FITSP - Auditor Questions Newest Actual Exam With
Complete Questions And Correct Detailed Answers
(Verified Answers) |Already Graded A+ UPDATED
2026
The following legislation requires federal agencies to
establish capital planning and investment control
policies and procedures when procuring information
technology:
a) E-Government Act of 2002
b) Federal Information Security Management Act
(FISMA)
c) Government Information Security Reform Act
(GISRA)
d) Clinger-Cohen Act - ✔✔ANSWER✔✔-Clinger-Cohen
Act
The following legislation requires federal agencies to
appoint a Chief Information Officer:
a) E-Government Act of 2002
b) Federal Information Security Management Act
(FISMA)
c) Government Information Security Reform Act
(GISRA)
,d) Clinger-Cohen Act - ✔✔ANSWER✔✔-Clinger-Cohen
Act
The following legislation requires federal agencies to
develop, document, and implement an agency-wide
information security program:
a) E-Government Act of 2002, Section 208
b) Federal Information Security Management Act
(FISMA)
c) Government Information Security Reform Act
(GISRA)
d) Clinger-Cohen Act - ✔✔ANSWER✔✔-Federal
Information Security Management Act (FISMA)
The following legislation requires federal agencies to
prepare Privacy Impact Assessments (PIAs) when
developing or procuring new information technology:
a) E-Government Act of 2002, Section 208
b) Federal Information Security Management Act
(FISMA)
c) Privacy Act, 1974
d) Clinger-Cohen Act - ✔✔ANSWER✔✔-E-Government
Act of 2002, Section 208
The following legislation requires each agency with an
Inspector General to conduct an annual evaluation of
agency's information security program, or to appoint an
independent external auditor, to conduct the evaluation
on their behalf:
a) E-Government Act of 2002, Title I
b) Federal Information Security Management Act
(FISMA)
,c) Government Information Security Reform Act
(GISRA)
d) Clinger-Cohen Act - ✔✔ANSWER✔✔-Federal
Information Security Management Act (FISMA)
The Secretary of what department or agency was
delegated the responsibility by FISMA to prescribe
standards and guidelines pertaining to federal
information systems
to improve the efficiency of operation or security of
Federal information systems:
a) Department of Homeland Security (DHS)
b) Defense Department
c) Commerce Department
d) National Security Agency - ✔✔ANSWER✔✔-
The following OMB guidance established the
requirement for federal agencies to review the security
controls in each system when significant modifications
are made to
the system, or at least every three years. This guidance
also requires federal agencies to re-authorize
information systems every three years.
a) OMB Circular No. A-123- Management Accountability
and Control
b) OMB Circular No. A-130, Appendix III, Security of
Federal Automated Information Resources
c) OMB Circular No. A-127, Financial Management
Systems
d) OMB Circular No. A-136, Financial Management
Reporting Requirements - ✔✔ANSWER✔✔-OMB
Circular No. A-130, Appendix III, Security of Federal
Automated Information Resources
, Current regulations still require the re-authorization of
Federal information systems at least every three years.
a) True
b) False - ✔✔ANSWER✔✔-False
As part of monitoring the security posture of agency
desktops, OMB requires Federal agencies to
use vulnerability scanning tools that leverage the
protocol.
