FITSP- MANAGER, NEXT GENERATION EXAM
WITH QUESTIONS AND VERIFIED ANSWERS||
ALREADY GRADED A+|| GUARANTEED PASS||
LATEST VERSION 2025
In which NIST special publication can you find guidance for the performance
measurement of information systems? - ANSWER-800-55
Which FEA reference model was used to create the guide for mapping information
types to security categories, in support of the first step of the RMF? - ANSWER-
OMB business 800-60
What is the name of the security control, represented by the control ID RA-3, that
must be partially implemented prior to the implementation of other controls in
order to complete the first two steps in the RMF? - ANSWER-Risk Assessment
Where can information about vulnerabilities be found? - ANSWER-NVD or CWE
Which SCAP specifications provide a standard naming convention for operating
systems, hardware, and applications for the purpose of providing consistent, easily
parsed names? - ANSWER-CPE- Common Platform Enumeration
,What is defined as an identifiable part of a system (e.g., hardware, software,
firmware, documentation, or a combination thereof) that is a discrete target of
configuration control processes? - ANSWER-CI - Configuration item
Which special pub provides guidelines on designing, developing, conducting, and
evaluating test, training, and exercise (TT&E) events? - ANSWER-800-84 Guide
to TT&E
Name the contingency planning variable that defines the maximum amount of time
that a system resource can remain unavailable before there is an unacceptable
impact on other system resources, supported mission/business functions, and the
MTD. - ANSWER-RTO
What is created to correlate the information system with critical mission/business
processes, and is further used to characterize the consequences of a disruption? -
ANSWER-BIA
Which Federal mandate requires agencies to report incidents to US-CERT? -
ANSWER-FISMA
What is the US-CERT incident category name and reporting timeframe for a CAT-
2 incident? - ANSWER-Denial of Service - 1 hour
Which FIPS 140-2 encryption level requires identity-based authentication? -
ANSWER-Level 3
What FIPS publication (focusing on AES) specifies the Rijndael algorithm, a
symmetric block cipher that can process data blocks of 128 bits, using cipher keys
with lengths of 128, 192, and 256 bits? - ANSWER-FIPS 197
, What is the recommended disposal method, from the sanitization guidelines of
NIST SP 800-88 for paper-based medical records containing sensitive PII? -
ANSWER-Cross cut shredder
What is the supporting guideline for PE-17 Alternate Work Site and
telework/remote access? - ANSWER-800-46
Because AH transport mode cannot alter the original IP header or create a new IP
header, transport mode is generally used in which VPN architecture? (remote
server mgt) - ANSWER-Host-to-host
Which VPN technologies are approved for use by Federal agencies? - ANSWER-
TLS\SSL IPSEC
What report defines security acronyms and abbreviations for interagency
consistency? - ANSWER-IR-7581
What is PRISMA? - ANSWER-NIST PROGRAM REVIEW
Where can an Operator find the reports that are most current? - ANSWER-NIST
website
NIST introduced the Cyber Security framework in 2014. What are the 5 basic areas
of action? - ANSWER-Identify, Protect, Detect, Respond, Recover (DRIPR to
remember)
In Integrated Organization-wide Risk Management, Tier 1 covers what area? -
ANSWER-Governance
WITH QUESTIONS AND VERIFIED ANSWERS||
ALREADY GRADED A+|| GUARANTEED PASS||
LATEST VERSION 2025
In which NIST special publication can you find guidance for the performance
measurement of information systems? - ANSWER-800-55
Which FEA reference model was used to create the guide for mapping information
types to security categories, in support of the first step of the RMF? - ANSWER-
OMB business 800-60
What is the name of the security control, represented by the control ID RA-3, that
must be partially implemented prior to the implementation of other controls in
order to complete the first two steps in the RMF? - ANSWER-Risk Assessment
Where can information about vulnerabilities be found? - ANSWER-NVD or CWE
Which SCAP specifications provide a standard naming convention for operating
systems, hardware, and applications for the purpose of providing consistent, easily
parsed names? - ANSWER-CPE- Common Platform Enumeration
,What is defined as an identifiable part of a system (e.g., hardware, software,
firmware, documentation, or a combination thereof) that is a discrete target of
configuration control processes? - ANSWER-CI - Configuration item
Which special pub provides guidelines on designing, developing, conducting, and
evaluating test, training, and exercise (TT&E) events? - ANSWER-800-84 Guide
to TT&E
Name the contingency planning variable that defines the maximum amount of time
that a system resource can remain unavailable before there is an unacceptable
impact on other system resources, supported mission/business functions, and the
MTD. - ANSWER-RTO
What is created to correlate the information system with critical mission/business
processes, and is further used to characterize the consequences of a disruption? -
ANSWER-BIA
Which Federal mandate requires agencies to report incidents to US-CERT? -
ANSWER-FISMA
What is the US-CERT incident category name and reporting timeframe for a CAT-
2 incident? - ANSWER-Denial of Service - 1 hour
Which FIPS 140-2 encryption level requires identity-based authentication? -
ANSWER-Level 3
What FIPS publication (focusing on AES) specifies the Rijndael algorithm, a
symmetric block cipher that can process data blocks of 128 bits, using cipher keys
with lengths of 128, 192, and 256 bits? - ANSWER-FIPS 197
, What is the recommended disposal method, from the sanitization guidelines of
NIST SP 800-88 for paper-based medical records containing sensitive PII? -
ANSWER-Cross cut shredder
What is the supporting guideline for PE-17 Alternate Work Site and
telework/remote access? - ANSWER-800-46
Because AH transport mode cannot alter the original IP header or create a new IP
header, transport mode is generally used in which VPN architecture? (remote
server mgt) - ANSWER-Host-to-host
Which VPN technologies are approved for use by Federal agencies? - ANSWER-
TLS\SSL IPSEC
What report defines security acronyms and abbreviations for interagency
consistency? - ANSWER-IR-7581
What is PRISMA? - ANSWER-NIST PROGRAM REVIEW
Where can an Operator find the reports that are most current? - ANSWER-NIST
website
NIST introduced the Cyber Security framework in 2014. What are the 5 basic areas
of action? - ANSWER-Identify, Protect, Detect, Respond, Recover (DRIPR to
remember)
In Integrated Organization-wide Risk Management, Tier 1 covers what area? -
ANSWER-Governance
