FITSP-A Module 3 QUESTIONS WITH COMPLETE SOLUTIONS

1. What elements are components of an information system? a) Hardware and software b) Interconnected systems c) People d) All of the above correct answer: Correct answer: d) All of the above OMB Circular A-130, App ill: "A system normally includes hardware, software, information, data, applications, communications, and people.' Incorrect answers: The individual choices alone do not constitute a system. Information systems must be considered in a holistic manner. 2. What are some of the threats that the information system faces? a) Environmental disruptions b) Human errors c) Cyber-attacks d) All of the above correct answer: Correct answer: d) All of the above NIST SP 800-39r1, p. 1: "Threats to information and information systems can include purposeful attacks, environmental disruptions, and human/machine errors and result in great harm to the national and economic security interests of the United States. Incorrect answers: The individual choices alone do not cover all the threats that must be considered in protecting systems SDLC correct answer: System Development Life Cycle The five phases, as described in SP 800-64 are Initiation, Development/Acquisition, Implementation, Operations/Maintenance, and Disposal. ( I D/A I O/M D ) 3. During what phase of the SDLC should the organization consider the security requirements (mark all that apply)? a) Initiation Phase / Development / Acquisition Phase b) Implementation Phase c) Operation / Maintenance Phase d) System Disposal Phase correct answer: Correct answer: a), b), c) & d) NIST SP 800-64r2, p. 11: "Security considerations are identified in each SDLC phase, thus advancing the business application and security requirements together to ensure a balanced approach during development." Incorrect answers: The individual choices alone do not cover all phases of the SDLC. 4. The PIA, BIA and Security Categorization are all done in this phase of the SDLC: a) Initiation b) Development/Acquirement c) Implementation