a) SNMP
b) SMTP
c) SCAP
d) LDAP - ✔✔ANSWER✔✔-SCAP
Following the loss of 26 million records containing Pll at
the Department of Veteran Affairs, OMB released M-06-
16 Protection of Sensitive Agency Information. This
memo required all of the following except:
a) Encryption of all data on mobile computers/devices
b) Permits remote access only with two-factor
authentication, for which one factor is provided by a
device separate from the computer gaining access
c) Use a "time-out" function for remote access and
mobile devices requiring user reauthentication after 30
minutes of inactivity
d) Encryption of all server backup tapes -
✔✔ANSWER✔✔-Encryption of all server backup tapes
This Homeland Security Presidential Directive requires
all Federal agencies to adopt a standard,
Complete Questions And Correct Detailed Answers
(Verified Answers) |Already Graded A+ UPDATED
2026
The following legislation requires federal agencies to
establish capital planning and investment control
policies and procedures when procuring information
technology:
a) E-Government Act of 2002
b) Federal Information Security Management Act
(FISMA)
c) Government Information Security Reform Act
(GISRA)
d) Clinger-Cohen Act - ✔✔ANSWER✔✔-Clinger-Cohen
Act
The following legislation requires federal agencies to
appoint a Chief Information Officer:
a) E-Government Act of 2002
b) Federal Information Security Management Act
(FISMA)
c) Government Information Security Reform Act
(GISRA)
,d) Clinger-Cohen Act - ✔✔ANSWER✔✔-Clinger-Cohen
Act
The following legislation requires federal agencies to
develop, document, and implement an agency-wide
information security program:
a) E-Government Act of 2002, Section 208
b) Federal Information Security Management Act
(FISMA)
c) Government Information Security Reform Act
(GISRA)
d) Clinger-Cohen Act - ✔✔ANSWER✔✔-Federal
Information Security Management Act (FISMA)
The following legislation requires federal agencies to
prepare Privacy Impact Assessments (PIAs) when
developing or procuring new information technology:
a) E-Government Act of 2002, Section 208
b) Federal Information Security Management Act
(FISMA)
c) Privacy Act, 1974
d) Clinger-Cohen Act - ✔✔ANSWER✔✔-E-Government
Act of 2002, Section 208
The following legislation requires each agency with an
Inspector General to conduct an annual evaluation of
agency's information security program, or to appoint an
independent external auditor, to conduct the evaluation
on their behalf:
a) E-Government Act of 2002, Title I
b) Federal Information Security Management Act
(FISMA)
,c) Government Information Security Reform Act
(GISRA)
d) Clinger-Cohen Act - ✔✔ANSWER✔✔-Federal
Information Security Management Act (FISMA)
The Secretary of what department or agency was
delegated the responsibility by FISMA to prescribe
standards and guidelines pertaining to federal
information systems
to improve the efficiency of operation or security of
Federal information systems:
a) Department of Homeland Security (DHS)
b) Defense Department
c) Commerce Department
d) National Security Agency - ✔✔ANSWER✔✔-
The following OMB guidance established the
requirement for federal agencies to review the security
controls in each system when significant modifications
are made to
the system, or at least every three years. This guidance
also requires federal agencies to re-authorize
information systems every three years.
a) OMB Circular No. A-123- Management Accountability
and Control
b) OMB Circular No. A-130, Appendix III, Security of
Federal Automated Information Resources
c) OMB Circular No. A-127, Financial Management
Systems
d) OMB Circular No. A-136, Financial Management
Reporting Requirements - ✔✔ANSWER✔✔-OMB
Circular No. A-130, Appendix III, Security of Federal
Automated Information Resources
, Current regulations still require the re-authorization of
Federal information systems at least every three years.
a) True
b) False - ✔✔ANSWER✔✔-False
As part of monitoring the security posture of agency
desktops, OMB requires Federal agencies to
use vulnerability scanning tools that leverage the
protocol.
a) SNMP
b) SMTP
c) SCAP
d) LDAP - ✔✔ANSWER✔✔-SCAP
Following the loss of 26 million records containing Pll at
the Department of Veteran Affairs, OMB released M-06-
16 Protection of Sensitive Agency Information. This
memo required all of the following except:
a) Encryption of all data on mobile computers/devices
b) Permits remote access only with two-factor
authentication, for which one factor is provided by a
device separate from the computer gaining access
c) Use a "time-out" function for remote access and
mobile devices requiring user reauthentication after 30
minutes of inactivity
d) Encryption of all server backup tapes -
✔✔ANSWER✔✔-Encryption of all server backup tapes
This Homeland Security Presidential Directive requires
all Federal agencies to adopt a standard,
