NEW QUESTION 1
Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should respond to the risk with the preplanned risk response

• A. Project sponsor
• B. Risk owner
• C. Diane
• D. Subject matter expert

Answer: B

NEW QUESTION 2
What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

• A. Develop DIACAP strategy.
• B. Initiate IA implementation plan.
• C. Conduct validation activity.
• D. Assemble DIACAP team.
• E. Register system with DoD Component IA Program.
• F. Assign IA controls.

Answer: ABDEF

NEW QUESTION 3
Which of the following principles are defined by the IATF model Each correct answer represents a complete solution. Choose all that apply.

• A. The degree to which the security of the system, as it is defined, designed, and implemented, meets the security needs.
• B. The problem space is defined by the customer's mission or business needs.
• C. The systems engineer and information systems security engineer define the solution space, which is driven by the problem space.
• D. Always keep the problem and solution spaces separate.

Answer: BCD

NEW QUESTION 4
Which of the following acts assigns the Chief Information Officers (CIO) with the responsibility to develop Information Technology Architectures (ITAs) and is also referred to as the Information Technology Management Reform Act (ITMRA)

• A. Paperwork Reduction Act
• B. Computer Misuse Act
• C. Lanham Act
• D. Clinger Cohen Act

Answer: D

NEW QUESTION 5
Which of the following is the acronym of RTM

• A. Resource tracking method
• B. Requirements Testing Matrix
• C. Requirements Traceability Matrix
• D. Resource timing method

Answer: C

NEW QUESTION 6
The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on behalf of the performing organization. Which one of the following is NOT an example of the transference risk response

• A. Warranties
• B. Performance bonds
• C. Use of insurance
• D. Life cycle costing

Answer: D

NEW QUESTION 7
You work as an ISSE for BlueWell Inc. You want to break down user roles, processes, and information until ambiguity is reduced to a satisfactory degree. Which of the following tools will help you to perform the above task

• A. PERT Chart
• B. Gantt Chart
• C. Functional Flow Block Diagram
• D. Information Management Model (IMM)

Answer: D

NEW QUESTION 8
Which of the following memorandums reminds the Federal agencies that it is required by law and policy to establish clear privacy policies for Web activities and to comply with those policies

• A. OMB M-01-08
• B. OMB M-03-19
• C. OMB M-00-07
• D. OMB M-00-13

Answer: D

NEW QUESTION 9
Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems

• A. National Security AgencyCentral Security Service (NSACSS)
• B. National Institute of Standards and Technology (NIST)
• C. United States Congress
• D. Committee on National Security Systems (CNSS)

Answer: D

NEW QUESTION 10
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3 Each correct answer represents a complete solution. Choose all that apply.

• A. Agree on a strategy to mitigate risks.
• B. Evaluate mitigation progress and plan next assessment.
• C. Identify threats, vulnerabilities, and controls that will be evaluated.
• D. Document and implement a mitigation plan.

Answer: ABD

NEW QUESTION 11
Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which of the following is the correct order of C&A phases in a DITSCAP assessment

• A. Definition, Validation, Verification, and Post Accreditation
• B. Verification, Definition, Validation, and Post Accreditation
• C. Verification, Validation, Definition, and Post Accreditation
• D. Definition, Verification, Validation, and Post Accreditation

Answer: D

NEW QUESTION 12
The principle of the SEMP is not to repeat the information, but rather to ensure that there are processes in place to conduct those functions. Which of the following sections of the SEMP template describes the work authorization procedures as well as change management approval processes

• A. Section 3.1.8
• B. Section 3.1.9
• C. Section 3.1.5
• D. Section 3.1.7

Answer: B

NEW QUESTION 13
Which of the following DoD policies establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels

• A. DoD 8500.1 Information Assurance (IA)
• B. DoD 8500.2 Information Assurance Implementation
• C. DoDI 5200.40
• D. DoD 8510.1-M DITSCAP

Answer: B

NEW QUESTION 14
Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards Each correct answer represents a complete solution. Choose all that apply.

• A. CA Certification, Accreditation, and Security Assessments
• B. Information systems acquisition, development, and maintenance
• C. IR Incident Response
• D. SA System and Services Acquisition

Answer: ACD

NEW QUESTION 15
Which of the following organizations assists the President in overseeing the preparation of the federal budget and to supervise its administration in Executive Branch agencies

• A. NSACSS
• B. OMB
• C. DCAA
• D. NIST

Answer: B

NEW QUESTION 16
Which of the following certification levels requires the completion of the minimum security checklist and more in-depth, independent analysis

• A. CL 3
• B. CL 4
• C. CL 2
• D. CL 1

Answer: A

NEW QUESTION 17
Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle

• A. Phase 1, Definition
• B. Phase 3, Validation
• C. Phase 4, Post Accreditation Phase
• D. Phase 2, Verification

Answer: C

NEW QUESTION 18
Which of the following federal laws is designed to protect computer data from theft

• A. Federal Information Security Management Act (FISMA)
• B. Computer Fraud and Abuse Act (CFAA)
• C. Government Information Security Reform Act (GISRA)
• D. Computer Security Act

Answer: B

NEW QUESTION 19
You work as a systems engineer for BlueWell Inc. You want to communicate the quantitative and qualitative system characteristics to all stakeholders. Which of the following documents will you use to achieve the above task

• A. IMM
• B. CONOPS
• C. IPP
• D. System Security Context

Answer: B