FITSP -MANAGER EXAM 2026/2027 WITH
ACTUAL CORRECT QUESTIONS AND
VERIFIED DETAILED ANSWERS
|CURRENTLY TESTING QUESTIONS AND
SOLUTIONS|ALREADY GRADED
A+|NEWEST|JUST RELEASED!!|GUARANTEED
PASS
What are controls key concepts and Vocabulary
Security Categorization
-FIPS 199 Security Categorization Standards
-SP 800-60 Mapping Types to Categories
-Categorizinf Privacy Information
-SP 800-122 Protecting PII
Documentation - System Security Plan
Security Control Baseline
-FIPS 200 Minimum Security Requirements
-SP 800 -53 Fundamentals
-Selecting Controls from 800-53
-Implementing Controls
How to build and effective assurance case?
Compiling and presenting evidence
Basis for determining effectiveness of controls
Product assessments
Systems Assessments
Risk Determination
What are the method of Assessment
1|Page
,Testing
Examination
Interviewing
What assessment methods associated attributes
Depth and coverage both determine the level of effort for assessment (basic,focused and
comprehensive.
What the assessment process?
Describe assessment process and testing
Review the elements of the security authorization package
Conduct risk assessment
Review artifacts and documents
Interview key personnel
Test system components and controls
Develop and produce assessment report
What is SP-800 115
Technical Guide to Information Security Testing and Assessment
What are assessment tasks
Ensure the proper polices are in place
Ensure all previous RMF steps were completed
Ensure all Common Controls are in place and implemented
Collect and evaluate system artifacts
Assessment Testing
-Vulnerbility Scanning
-Log Review
-Penetration Testing
-Configuration Checklist Review -
2|Page
,What does a security assessment report provides?
Visibility into specific weaknesses and deficiencies in the security control employed within or
inherited by the information system that could not reasonably be resolved during system
development.
What does RMF-5 Authorize Information System include?
Plan of action and milestones
Security Authorization Package
Risk Determination
Risk Acceptance
What is OMB 02-01?
Guidance for Preparing and submitting Security Plans of Action and Milestones.
What are the fields in POAM
Type of weaknesses
Office or organization responsible for correcting weakness
Amount of money needed to correct weakness
Schedule completion date of weakness
Key milestones with completion dates
Milestone changes
Source of weaknesses
Status (ongoing or completed)
What does a authorization package contain?
System Security Plan
Security Assessment Report
Plan of Action and Milestones
What is SP 800-137 ISCM guidelines define?
3|Page
, Maintaining ongoing awareness of information security, vulnerabilities, and threats
Support org risk management decisions
Begin with leadership defiining a comprehensive ICSM strategy encompassing
-technology
-processes
-procedures
-operating enviroments
-peoplef
What are the four phases of 800-47 Security Guide for Interconnecting IT Systems
Planning
Establishing
Maintaining
Disconnecting
What are the control types and families within SP 800-53 r4
Control types
Management
Operational
Technical
There are 18 families of controls within these types
4 technical families
5 management families
9 operational families
What elements are components of an information systems?
Hardware/Software
Interconnected System
People
4|Page
ACTUAL CORRECT QUESTIONS AND
VERIFIED DETAILED ANSWERS
|CURRENTLY TESTING QUESTIONS AND
SOLUTIONS|ALREADY GRADED
A+|NEWEST|JUST RELEASED!!|GUARANTEED
PASS
What are controls key concepts and Vocabulary
Security Categorization
-FIPS 199 Security Categorization Standards
-SP 800-60 Mapping Types to Categories
-Categorizinf Privacy Information
-SP 800-122 Protecting PII
Documentation - System Security Plan
Security Control Baseline
-FIPS 200 Minimum Security Requirements
-SP 800 -53 Fundamentals
-Selecting Controls from 800-53
-Implementing Controls
How to build and effective assurance case?
Compiling and presenting evidence
Basis for determining effectiveness of controls
Product assessments
Systems Assessments
Risk Determination
What are the method of Assessment
1|Page
,Testing
Examination
Interviewing
What assessment methods associated attributes
Depth and coverage both determine the level of effort for assessment (basic,focused and
comprehensive.
What the assessment process?
Describe assessment process and testing
Review the elements of the security authorization package
Conduct risk assessment
Review artifacts and documents
Interview key personnel
Test system components and controls
Develop and produce assessment report
What is SP-800 115
Technical Guide to Information Security Testing and Assessment
What are assessment tasks
Ensure the proper polices are in place
Ensure all previous RMF steps were completed
Ensure all Common Controls are in place and implemented
Collect and evaluate system artifacts
Assessment Testing
-Vulnerbility Scanning
-Log Review
-Penetration Testing
-Configuration Checklist Review -
2|Page
,What does a security assessment report provides?
Visibility into specific weaknesses and deficiencies in the security control employed within or
inherited by the information system that could not reasonably be resolved during system
development.
What does RMF-5 Authorize Information System include?
Plan of action and milestones
Security Authorization Package
Risk Determination
Risk Acceptance
What is OMB 02-01?
Guidance for Preparing and submitting Security Plans of Action and Milestones.
What are the fields in POAM
Type of weaknesses
Office or organization responsible for correcting weakness
Amount of money needed to correct weakness
Schedule completion date of weakness
Key milestones with completion dates
Milestone changes
Source of weaknesses
Status (ongoing or completed)
What does a authorization package contain?
System Security Plan
Security Assessment Report
Plan of Action and Milestones
What is SP 800-137 ISCM guidelines define?
3|Page
, Maintaining ongoing awareness of information security, vulnerabilities, and threats
Support org risk management decisions
Begin with leadership defiining a comprehensive ICSM strategy encompassing
-technology
-processes
-procedures
-operating enviroments
-peoplef
What are the four phases of 800-47 Security Guide for Interconnecting IT Systems
Planning
Establishing
Maintaining
Disconnecting
What are the control types and families within SP 800-53 r4
Control types
Management
Operational
Technical
There are 18 families of controls within these types
4 technical families
5 management families
9 operational families
What elements are components of an information systems?
Hardware/Software
Interconnected System
People
4|Page
