baselines for Information Technology
products widely deployed across the federal agencies. - ANSWER US Government Configuration
Baseline (USGCB) p. 80
Agencies required to adhere to DHS' direction to report data through this automated tool. What
is a the required frequency of these data feeds? - ANSWER CyberScope - Monthly data feeds p.
78 & 97
, Which two NIST Special Publications provide management overview and risk assessment
guidance on risk management? - ANSWER SP 800-30 - Guide for Conducting Risk Assessments
SP 800-39 - Managing Information Security Risk: Organization, Mission, and Information
Systems View
P. 133
What are the four components of the new Risk Management Model? - ANSWER Frame risk
Assess risk
Respond to risk one determined
Monitor risk on an ongoing basis
P. 130
Give an example of Tier 1 risk - ANSWER Strategic Risk
Legal Risk
Compliance Risk
Financial Risk
Reputation Risk
Environment Risk
P. 149
Which phase of the SLDC should define security requirements? - ANSWER Initiation p. 140
What establishes the scope of protection for organizational information systems? - ANSWER
Something?
with solutions
What is the main function of Step 1 in the RMF? - ANSWER Categorize the information system
and the information processed, stored, and transmitted by that system based on an impact
analysis
During which step and task are the security control weaknesses and deficiencies addressed? -
ANSWER Assess - using an POAM by the assessor
What types of remediation actions can be utilized? - ANSWER Accept
Reject
Share
Transfer
Remediate
Which document provides a policy framework for information resources management across
the Federal government? - ANSWER OMB Circular A-130 p. 58
Name an initiative to create security configuration baselines for Information Technology
products widely deployed across the federal agencies. - ANSWER US Government Configuration
Baseline (USGCB) p. 80
Agencies required to adhere to DHS' direction to report data through this automated tool. What
is a the required frequency of these data feeds? - ANSWER CyberScope - Monthly data feeds p.
78 & 97
, Which two NIST Special Publications provide management overview and risk assessment
guidance on risk management? - ANSWER SP 800-30 - Guide for Conducting Risk Assessments
SP 800-39 - Managing Information Security Risk: Organization, Mission, and Information
Systems View
P. 133
What are the four components of the new Risk Management Model? - ANSWER Frame risk
Assess risk
Respond to risk one determined
Monitor risk on an ongoing basis
P. 130
Give an example of Tier 1 risk - ANSWER Strategic Risk
Legal Risk
Compliance Risk
Financial Risk
Reputation Risk
Environment Risk
P. 149
Which phase of the SLDC should define security requirements? - ANSWER Initiation p. 140
What establishes the scope of protection for organizational information systems? - ANSWER
Something?
