FedVTE CAP: Questions With Fully Explained Solutions
Which of the following groups represents the most likely source of an asset
loss through the inappropriate use of computers?
A. Employees
B. Hackers
C. Visitors
D. Customers Right Ans - A. Employees
FISMA charges which one of the following agencies with the responsibility of
overseeing the security policies and practices of all agencies of the executive
branch of the Federal government?
A. Office of Management and Budget (OMB)
B. National Institute of Standards and Technology (NIST)
C. National Security Agency (NSA)
D. Department of Justice Right Ans - A. Office of Management and Budget
(OMB)
Which one of the following publications provides details of the monitoring
security control?
A. NIST SP 800 53
B. NIST SP 800 42
C. NIST SP 800 37
D. NIST SP 800 41 Right Ans - C. NIST SP 800 37
Which of the following statements about Discretionary Access Control List
(DACL) is true?
,A. It is a list containing user accounts, groups, and computers that are allowed
(or denied) access to the object.
B. It specifies whether an audit activity should be performed when an object
attempts to access a resource.
C. It is a unique number that identifies a user, group, and computer account.
D. It is a rule list containing access control entries. Right Ans - A. It is a list
containing user accounts, groups, and computers that are allowed (or denied)
access to the object.
FIPS Publication 199 defines three levels of potential impact to the
compromise of confidentiality, integrity, and availability. These levels are:
A. Minimum, Normal, Maximum
B. Low, Moderate, High
C. Unclassified, Confidential, Secret
D. Confidential, Secret, Top Secret Right Ans - B. Low, Moderate, High
Which of the following individuals is responsible for monitoring the
information system environment that can negatively impact the security of
the system and its accreditation?
A. Chief Information Security Officer
B. Chief Information Officer
C. Chief Risk Officer
, D. Information System Owner Right Ans - D. Information System Owner
Which of the following professionals plays the role of a monitor and takes part
in the organizations configuration management process?
A. Senior Agency Information Security Officer
B. Authorizing Official
C. Common Control Provider
D. Chief Information Officer Right Ans - C. Common Control Provider
Which of the following is not a standard phase in the System Authorization
Process?
A. Pre certification
B. Post authorization
C. Post certification
D. Certification Right Ans - C. Post certification
What is the potential impact if the loss of confidentiality, integrity, or
availability could be expected to have a limited adverse effect on
organizational operations, organizational assets, individuals, other
organizations, or the national security interests of the United States?
A. Low
B. Moderate
Which of the following groups represents the most likely source of an asset
loss through the inappropriate use of computers?
A. Employees
B. Hackers
C. Visitors
D. Customers Right Ans - A. Employees
FISMA charges which one of the following agencies with the responsibility of
overseeing the security policies and practices of all agencies of the executive
branch of the Federal government?
A. Office of Management and Budget (OMB)
B. National Institute of Standards and Technology (NIST)
C. National Security Agency (NSA)
D. Department of Justice Right Ans - A. Office of Management and Budget
(OMB)
Which one of the following publications provides details of the monitoring
security control?
A. NIST SP 800 53
B. NIST SP 800 42
C. NIST SP 800 37
D. NIST SP 800 41 Right Ans - C. NIST SP 800 37
Which of the following statements about Discretionary Access Control List
(DACL) is true?
,A. It is a list containing user accounts, groups, and computers that are allowed
(or denied) access to the object.
B. It specifies whether an audit activity should be performed when an object
attempts to access a resource.
C. It is a unique number that identifies a user, group, and computer account.
D. It is a rule list containing access control entries. Right Ans - A. It is a list
containing user accounts, groups, and computers that are allowed (or denied)
access to the object.
FIPS Publication 199 defines three levels of potential impact to the
compromise of confidentiality, integrity, and availability. These levels are:
A. Minimum, Normal, Maximum
B. Low, Moderate, High
C. Unclassified, Confidential, Secret
D. Confidential, Secret, Top Secret Right Ans - B. Low, Moderate, High
Which of the following individuals is responsible for monitoring the
information system environment that can negatively impact the security of
the system and its accreditation?
A. Chief Information Security Officer
B. Chief Information Officer
C. Chief Risk Officer
, D. Information System Owner Right Ans - D. Information System Owner
Which of the following professionals plays the role of a monitor and takes part
in the organizations configuration management process?
A. Senior Agency Information Security Officer
B. Authorizing Official
C. Common Control Provider
D. Chief Information Officer Right Ans - C. Common Control Provider
Which of the following is not a standard phase in the System Authorization
Process?
A. Pre certification
B. Post authorization
C. Post certification
D. Certification Right Ans - C. Post certification
What is the potential impact if the loss of confidentiality, integrity, or
availability could be expected to have a limited adverse effect on
organizational operations, organizational assets, individuals, other
organizations, or the national security interests of the United States?
A. Low
B. Moderate
