FITSP - Manager Questions Newest 2026-2027 Actual Exam
With Complete Questions And Correct Detailed Answers
(Verified Answers) |Already Graded A+
What is designed to force implementation of HSPD-12 Personal Identity
Verification criteria along with M05-24,M06-06,M-06-18,M08-01 and
M11-11. - ANSWER-M-04-04 E-Authentication Guidance for Federal
Agencies
What does M-06-15 Safeguarding PII require? - ANSWER-Requires
privacy policies for each agency and the public release of these policies
What does M-06-19 PII Reporting require? - ANSWER-Requires
reporting of potential PII data-breach events to Federal CERT within on
hour of their discovery.
What does M-07-16 Privacy and Privacy Reporting cover? - ANSWER-
Safeguarding PII
Breach Notification Policy
SAOP Reporting Metrics
-Information security systems (w/PII)
-PIA and SORNs
-Privacy Training
pg. 1
,-PIA and web privacy policies and processes
-Written privacy complaints
-SAOP advice and guidance
-Agency use of web management and customization technologies (e.g.
cookies)
Requires an agency-based incident handling policy.
Why was M-09-32 Trusted Internet Connections initiated? - ANSWER-
OMB started the TIC initiative to consolidate the number of external
access points, including internet connections, and to ensure that all
external connections are routed thru an OMB-approved TIC
What does OMB Memorandum 10-28, "Clarifying Cybersecurity
Responsibilities and Activities of the Executive Office of the President
and the Department of Homeland Security cover? - ANSWER-Set OMB
as Reporting agency and DHS and gathering agency for Cybersecurity
data and events.
What reporting instructions have changed for OMB M11-33/M11-
02/M12-02? - ANSWER-Cyberscope:
What is the purpose of the US Government Configuration Baseline
(USGCB)? - ANSWER-The USGCB initiative is to create a security
configuration baseline for IT product widely deployed across Federal
agencies
pg. 2
,As for Reporting Instructions, must the DOD and ODNI follow OMB
policy and NIST guideline? Yes or No - ANSWER-Yes
As for Reporting Instructions, is reauth required every three years? Yes
or No - ANSWER-No
What are the Phases of the SDLC - ANSWER-Initiation
Development/Acquisition
Implementation
Operation/Maintenance
Disposal
What are the 3 tier in Organizational Wide Risk Management? -
ANSWER-Tier 1 - Organization (Governance)
Tier 2 - Misson/Bussiness Process (Information and Infomation Flow)
Tier 3 - Information System (Enviroment of Operation)
What does Tier 1 Risk cover? - ANSWER-Governance
Methodologies
Techniques and Procedures
Mitigation Methods
Risk Tolerance
pg. 3
, Ongoing Monitoring
What does Tier 2 address? - ANSWER-Tier 2 addresses risk from a
mission and business process prespective and is guided by the risk
decisions in Tier 1
What does Tier 3 address? - ANSWER-Tier 3 addresses risk from an
information system perspective and is guided by the risk decisions at
Tiers 1 and Tier 2
What NIST SPs cover Security Architeture - ANSWER-SP-800-14, SP-
800-27 and SP-800-160
What are the four component of RMF - ANSWER-Frame (risk)
Assess (risk)
Respond (to risk one determied)
Monitor (risk on an ongoing basis)
Which two NIST SP provide management overview and risk assessment
guidance on risk management? - ANSWER-SP-800-37R1 - Guide to
Applying the Risk Management Framework to Federal Information
Systems
SP-800-39 - Managing Information Security Risk (superseded SP-800-
30
pg. 4
With Complete Questions And Correct Detailed Answers
(Verified Answers) |Already Graded A+
What is designed to force implementation of HSPD-12 Personal Identity
Verification criteria along with M05-24,M06-06,M-06-18,M08-01 and
M11-11. - ANSWER-M-04-04 E-Authentication Guidance for Federal
Agencies
What does M-06-15 Safeguarding PII require? - ANSWER-Requires
privacy policies for each agency and the public release of these policies
What does M-06-19 PII Reporting require? - ANSWER-Requires
reporting of potential PII data-breach events to Federal CERT within on
hour of their discovery.
What does M-07-16 Privacy and Privacy Reporting cover? - ANSWER-
Safeguarding PII
Breach Notification Policy
SAOP Reporting Metrics
-Information security systems (w/PII)
-PIA and SORNs
-Privacy Training
pg. 1
,-PIA and web privacy policies and processes
-Written privacy complaints
-SAOP advice and guidance
-Agency use of web management and customization technologies (e.g.
cookies)
Requires an agency-based incident handling policy.
Why was M-09-32 Trusted Internet Connections initiated? - ANSWER-
OMB started the TIC initiative to consolidate the number of external
access points, including internet connections, and to ensure that all
external connections are routed thru an OMB-approved TIC
What does OMB Memorandum 10-28, "Clarifying Cybersecurity
Responsibilities and Activities of the Executive Office of the President
and the Department of Homeland Security cover? - ANSWER-Set OMB
as Reporting agency and DHS and gathering agency for Cybersecurity
data and events.
What reporting instructions have changed for OMB M11-33/M11-
02/M12-02? - ANSWER-Cyberscope:
What is the purpose of the US Government Configuration Baseline
(USGCB)? - ANSWER-The USGCB initiative is to create a security
configuration baseline for IT product widely deployed across Federal
agencies
pg. 2
,As for Reporting Instructions, must the DOD and ODNI follow OMB
policy and NIST guideline? Yes or No - ANSWER-Yes
As for Reporting Instructions, is reauth required every three years? Yes
or No - ANSWER-No
What are the Phases of the SDLC - ANSWER-Initiation
Development/Acquisition
Implementation
Operation/Maintenance
Disposal
What are the 3 tier in Organizational Wide Risk Management? -
ANSWER-Tier 1 - Organization (Governance)
Tier 2 - Misson/Bussiness Process (Information and Infomation Flow)
Tier 3 - Information System (Enviroment of Operation)
What does Tier 1 Risk cover? - ANSWER-Governance
Methodologies
Techniques and Procedures
Mitigation Methods
Risk Tolerance
pg. 3
, Ongoing Monitoring
What does Tier 2 address? - ANSWER-Tier 2 addresses risk from a
mission and business process prespective and is guided by the risk
decisions in Tier 1
What does Tier 3 address? - ANSWER-Tier 3 addresses risk from an
information system perspective and is guided by the risk decisions at
Tiers 1 and Tier 2
What NIST SPs cover Security Architeture - ANSWER-SP-800-14, SP-
800-27 and SP-800-160
What are the four component of RMF - ANSWER-Frame (risk)
Assess (risk)
Respond (to risk one determied)
Monitor (risk on an ongoing basis)
Which two NIST SP provide management overview and risk assessment
guidance on risk management? - ANSWER-SP-800-37R1 - Guide to
Applying the Risk Management Framework to Federal Information
Systems
SP-800-39 - Managing Information Security Risk (superseded SP-800-
30
pg. 4
