FITSP Operator Study Set Questions and
Answers Graded A+
FIPS 199 - Correct answer-Security categorization based on impact levels
(Confidentiality, Integrity, Availability).
RMF Steps - Correct answer-Prepare, Categorize, Select, Implement, Assess,
Authorize, Monitor.
FISMA - Correct answer-Act requiring federal agencies to establish a security
program with annual reporting.
NIST Cybersecurity Framework Core Functions - Correct answer-Identify, Protect,
Detect, Respond, Recover.
Privacy Act of 1974 - Correct answer-Protect personally identifiable information
(PII) by requiring a valid reason for its collection and retention.
Digital Signature - Correct answer-A mechanism using a sender's private key to
ensure non-repudiation and integrity of a message.
OMB Circular A-130 - Correct answer-Policy for managing federal information
resources, including security and privacy guidelines.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,Symmetric vs Asymmetric Encryption - Correct answer-Symmetric uses the same
key for encryption and decryption; asymmetric uses a public/private key pair.
FIPS 199 Impact Levels - Correct answer-Low, Moderate, High.
SP 800-53A - Correct answer-Methods for assessing the effectiveness of security
controls.
CIA Triad - Correct answer-Confidentiality, Integrity, Availability.
SP 800-88 - Correct answer-Media sanitization - clearing, purging, and destruction.
HSPD-12 - Correct answer-Common Identification Standard for Federal
Employees.
SCAP - Correct answer-Security Content Automation Protocol.
FIPS 140-2 - Correct answer-Cryptographic module standards.
FIPS 200 - Correct answer-Minimum security requirements for federal information
systems.
SP 800-122 - Correct answer-Guide to protecting confidentiality of PII.
Risk Avoidance - Correct answer-Proactively eliminating risk by avoiding related
activities.
Risk Rejection - Correct answer-Ignoring or dismissing the existence of a risk.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
, Cold Site - Correct answer-A low-cost disaster recovery site with no pre-installed
equipment.
Hot Site - Correct answer-A high-cost disaster recovery site with pre-installed
equipment for rapid recovery.
RTO - Correct answer-Recovery Time Objective - the maximum time to restore
operations.
RPO - Correct answer-Recovery Point Objective - the acceptable data loss in case
of an incident.
Layer 7 Firewall - Correct answer-Inspects and filters traffic at the application
layer.
IDS vs IPS - Correct answer-IDS detects intrusions; IPS prevents intrusions.
Trojan - Correct answer-Malicious software disguised as legitimate.
Rootkit - Correct answer-Malicious software providing unauthorized
administrative access.
Backdoor Detection - Correct answer-Using HIDS or behavioral-based detection
for suspicious activity.
Worm - Correct answer-Self-propagating malicious code.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
Answers Graded A+
FIPS 199 - Correct answer-Security categorization based on impact levels
(Confidentiality, Integrity, Availability).
RMF Steps - Correct answer-Prepare, Categorize, Select, Implement, Assess,
Authorize, Monitor.
FISMA - Correct answer-Act requiring federal agencies to establish a security
program with annual reporting.
NIST Cybersecurity Framework Core Functions - Correct answer-Identify, Protect,
Detect, Respond, Recover.
Privacy Act of 1974 - Correct answer-Protect personally identifiable information
(PII) by requiring a valid reason for its collection and retention.
Digital Signature - Correct answer-A mechanism using a sender's private key to
ensure non-repudiation and integrity of a message.
OMB Circular A-130 - Correct answer-Policy for managing federal information
resources, including security and privacy guidelines.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,Symmetric vs Asymmetric Encryption - Correct answer-Symmetric uses the same
key for encryption and decryption; asymmetric uses a public/private key pair.
FIPS 199 Impact Levels - Correct answer-Low, Moderate, High.
SP 800-53A - Correct answer-Methods for assessing the effectiveness of security
controls.
CIA Triad - Correct answer-Confidentiality, Integrity, Availability.
SP 800-88 - Correct answer-Media sanitization - clearing, purging, and destruction.
HSPD-12 - Correct answer-Common Identification Standard for Federal
Employees.
SCAP - Correct answer-Security Content Automation Protocol.
FIPS 140-2 - Correct answer-Cryptographic module standards.
FIPS 200 - Correct answer-Minimum security requirements for federal information
systems.
SP 800-122 - Correct answer-Guide to protecting confidentiality of PII.
Risk Avoidance - Correct answer-Proactively eliminating risk by avoiding related
activities.
Risk Rejection - Correct answer-Ignoring or dismissing the existence of a risk.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
, Cold Site - Correct answer-A low-cost disaster recovery site with no pre-installed
equipment.
Hot Site - Correct answer-A high-cost disaster recovery site with pre-installed
equipment for rapid recovery.
RTO - Correct answer-Recovery Time Objective - the maximum time to restore
operations.
RPO - Correct answer-Recovery Point Objective - the acceptable data loss in case
of an incident.
Layer 7 Firewall - Correct answer-Inspects and filters traffic at the application
layer.
IDS vs IPS - Correct answer-IDS detects intrusions; IPS prevents intrusions.
Trojan - Correct answer-Malicious software disguised as legitimate.
Rootkit - Correct answer-Malicious software providing unauthorized
administrative access.
Backdoor Detection - Correct answer-Using HIDS or behavioral-based detection
for suspicious activity.
Worm - Correct answer-Self-propagating malicious code.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
