FITSP OPERATOR STUDY SET EXAM
QUESTIONS AND ANSWERS. VERIFIED
2025/2026.
FIPS 199 - ANS Security categorization based on impact levels (Confidentiality, Integrity,
Availability).
RMF Steps - ANS Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor.
FISMA - ANS Act requiring federal agencies to establish a security program with annual
reporting.
NIST Cybersecurity Framework Core Functions - ANS Identify, Protect, Detect, Respond,
Recover.
Privacy Act of 1974 - ANS Protect personally identifiable information (PII) by requiring a valid
reason for its collection and retention.
Digital Signature - ANS A mechanism using a sender's private key to ensure non-repudiation
and integrity of a message.
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,OMB Circular A-130 - ANS Policy for managing federal information resources, including
security and privacy guidelines.
Symmetric vs Asymmetric Encryption - ANS Symmetric uses the same key for encryption and
decryption; asymmetric uses a public/private key pair.
FIPS 199 Impact Levels - ANS Low, Moderate, High.
SP 800-53A - ANS Methods for assessing the effectiveness of security controls.
CIA Triad - ANS Confidentiality, Integrity, Availability.
SP 800-88 - ANS Media sanitization - clearing, purging, and destruction.
HSPD-12 - ANS Common Identification Standard for Federal Employees.
SCAP - ANS Security Content Automation Protocol.
FIPS 140-2 - ANS Cryptographic module standards.
FIPS 200 - ANS Minimum security requirements for federal information systems.
SP 800-122 - ANS Guide to protecting confidentiality of PII.
Risk Avoidance - ANS Proactively eliminating risk by avoiding related activities.
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Risk Rejection - ANS Ignoring or dismissing the existence of a risk.
Cold Site - ANS A low-cost disaster recovery site with no pre-installed equipment.
Hot Site - ANS A high-cost disaster recovery site with pre-installed equipment for rapid
recovery.
RTO - ANS Recovery Time Objective - the maximum time to restore operations.
RPO - ANS Recovery Point Objective - the acceptable data loss in case of an incident.
Layer 7 Firewall - ANS Inspects and filters traffic at the application layer.
IDS vs IPS - ANS IDS detects intrusions; IPS prevents intrusions.
Trojan - ANS Malicious software disguised as legitimate.
Rootkit - ANS Malicious software providing unauthorized administrative access.
Backdoor Detection - ANS Using HIDS or behavioral-based detection for suspicious activity.
Worm - ANS Self-propagating malicious code.
Virus - ANS Malicious code that attaches to a host file.
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
QUESTIONS AND ANSWERS. VERIFIED
2025/2026.
FIPS 199 - ANS Security categorization based on impact levels (Confidentiality, Integrity,
Availability).
RMF Steps - ANS Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor.
FISMA - ANS Act requiring federal agencies to establish a security program with annual
reporting.
NIST Cybersecurity Framework Core Functions - ANS Identify, Protect, Detect, Respond,
Recover.
Privacy Act of 1974 - ANS Protect personally identifiable information (PII) by requiring a valid
reason for its collection and retention.
Digital Signature - ANS A mechanism using a sender's private key to ensure non-repudiation
and integrity of a message.
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,OMB Circular A-130 - ANS Policy for managing federal information resources, including
security and privacy guidelines.
Symmetric vs Asymmetric Encryption - ANS Symmetric uses the same key for encryption and
decryption; asymmetric uses a public/private key pair.
FIPS 199 Impact Levels - ANS Low, Moderate, High.
SP 800-53A - ANS Methods for assessing the effectiveness of security controls.
CIA Triad - ANS Confidentiality, Integrity, Availability.
SP 800-88 - ANS Media sanitization - clearing, purging, and destruction.
HSPD-12 - ANS Common Identification Standard for Federal Employees.
SCAP - ANS Security Content Automation Protocol.
FIPS 140-2 - ANS Cryptographic module standards.
FIPS 200 - ANS Minimum security requirements for federal information systems.
SP 800-122 - ANS Guide to protecting confidentiality of PII.
Risk Avoidance - ANS Proactively eliminating risk by avoiding related activities.
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Risk Rejection - ANS Ignoring or dismissing the existence of a risk.
Cold Site - ANS A low-cost disaster recovery site with no pre-installed equipment.
Hot Site - ANS A high-cost disaster recovery site with pre-installed equipment for rapid
recovery.
RTO - ANS Recovery Time Objective - the maximum time to restore operations.
RPO - ANS Recovery Point Objective - the acceptable data loss in case of an incident.
Layer 7 Firewall - ANS Inspects and filters traffic at the application layer.
IDS vs IPS - ANS IDS detects intrusions; IPS prevents intrusions.
Trojan - ANS Malicious software disguised as legitimate.
Rootkit - ANS Malicious software providing unauthorized administrative access.
Backdoor Detection - ANS Using HIDS or behavioral-based detection for suspicious activity.
Worm - ANS Self-propagating malicious code.
Virus - ANS Malicious code that attaches to a host file.
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
