FITSP-M Knowledge Check || Graded A+.
What is the main function of Step 1 in the RMF? correct answers Categorize the information
system and the information processed, stored, and transmitted by that system based on an impact
analysis
During which step and task are the security control weaknesses and deficiencies addressed?
correct answers Assess - using an POAM by the assessor
What types of remediation actions can be utilized? correct answers Accept
Reject
Share
Transfer
Remediate
Which document provides a policy framework for information resources management across the
Federal government? correct answers OMB Circular A-130 p. 58
Name an initiative to create security configuration baselines for Information Technology
products widely deployed across the federal agencies. correct answers US Government
Configuration Baseline (USGCB) p. 80
Agencies required to adhere to DHS' direction to report data through this automated tool. What is
a the required frequency of these data feeds? correct answers CyberScope - Monthly data feeds
p. 78 & 97
Which two NIST Special Publications provide management overview and risk assessment
guidance on risk management? correct answers SP 800-30 - Guide for Conducting Risk
Assessments
SP 800-39 - Managing Information Security Risk: Organization, Mission, and Information
Systems View
, P. 133
What are the four components of the new Risk Management Model? correct answers Frame risk
Assess risk
Respond to risk one determined
Monitor risk on an ongoing basis
P. 130
Give an example of Tier 1 risk correct answers Strategic Risk
Legal Risk
Compliance Risk
Financial Risk
Reputation Risk
Environment Risk
P. 149
Which phase of the SLDC should define security requirements? correct answers Initiation p. 140
What establishes the scope of protection for organizational information systems? correct answers
Something?
Dynamic Subsystem correct answers A subsystem that is not continually present during the
execution phase of an information system. Service-oriented architectures and cloud computing
architectures are examples of architectures that employ dynamic subsystems.
External Subsystem correct answers A system that would be considered outside of the direct
control of the organization that owns the information system and authorizes its operation.
What is the main function of Step 1 in the RMF? correct answers Categorize the information
system and the information processed, stored, and transmitted by that system based on an impact
analysis
During which step and task are the security control weaknesses and deficiencies addressed?
correct answers Assess - using an POAM by the assessor
What types of remediation actions can be utilized? correct answers Accept
Reject
Share
Transfer
Remediate
Which document provides a policy framework for information resources management across the
Federal government? correct answers OMB Circular A-130 p. 58
Name an initiative to create security configuration baselines for Information Technology
products widely deployed across the federal agencies. correct answers US Government
Configuration Baseline (USGCB) p. 80
Agencies required to adhere to DHS' direction to report data through this automated tool. What is
a the required frequency of these data feeds? correct answers CyberScope - Monthly data feeds
p. 78 & 97
Which two NIST Special Publications provide management overview and risk assessment
guidance on risk management? correct answers SP 800-30 - Guide for Conducting Risk
Assessments
SP 800-39 - Managing Information Security Risk: Organization, Mission, and Information
Systems View
, P. 133
What are the four components of the new Risk Management Model? correct answers Frame risk
Assess risk
Respond to risk one determined
Monitor risk on an ongoing basis
P. 130
Give an example of Tier 1 risk correct answers Strategic Risk
Legal Risk
Compliance Risk
Financial Risk
Reputation Risk
Environment Risk
P. 149
Which phase of the SLDC should define security requirements? correct answers Initiation p. 140
What establishes the scope of protection for organizational information systems? correct answers
Something?
Dynamic Subsystem correct answers A subsystem that is not continually present during the
execution phase of an information system. Service-oriented architectures and cloud computing
architectures are examples of architectures that employ dynamic subsystems.
External Subsystem correct answers A system that would be considered outside of the direct
control of the organization that owns the information system and authorizes its operation.
