SPeD SFPC EXAM: Risk Management
Framework (RMF) QUESTIONS AND
CORRECT ANSWERS (VERIFIED
ANSWERS) SECURITY FUNDAMENTALS
PROFESSIONAL CERTIFICATION
DoD systems are subject to what types of threats? -CORRECTANSWER
Confidentiality, integrity, or availability of information processed, stored, or transmitted
by DoD systems.
Define system categorization -CORRECTANSWER System Categorization is the
process by which the Information Owner identifies the potential impact (low, moderate,
or high) that would result from the loss of confidentiality, integrity, and availability should
a security breach occur.
What is non-repudiation and the negative impacts of not having non--repudiation? -
CORRECTANSWER Definition: Protection against an individual falsely denying having
performed a particular action. Provides the capability to determine whether a given
individual took a particular action such as creating information, sending a message,
approving information, and receiving a message.
Negative impacts :
1.) Sender could deny message was sent.
, 2.) Recipient of email could change message and contest that altered message was
sent by sender.
What is confidentiality and the negative impacts of not having confidentiality? -
CORRECTANSWER Definition: Preserving authorized restrictions on information
access and disclosure, including means for protecting personal privacy and proprietary
information.
Negative impacts of no confidentiality:
1.) Persons could be granted access to information beyond their need-to-know.
2.) Sensitive or classified information could be disclosed to an unauthorized system
What is CIA in relation to RMF? -CORRECTANSWER Confidentiality: preserving
authorized restrictions on information access and disclosure
Integrity: guarding against unauthorized information modification or destruction
Availability: timely and reliable access to and use of information
What program does RMF replace? -CORRECTANSWER DIACAP
What DoD guidance provides direction for the implementation of RMF? -
CORRECTANSWER DoD 8510.01
Framework (RMF) QUESTIONS AND
CORRECT ANSWERS (VERIFIED
ANSWERS) SECURITY FUNDAMENTALS
PROFESSIONAL CERTIFICATION
DoD systems are subject to what types of threats? -CORRECTANSWER
Confidentiality, integrity, or availability of information processed, stored, or transmitted
by DoD systems.
Define system categorization -CORRECTANSWER System Categorization is the
process by which the Information Owner identifies the potential impact (low, moderate,
or high) that would result from the loss of confidentiality, integrity, and availability should
a security breach occur.
What is non-repudiation and the negative impacts of not having non--repudiation? -
CORRECTANSWER Definition: Protection against an individual falsely denying having
performed a particular action. Provides the capability to determine whether a given
individual took a particular action such as creating information, sending a message,
approving information, and receiving a message.
Negative impacts :
1.) Sender could deny message was sent.
, 2.) Recipient of email could change message and contest that altered message was
sent by sender.
What is confidentiality and the negative impacts of not having confidentiality? -
CORRECTANSWER Definition: Preserving authorized restrictions on information
access and disclosure, including means for protecting personal privacy and proprietary
information.
Negative impacts of no confidentiality:
1.) Persons could be granted access to information beyond their need-to-know.
2.) Sensitive or classified information could be disclosed to an unauthorized system
What is CIA in relation to RMF? -CORRECTANSWER Confidentiality: preserving
authorized restrictions on information access and disclosure
Integrity: guarding against unauthorized information modification or destruction
Availability: timely and reliable access to and use of information
What program does RMF replace? -CORRECTANSWER DIACAP
What DoD guidance provides direction for the implementation of RMF? -
CORRECTANSWER DoD 8510.01
