NEW QUESTION 1
Which of the following DoD policies provides assistance on how to implement policy,
assign responsibilities, and prescribe procedures for applying integrated, layered protection of the DoD information systems and networks

• A. DoD 8500.1 Information Assurance (IA)
• B. DoDI 5200.40
• C. DoD 8510.1-M DITSCAP
• D. DoD 8500.2 Information Assurance Implementation

Answer: D

NEW QUESTION 2
Which of the following security controls will you use for the deployment phase of the SDLC to build secure software Each correct answer represents a complete solution. Choose all that apply.

• A. Risk Adjustments
• B. Security Certification and Accreditation (C&A)
• C. Vulnerability Assessment and Penetration Testing
• D. Change and Configuration Control

Answer: ABC

NEW QUESTION 3
Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems

• A. Computer Fraud and Abuse Act
• B. Computer Security Act
• C. Gramm-Leach-Bliley Act
• D. Digital Millennium Copyright Act

Answer: A

NEW QUESTION 4
Which of the following are the major tasks of risk management Each correct answer represents a complete solution. Choose two.

• A. Risk identification
• B. Building Risk free systems
• C. Assuring the integrity of organizational data
• D. Risk control

Answer: AD

NEW QUESTION 5
Which of the following refers to a process that is used for implementing information security

• A. Classic information security model
• B. Certification and Accreditation (C&A)
• C. Information Assurance (IA)
• D. Five Pillars model

Answer: B

NEW QUESTION 6
Which of the following elements of Registration task 4 defines the operating system, database management system, and software applications, and how they will be used

• A. System firmware
• B. System interface
• C. System software
• D. System hardware

Answer: C

NEW QUESTION 7
Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs

• A. User representative
• B. DAA
• C. Certification Agent
• D. IS program manager

Answer: D

NEW QUESTION 8
Which of the following acts is endorsed to provide a clear statement of the proscribed activity concerning computers to the law enforcement community, those who own and operate computers, and those tempted to commit crimes by unauthorized access to
computers

• A. Computer Fraud and Abuse Act
• B. Government Information Security Reform Act (GISRA)
• C. Computer Security Act
• D. Federal Information Security Management Act (FISMA)

Answer: A

NEW QUESTION 9
The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer Each correct answer represents a complete solution. Choose all that apply.

• A. Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan
• B. Preserving high-level communications and working group relationships in an organization
• C. Establishing effective continuous monitoring program for the organization
• D. Facilitating the sharing of security risk-related information among authorizing officials

Answer: ABC

NEW QUESTION 10
You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation of Federal Information Systems

• A. NIST Special Publication 800-59
• B. NIST Special Publication 800-37
• C. NIST Special Publication 800-60
• D. NIST Special Publication 800-53

Answer: B

NEW QUESTION 11
You work as an ISSE for BlueWell Inc. You want to break down user roles, processes, and information until ambiguity is reduced to a satisfactory degree. Which of the following tools will help you to perform the above task

• A. PERT Chart
• B. Gantt Chart
• C. Functional Flow Block Diagram
• D. Information Management Model (IMM)

Answer: D

NEW QUESTION 12
Fill in the blank with the appropriate phrase. provides instructions and directions for completing the Systems Security Authorization Agreement (SSAA).

• A. DoDI 5200.40

Answer: A

NEW QUESTION 13
Certification and Accreditation (C&A or CnA) is a process for implementing information
security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.

• A. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• B. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
• C. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• D. Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Answer: BC

NEW QUESTION 14
What NIACAP certification levels are recommended by the certifier Each correct answer represents a complete solution. Choose all that apply.

• A. Basic System Review
• B. Basic Security Review
• C. Maximum Analysis
• D. Comprehensive Analysis
• E. Detailed Analysis
• F. Minimum Analysis

Answer: BDEF

NEW QUESTION 15
You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of the following tests will help you to perform the above task

• A. Functional test
• B. Reliability test
• C. Performance test
• D. Regression test

Answer: A

NEW QUESTION 16
Which of the following individuals are part of the senior management and are responsible for authorization of individual systems, approving enterprise solutions, establishing security policies, providing funds, and maintaining an understanding of risks at all levels Each correct answer represents a complete solution. Choose all that apply.

• A. Chief Information Officer
• B. AO Designated Representative
• C. Senior Information Security Officer
• D. User Representative
• E. Authorizing Official

Answer: ABCE

NEW QUESTION 17
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy Each correct answer represents a part of the solution. Choose all that apply.

• A. What is being secured
• B. Who is expected to comply with the policy
• C. Where is the vulnerability, threat, or risk
• D. Who is expected to exploit the vulnerability

Answer: ABC

NEW QUESTION 18
You work as a systems engineer for BlueWell Inc. You are working on translating system requirements into detailed function criteria. Which of the following diagrams will help you to show all of the function requirements and their groupings in one diagram

• A. Activity diagram
• B. Functional flow block diagram (FFBD)
• C. Functional hierarchy diagram
• D. Timeline analysis diagram

Answer: C