FITSP - Auditor Questions Newest 2026-2027 Actual Exam
With Complete Questions And Correct Detailed Answers
(Verified Answers) |Already Graded A+
The following OMB memo announced implementation of commonly
accepted security configurations for windows operating systems.
a) M-07-18
b) M-09-32
c) M-10-28
d) M-07-11 - ANSWER-M-07-11
With the publication of OMB M-14-04, Fiscal Year 2013 Reporting
Instructions for FISMA and Agency Privacy Management, the signatures
of the following two
individuals on the ATO are required to authorize a new information
system to operate
(select two):
a) CISO
b) CIO
c) AO
d) SAOP - ANSWER-AO and SAOP
pg. 1
,The FISCAM control hierarchy consists of all of the following
EXCEPT:
a) Control activities
b) Control objectives
c) Critical elements
d) Control categories - ANSWER-Control objectives
FISCAM recommends using the independence standards in the
determine the auditor's independence in an agency FISMA
audit/evaluation.
a) White Book
b) Orange Book
c) Yellow Book
d) Green Book - ANSWER-Yellow Book
Which law gave OMB the authority to define policies for US
Government Agencies? - ANSWER-Paperwork Reduction Act (PRA) -
Granted OMB the responsibility to develop
Government-wide policies to help other federal agencies comply with
the congressional
mandates.
Which law assigned responsibilities to NIST for creating standards and
guidelines relating to securing
pg. 2
,Federal Information Systems? - ANSWER-Computer Security Act
(CSA) & Federal Information Security Management Act(FISMA) -
Delegated responsibility to NIST and the NSA to create standards and
guidelines to
help federal agencies comply with congressional mandates.
Which OMB program provides a structure for Agencies to identify
business processes? - ANSWER-Federal Enterprise Architecture
Business Reference Model (FEA BRM) provides a structure for
Agencies to identify business processes.
Which document provides a policy framework for information resources
management across the Federal government? - ANSWER-OMB Circular
A-130
Which OMB memo requires that agencies safeguard against and respond
to breaches of personally identifiable information? - ANSWER-OMB
M-07-16
Name an initiative to create security configuration baselines for
Information Technology products widely deployed across the federal
agencies. - ANSWER-U.S. Government Configuration Baseline
(USGCB)
pg. 3
, Agencies are required to adhere to DHS' direction to report data through
this automated reporting tool. What is the required frequency of these
data feeds? - ANSWER-CyberScope; Monthly for CFO Agencies
What elements are components of an information system?
a) Hardware and software
b) Interconnected systems
c) People
d) All of the above - ANSWER-All of the above
What are some of the threats that the information system faces?
a) Environmental disruptions
b) Human errors
c) Cyber-attacks
d) All of the above - ANSWER-All of the above
During what phase of the SDLC should the organization consider the
security
requirements (mark all that apply)?
a) Initiation Phase/Development/Acquisition Phase
b) Implementation Phase
c) Operation/Maintenance Phase
pg. 4
With Complete Questions And Correct Detailed Answers
(Verified Answers) |Already Graded A+
The following OMB memo announced implementation of commonly
accepted security configurations for windows operating systems.
a) M-07-18
b) M-09-32
c) M-10-28
d) M-07-11 - ANSWER-M-07-11
With the publication of OMB M-14-04, Fiscal Year 2013 Reporting
Instructions for FISMA and Agency Privacy Management, the signatures
of the following two
individuals on the ATO are required to authorize a new information
system to operate
(select two):
a) CISO
b) CIO
c) AO
d) SAOP - ANSWER-AO and SAOP
pg. 1
,The FISCAM control hierarchy consists of all of the following
EXCEPT:
a) Control activities
b) Control objectives
c) Critical elements
d) Control categories - ANSWER-Control objectives
FISCAM recommends using the independence standards in the
determine the auditor's independence in an agency FISMA
audit/evaluation.
a) White Book
b) Orange Book
c) Yellow Book
d) Green Book - ANSWER-Yellow Book
Which law gave OMB the authority to define policies for US
Government Agencies? - ANSWER-Paperwork Reduction Act (PRA) -
Granted OMB the responsibility to develop
Government-wide policies to help other federal agencies comply with
the congressional
mandates.
Which law assigned responsibilities to NIST for creating standards and
guidelines relating to securing
pg. 2
,Federal Information Systems? - ANSWER-Computer Security Act
(CSA) & Federal Information Security Management Act(FISMA) -
Delegated responsibility to NIST and the NSA to create standards and
guidelines to
help federal agencies comply with congressional mandates.
Which OMB program provides a structure for Agencies to identify
business processes? - ANSWER-Federal Enterprise Architecture
Business Reference Model (FEA BRM) provides a structure for
Agencies to identify business processes.
Which document provides a policy framework for information resources
management across the Federal government? - ANSWER-OMB Circular
A-130
Which OMB memo requires that agencies safeguard against and respond
to breaches of personally identifiable information? - ANSWER-OMB
M-07-16
Name an initiative to create security configuration baselines for
Information Technology products widely deployed across the federal
agencies. - ANSWER-U.S. Government Configuration Baseline
(USGCB)
pg. 3
, Agencies are required to adhere to DHS' direction to report data through
this automated reporting tool. What is the required frequency of these
data feeds? - ANSWER-CyberScope; Monthly for CFO Agencies
What elements are components of an information system?
a) Hardware and software
b) Interconnected systems
c) People
d) All of the above - ANSWER-All of the above
What are some of the threats that the information system faces?
a) Environmental disruptions
b) Human errors
c) Cyber-attacks
d) All of the above - ANSWER-All of the above
During what phase of the SDLC should the organization consider the
security
requirements (mark all that apply)?
a) Initiation Phase/Development/Acquisition Phase
b) Implementation Phase
c) Operation/Maintenance Phase
pg. 4
