NEW QUESTION 1
Which of the following federal laws establishes roles and responsibilities for information security, risk management, testing, and training, and authorizes NIST and NSA to provide guidance for security planning and implementation

• A. Computer Fraud and Abuse Act
• B. Government Information Security Reform Act (GISRA)
• C. Federal Information Security Management Act (FISMA)
• D. Computer Security Act

Answer: B

NEW QUESTION 2
Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology systems and architectures and of the decision criteria which is used to evaluate security for information systems investments

• A. OMB M-00-13
• B. OMB M-99-18
• C. OMB M-00-07
• D. OMB M-03-19

Answer: C

NEW QUESTION 3
Which of the following is a 1996 United States federal law, designed to improve the way the federal government acquires, uses, and disposes information technology

• A. Lanham Act
• B. Clinger-Cohen Act
• C. Computer Misuse Act
• D. Paperwork Reduction Act

Answer: B

NEW QUESTION 4
NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews

• A. Abbreviated
• B. Significant
• C. Substantial
• D. Comprehensive

Answer: A

NEW QUESTION 5
Which of the following elements are described by the functional requirements task Each correct answer represents a complete solution. Choose all that apply.

• A. Coverage
• B. Accuracy
• C. Quality
• D. Quantity

Answer: ACD

NEW QUESTION 6
Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information

• A. NSTISSP N
• B. 11
• C. NSTISSP N
• D. 101
• E. NSTISSP N
• F. 7
• G. NSTISSP N
• H. 6

Answer: D

NEW QUESTION 7
The principle of the SEMP is not to repeat the information, but rather to ensure that there are processes in place to conduct those functions. Which of the following sections of the SEMP template describes the work authorization procedures as well as change management approval processes

• A. Section 3.1.8
• B. Section 3.1.9
• C. Section 3.1.5
• D. Section 3.1.7

Answer: B

NEW QUESTION 8
Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats

• A. System Security Context
• B. Information Protection Policy (IPP)
• C. CONOPS
• D. IMM

Answer: B

NEW QUESTION 9
Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information

• A. Type III cryptography
• B. Type III (E) cryptography
• C. Type II cryptography
• D. Type I cryptography

Answer: D

NEW QUESTION 10
Which of the following protocols is used to establish a secure terminal to a remote network device

• A. WEP
• B. SMTP
• C. SSH
• D. IPSec

Answer: C

NEW QUESTION 11
The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE Each correct answer represents a complete solution. Choose all that apply.

• A. An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
• B. An ISSE provides advice on the impacts of system changes.
• C. An ISSE provides advice on the continuous monitoring of the information system.
• D. An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
• E. An ISSO takes part in the development activities that are required to implement system changes.

Answer: BCD

NEW QUESTION 12
Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy

• A. Trusted computing base (TCB)
• B. Common data security architecture (CDSA)
• C. Internet Protocol Security (IPSec)
• D. Application program interface (API)

Answer: A

NEW QUESTION 13
Which of the following organizations incorporates building secure audio and video
communications equipment, making tamper protection products, and providing trusted microelectronics solutions

• A. DTIC
• B. NSA IAD
• C. DIAP
• D. DARPA

Answer: B

NEW QUESTION 14
Which of the following sections of the SEMP template defines the project constraints, to include constraints on funding, personnel, facilities, manufacturing capability and capacity, critical resources, and other constraints

• A. Section 3.1.5
• B. Section 3.1.8
• C. Section 3.1.9
• D. Section 3.1.7

Answer: B

NEW QUESTION 15
Fill in the blank with an appropriate phrase. A is defined as any activity that has an effect on defining, designing, building, or executing a task, requirement, or procedure.

• A. technical effort

Answer: A

NEW QUESTION 16
Which of the following elements of Registration task 4 defines the system's external interfaces as well as the purpose of each external interface, and the relationship between the interface and the system

• A. System firmware
• B. System software
• C. System interface
• D. System hardware

Answer: C

NEW QUESTION 17
Which of the following cooperative programs carried out by NIST provides a nationwide network of local centers offering technical and business assistance to small manufacturers

• A. NIST Laboratories
• B. Advanced Technology Program
• C. Manufacturing Extension Partnership
• D. Baldrige National Quality Program

Answer: C

NEW QUESTION 18
Which of the following statements is true about residual risks

• A. It can be considered as an indicator of threats coupled with vulnerability.
• B. It is a weakness or lack of safeguard that can be exploited by a threat.
• C. It is the probabilistic risk after implementing all security measures.
• D. It is the probabilistic risk before implementing all security measures.

Answer: C