Questions and CORRECT Answers
Which of the following groups represents the most likely source of an asset loss through the
inappropriate use of computers?
A. Employees
B. Hackers
C. Visitors
D. Customers - CORRECT ANSWER - A. Employees
FISMA charges which one of the following agencies with the responsibility of overseeing the
security policies and practices of all agencies of the executive branch of the Federal government?
A. Office of Management and Budget (OMB)
B. National Institute of Standards and Technology (NIST)
C. National Security Agency (NSA)
D. Department of Justice - CORRECT ANSWER - A. Office of Management and Budget
(OMB)
,Which one of the following publications provides details of the monitoring security control?
A. NIST SP 800 53
B. NIST SP 800 42
C. NIST SP 800 37
D. NIST SP 800 41 - CORRECT ANSWER - C. NIST SP 800 37
Which of the following statements about Discretionary Access Control List (DACL) is true?
A. It is a list containing user accounts, groups, and computers that are allowed (or denied) access
to the object.
B. It specifies whether an audit activity should be performed when an object attempts to access a
resource.
C. It is a unique number that identifies a user, group, and computer account.
D. It is a rule list containing access control entries. - CORRECT ANSWER - A. It is a list
containing user accounts, groups, and computers that are allowed (or denied) access to the
object.
, FIPS Publication 199 defines three levels of potential impact to the compromise of
confidentiality, integrity, and availability. These levels are:
A. Minimum, Normal, Maximum
B. Low, Moderate, High
C. Unclassified, Confidential, Secret
D. Confidential, Secret, Top Secret - CORRECT ANSWER - B. Low, Moderate, High
Which of the following individuals is responsible for monitoring the information system
environment that can negatively impact the security of the system and its accreditation?
A. Chief Information Security Officer
B. Chief Information Officer
C. Chief Risk Officer
D. Information System Owner - CORRECT ANSWER - D. Information System Owner
Which of the following professionals plays the role of a monitor and takes part in the
organizations configuration management process?