FITSP - Manager, Next Generation Exam Questions and
Answers |Fall 2025/2026 Update | 100% Correct
Question 1
_______________________ is typically defined in terms of the security features,
functions, mechanisms, services, procedures, and architectures implemented within organizational information systems or
the environments in which those systems operate.
Correct Answer
Security Functionality
Question 2
Vulnerability and Patch Management, Event and Incident Management, and Malware Detection are all examples of which
of the following?
Correct Answer
Security Automation Domains
Question 3
If the interconnecting systems have the same authorizing official, an Interconnection Security Agreement is not required.
True or False?
Correct Answer
True
Page 1 of 41
,Question 4
With Cryptographic Services, what are the 4 basic security services?
Correct Answer
Data integrity,
Confidentiality,
Identification and authentication,
Non-repudiation
Question 5
The information Security Guide for Government Executives provides an overview of information security program concepts
to help investors understand the implementation of security programs.
Correct Answer
False (assists senior leaders)
Question 6
Applying the first three steps in the RMF to legacy systems can be viewed as a ____________________________ to determine if
the necessary and sufficient security controls have been appropriately selected and allocated.
Correct Answer
Gap Analysis
Page 2 of 41
,Question 7
The importance of the security categorization process is reiterated in which of the following controls:
Correct Answer
PM-11 Mission/Business Process Definition
Question 8
How many layers of Encryption standards are defined by FIPS?
Correct Answer
Four
Question 9
What is the first step of the ISCM process?
Correct Answer
Define an ISCM strategy
Question 10
Are NIST interagency and internal reports released for public review and comments?
Correct Answer
Yes
Page 3 of 41
, Question 11
NIST Internal reports are prefixed with an "IR" document number.
Correct Answer
True
Question 12
Which FEA reference model was used to create the guide for mapping information types to security categories, in support
of the first step of the RMF?
Correct Answer
OMB business 800-60
Question 13
What FIPS publication (focusing on AES) specifies the Rijndael algorithm, a symmetric block cipher that can process data
blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits?
Correct Answer
FIPS 197
Question 14
All of the following are examples of causation factors that contribute to poor security control implementation and
effectiveness, EXCEPT:
Correct Answer
Training-lack of appropriate training for the personnel installing, administering, maintaining, or using the systems
Page 4 of 41
Answers |Fall 2025/2026 Update | 100% Correct
Question 1
_______________________ is typically defined in terms of the security features,
functions, mechanisms, services, procedures, and architectures implemented within organizational information systems or
the environments in which those systems operate.
Correct Answer
Security Functionality
Question 2
Vulnerability and Patch Management, Event and Incident Management, and Malware Detection are all examples of which
of the following?
Correct Answer
Security Automation Domains
Question 3
If the interconnecting systems have the same authorizing official, an Interconnection Security Agreement is not required.
True or False?
Correct Answer
True
Page 1 of 41
,Question 4
With Cryptographic Services, what are the 4 basic security services?
Correct Answer
Data integrity,
Confidentiality,
Identification and authentication,
Non-repudiation
Question 5
The information Security Guide for Government Executives provides an overview of information security program concepts
to help investors understand the implementation of security programs.
Correct Answer
False (assists senior leaders)
Question 6
Applying the first three steps in the RMF to legacy systems can be viewed as a ____________________________ to determine if
the necessary and sufficient security controls have been appropriately selected and allocated.
Correct Answer
Gap Analysis
Page 2 of 41
,Question 7
The importance of the security categorization process is reiterated in which of the following controls:
Correct Answer
PM-11 Mission/Business Process Definition
Question 8
How many layers of Encryption standards are defined by FIPS?
Correct Answer
Four
Question 9
What is the first step of the ISCM process?
Correct Answer
Define an ISCM strategy
Question 10
Are NIST interagency and internal reports released for public review and comments?
Correct Answer
Yes
Page 3 of 41
, Question 11
NIST Internal reports are prefixed with an "IR" document number.
Correct Answer
True
Question 12
Which FEA reference model was used to create the guide for mapping information types to security categories, in support
of the first step of the RMF?
Correct Answer
OMB business 800-60
Question 13
What FIPS publication (focusing on AES) specifies the Rijndael algorithm, a symmetric block cipher that can process data
blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits?
Correct Answer
FIPS 197
Question 14
All of the following are examples of causation factors that contribute to poor security control implementation and
effectiveness, EXCEPT:
Correct Answer
Training-lack of appropriate training for the personnel installing, administering, maintaining, or using the systems
Page 4 of 41
