FITSP - Manager Next Generation Questions Newest Actual Exam With Complete
Questions And Correct Detailed Answers (Verified Answers) |Already Graded A+
The following legislation requires federal agencies to develop, document and implement an
agency-wide information security program: - (Correct Answer)-FISMA
The following legislation requires each agency with an Inspector General to conduct an annual
evaluation of agency's information security program, or to appoint an independent external
auditor, to conduct the evaluation on their behalf - (Correct Answer)-E-Government Act of 2002,
Section 208
The following OMB guidance established the requirement for federal agencies to review the
security controls in each system when significant modifications are made to the system, or at
least every three years. This guidance also requires federal agencies to re-authorize information
systems every three years - (Correct Answer)-OMB Circular No. A-130, Appendix III, Security
of Federal Automated Information Resources
The Federal Information Security Modernization Act of 2014 (FISMA 2014) formally assigns
information security responsibilities to which of the following agencies/departments (select two):
- (Correct Answer)-DHS and OMB
Current regulations still require the re-authorization of federal information systems at least every
three years. - (Correct Answer)-True
The following OMB guidance established the requirement for federal agencies to review the
security controls in each system when significant modifications are made to the system, but at
least every three years. This guidance also requires federal agencies to re-authorize information
systems every three years. - (Correct Answer)-OMB Circular No. A-130, Appendix III, Security
of Federal Automated Information Resources
, 2
As part of monitoring the security posture of agency desktops, OMB requires federal agencies to
use vulnerability scanning tools that leverage the ________ protocol. - (Correct Answer)-SCAP
Following the loss of 26 million records containing PII at the Department of Veteran Affairs,
OMB released M-06-16 Protection of Sensitive Agency Information. This memo required all of
the following EXCEPT: - (Correct Answer)-Encryption of all server backup tapes
This Homeland Security Presidential Directive requires all federal agencies to adopt a standard,
government wide card to reduce identity fraud, protect personal privacy, and provide for
authentication. This directive was called: - (Correct Answer)-HSPD-12 - Common Identification
Standard
Current regulations still require the re-authorization of federal information systems at least every
three years. - (Correct Answer)-True
What elements are components of an information system? - (Correct Answer)-Hardware and
software, Interconnected systems, People
What is the main consideration in determining the scope of authorization for information
systems? - (Correct Answer)-System Boundaries
Which approach involves continually balancing the protection of agency information and assets
with the cost of security controls and mitigation strategies? - (Correct Answer)-Risk
Management Approach
, 3
What establishes the scope of protection for organizational information systems? - (Correct
Answer)-System Boundaries
List the 7 steps of the RMF process? - (Correct Answer)-Prepare, Categorize, Select, Implement,
Assess, Authorize, Monitor
During what phase of the SDLC should the organization consider the security requirements? -
(Correct Answer)-Initiation Phase / Development / Acquisition Phase
Security Reauthorizations are conducted during which phase of the SDLC? - (Correct Answer)-
Operations/Maintenance
What NIST Special Publication superseded the original Special Publication 800-30 as the
primary source for guidance on risk management? - (Correct Answer)-SP 800-39
Applying the first three steps in the RMF to legacy systems can be viewed as a
____________________________ to determine if the necessary and sufficient security controls
have been appropriately selected and allocated. - (Correct Answer)-Gap Analysis
Which of the following is not a key document to be updated as part of ISCM? - (Correct
Answer)-SCAP
Security status reporting is: - (Correct Answer)-Event driven, Time driven
Questions And Correct Detailed Answers (Verified Answers) |Already Graded A+
The following legislation requires federal agencies to develop, document and implement an
agency-wide information security program: - (Correct Answer)-FISMA
The following legislation requires each agency with an Inspector General to conduct an annual
evaluation of agency's information security program, or to appoint an independent external
auditor, to conduct the evaluation on their behalf - (Correct Answer)-E-Government Act of 2002,
Section 208
The following OMB guidance established the requirement for federal agencies to review the
security controls in each system when significant modifications are made to the system, or at
least every three years. This guidance also requires federal agencies to re-authorize information
systems every three years - (Correct Answer)-OMB Circular No. A-130, Appendix III, Security
of Federal Automated Information Resources
The Federal Information Security Modernization Act of 2014 (FISMA 2014) formally assigns
information security responsibilities to which of the following agencies/departments (select two):
- (Correct Answer)-DHS and OMB
Current regulations still require the re-authorization of federal information systems at least every
three years. - (Correct Answer)-True
The following OMB guidance established the requirement for federal agencies to review the
security controls in each system when significant modifications are made to the system, but at
least every three years. This guidance also requires federal agencies to re-authorize information
systems every three years. - (Correct Answer)-OMB Circular No. A-130, Appendix III, Security
of Federal Automated Information Resources
, 2
As part of monitoring the security posture of agency desktops, OMB requires federal agencies to
use vulnerability scanning tools that leverage the ________ protocol. - (Correct Answer)-SCAP
Following the loss of 26 million records containing PII at the Department of Veteran Affairs,
OMB released M-06-16 Protection of Sensitive Agency Information. This memo required all of
the following EXCEPT: - (Correct Answer)-Encryption of all server backup tapes
This Homeland Security Presidential Directive requires all federal agencies to adopt a standard,
government wide card to reduce identity fraud, protect personal privacy, and provide for
authentication. This directive was called: - (Correct Answer)-HSPD-12 - Common Identification
Standard
Current regulations still require the re-authorization of federal information systems at least every
three years. - (Correct Answer)-True
What elements are components of an information system? - (Correct Answer)-Hardware and
software, Interconnected systems, People
What is the main consideration in determining the scope of authorization for information
systems? - (Correct Answer)-System Boundaries
Which approach involves continually balancing the protection of agency information and assets
with the cost of security controls and mitigation strategies? - (Correct Answer)-Risk
Management Approach
, 3
What establishes the scope of protection for organizational information systems? - (Correct
Answer)-System Boundaries
List the 7 steps of the RMF process? - (Correct Answer)-Prepare, Categorize, Select, Implement,
Assess, Authorize, Monitor
During what phase of the SDLC should the organization consider the security requirements? -
(Correct Answer)-Initiation Phase / Development / Acquisition Phase
Security Reauthorizations are conducted during which phase of the SDLC? - (Correct Answer)-
Operations/Maintenance
What NIST Special Publication superseded the original Special Publication 800-30 as the
primary source for guidance on risk management? - (Correct Answer)-SP 800-39
Applying the first three steps in the RMF to legacy systems can be viewed as a
____________________________ to determine if the necessary and sufficient security controls
have been appropriately selected and allocated. - (Correct Answer)-Gap Analysis
Which of the following is not a key document to be updated as part of ISCM? - (Correct
Answer)-SCAP
Security status reporting is: - (Correct Answer)-Event driven, Time driven
