NEW QUESTION 1
Which of the following types of CNSS issuances describes how to implement the policy or prescribes the manner of a policy

• A. Advisory memoranda
• B. Instructions
• C. Policies
• D. Directives

Answer: B

NEW QUESTION 2
Which of the following is a type of security management for computers and networks in order to identify security breaches

• A. IPS
• B. IDS
• C. ASA
• D. EAP

Answer: B

NEW QUESTION 3
Which of the following are the functional analysis and allocation tools Each correct answer represents a complete solution. Choose all that apply.

• A. Functional flow block diagram (FFBD)
• B. Activity diagram
• C. Timeline analysis diagram
• D. Functional hierarchy diagram

Answer: ACD

NEW QUESTION 4
Which of the following processes illustrate the study of a technical nature of interest to focused audience, and consist of interim or final reports on work made by NIST for external
sponsors, including government and non-government sponsors

• A. Federal Information Processing Standards (FIPS)
• B. Special Publication (SP)
• C. NISTIRs (Internal Reports)
• D. DIACAP

Answer: C

NEW QUESTION 5
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199 Each correct answer represents a complete solution. Choose all that apply.

• A. High
• B. Medium
• C. Low
• D. Moderate

Answer: ABC

NEW QUESTION 6
Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response

• A. Enhancing
• B. Positive
• C. Opportunistic
• D. Exploiting

Answer: D

NEW QUESTION 7
Which of the following cooperative programs carried out by NIST conducts research to advance the nation's technology infrastructure

• A. Manufacturing Extension Partnership
• B. NIST Laboratories
• C. Baldrige National Quality Program
• D. Advanced Technology Program

Answer: B

NEW QUESTION 8
Which of the following tasks prepares the technical management plan in planning the technical effort

• A. Task 10
• B. Task 9
• C. Task 7
• D. Task 8

Answer: B

NEW QUESTION 9
Which of the following certification levels requires the completion of the minimum security checklist and more in-depth, independent analysis

• A. CL 3
• B. CL 4
• C. CL 2
• D. CL 1

Answer: A

NEW QUESTION 10
Which of the following principles are defined by the IATF model Each correct answer represents a complete solution. Choose all that apply.

• A. The degree to which the security of the system, as it is defined, designed, and implemented, meets the security needs.
• B. The problem space is defined by the customer's mission or business needs.
• C. The systems engineer and information systems security engineer define the solution space, which is driven by the problem space.
• D. Always keep the problem and solution spaces separate.

Answer: BCD

NEW QUESTION 11
Which of the following policies describes the national policy on the secure electronic messaging service

• A. NSTISSP N
• B. 11
• C. NSTISSP N
• D. 7
• E. NSTISSP N
• F. 6
• G. NSTISSP N
• H. 101

Answer: B

NEW QUESTION 12
Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy

• A. Networks and Infrastructures
• B. Supporting Infrastructures
• C. Enclave Boundaries
• D. Local Computing Environments

Answer: C

NEW QUESTION 13
Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

• A. Parkerian Hexad
• B. Five Pillars model
• C. Capability Maturity Model (CMM)
• D. Classic information security model

Answer: B

NEW QUESTION 14
FIPS 199 defines the three levels of potential impact on organizations low, moderate, and high. Which of the following are the effects of loss of confidentiality, integrity, or availability in a high level potential impact

• A. The loss of confidentiality, integrity, or availability might cause severe degradation in or loss of mission capability to an extent.
• B. The loss of confidentiality, integrity, or availability might result in major financial losses.
• C. The loss of confidentiality, integrity, or availability might result in a major damage to organizational assets.
• D. The loss of confidentiality, integrity, or availability might result in severe damages like life threatening injuries or loss of life.

Answer: ABCD

NEW QUESTION 15
You work as a security engineer for BlueWell Inc. According to you, which of the following statements determines the main focus of the ISSE process

• A. Design information systems that will meet the certification and accreditation documentation.
• B. Identify the information protection needs.
• C. Ensure information systems are designed and developed with functional relevance.
• D. Instruct systems engineers on availability, integrity, and confidentiality.

Answer: B

NEW QUESTION 16
Fill in the blank with an appropriate section name. is a section of the SEMP template, which specifies the methods and reasoning planned to build the requisite trade-offs between functionality, performance, cost, and risk.

• A. System Analysis

Answer: A

NEW QUESTION 17
Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators

• A. ISO 90012000
• B. Benchmarking
• C. SEI-CMM
• D. Six Sigma

Answer: A

NEW QUESTION 18
Which of the following cooperative programs carried out by NIST speed ups the development of modern technologies for broad, national benefit by co-funding research and development partnerships with the private sector

• A. Baldrige National Quality Program
• B. Advanced Technology Program
• C. Manufacturing Extension Partnership
• D. NIST Laboratories

Answer: B