NEW QUESTION 1
Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system

• A. Phase 3
• B. Phase 2
• C. Phase 4
• D. Phase 1

Answer: B

NEW QUESTION 2
Which of the following elements of Registration task 4 defines the operating system, database management system, and software applications, and how they will be used

• A. System firmware
• B. System interface
• C. System software
• D. System hardware

Answer: C

NEW QUESTION 3
Which of the following NIST Special Publication documents provides a guideline on network security testing

• A. NIST SP 800-60
• B. NIST SP 800-37
• C. NIST SP 800-59
• D. NIST SP 800-42
• E. NIST SP 800-53A
• F. NIST SP 800-53

Answer: D

NEW QUESTION 4
Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology systems and architectures and of the decision criteria which is used to evaluate security for information systems investments

• A. OMB M-00-13
• B. OMB M-99-18
• C. OMB M-00-07
• D. OMB M-03-19

Answer: C

NEW QUESTION 5
Which of the following phases of the ISSE model is used to determine why the system needs to be built and what information needs to be protected

• A. Develop detailed security design
• B. Define system security requirements
• C. Discover information protection needs
• D. Define system security architecture

Answer: C

NEW QUESTION 6
Fill in the blank with the appropriate phrase. The is the risk that remains after the implementation of new or enhanced controls.

• A. residual risk

Answer: A

NEW QUESTION 7
Certification and Accreditation (C&A or CnA) is a process for implementing information
security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.

• A. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• B. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
• C. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• D. Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Answer: BC

NEW QUESTION 8
Which of the following acts promote a risk-based policy for cost effective security Each correct answer represents a part of the solution. Choose all that apply.

• A. Clinger-Cohen Act
• B. Lanham Act
• C. Paperwork Reduction Act (PRA)
• D. Computer Misuse Act

Answer: AC

NEW QUESTION 9
Which of the following responsibilities are executed by the federal program manager

• A. Ensure justification of expenditures and investment in systems engineering activities.
• B. Coordinate activities to obtain funding.
• C. Review project deliverables.
• D. Review and approve project plans.

Answer: ABD

NEW QUESTION 10
Which of the following agencies serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related information available today

• A. DISA
• B. DIAP
• C. DTIC
• D. DARPA

Answer: C

NEW QUESTION 11
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199 Each correct answer represents a complete solution. Choose all that apply.

• A. High
• B. Medium
• C. Low
• D. Moderate

Answer: ABC

NEW QUESTION 12
Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy

• A. Trusted computing base (TCB)
• B. Common data security architecture (CDSA)
• C. Internet Protocol Security (IPSec)
• D. Application program interface (API)

Answer: A

NEW QUESTION 13
Which of the following sections of the SEMP template defines the project constraints, to include constraints on funding, personnel, facilities, manufacturing capability and capacity, critical resources, and other constraints

• A. Section 3.1.5
• B. Section 3.1.8
• C. Section 3.1.9
• D. Section 3.1.7

Answer: B

NEW QUESTION 14
Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply.

• A. Chief Information Officer
• B. AO Designated Representative
• C. Senior Information Security Officer
• D. User Representative
• E. Authorizing Official

Answer: ABCE

NEW QUESTION 15
Which of the following are the major tasks of risk management Each correct answer represents a complete solution. Choose two.

• A. Risk identification
• B. Building Risk free systems
• C. Assuring the integrity of organizational data
• D. Risk control

Answer: AD

NEW QUESTION 16
Which of the following types of CNSS issuances describes how to implement the policy or prescribes the manner of a policy

• A. Advisory memoranda
• B. Instructions
• C. Policies
• D. Directives

Answer: B

NEW QUESTION 17
Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information

• A. Federal Information Processing Standard (FIPS)
• B. Special Publication (SP)
• C. NISTIRs (Internal Reports)
• D. DIACAP by the United States Department of Defense (DoD)

Answer: B

NEW QUESTION 18
Which of the following rated systems of the Orange book has mandatory protection of the TCB

• A. C-rated
• B. B-rated
• C. D-rated
• D. A-rated

Answer: B

NEW QUESTION 19
Which of the following elements of Registration task 4 defines the system's external interfaces as well as the purpose of each external interface, and the relationship between the interface and the system

• A. System firmware
• B. System software
• C. System interface
• D. System hardware

Answer: C