NEW QUESTION 1
Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site

• A. ASSET
• B. NSA-IAM
• C. NIACAP
• D. DITSCAP

Answer: C

NEW QUESTION 2
Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls

• A. Certification and accreditation (C&A)
• B. Risk Management
• C. Information systems security engineering (ISSE)
• D. Information Assurance (IA)

Answer: A

NEW QUESTION 3
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed

• A. Level 4
• B. Level 5
• C. Level 1
• D. Level 2
• E. Level 3

Answer: A

NEW QUESTION 4
Which of the following NIST Special Publication documents provides a guideline on network security testing

• A. NIST SP 800-60
• B. NIST SP 800-37
• C. NIST SP 800-59
• D. NIST SP 800-42
• E. NIST SP 800-53A
• F. NIST SP 800-53

Answer: D

NEW QUESTION 5
Which of the following firewall types operates at the Network layer of the OSI model and can filter data by port, interface address, source address, and destination address

• A. Circuit-level gateway
• B. Application gateway
• C. Proxy server
• D. Packet Filtering

Answer: D

NEW QUESTION 6
Della works as a systems engineer for BlueWell Inc. She wants to convert system requirements into a comprehensive function standard, and break the higher-level functions into lower-level functions. Which of the following processes will Della use to accomplish the task

• A. Risk analysis
• B. Functional allocation
• C. Functional analysis
• D. Functional baseline

Answer: C

NEW QUESTION 7
Which of the following categories of system specification describes the technical, performance, operational, maintenance, and support characteristics for the entire system

• A. Process specification
• B. Product specification
• C. Development specification
• D. System specification

Answer: D

NEW QUESTION 8
Which of the following security controls is a set of layered security services that address communications and data security problems in the emerging Internet and intranet application space

• A. Internet Protocol Security (IPSec)
• B. Common data security architecture (CDSA)
• C. File encryptors
• D. Application program interface (API)

Answer: B

NEW QUESTION 9
The Concept of Operations (CONOPS) is a document describing the characteristics of a proposed system from the viewpoint of an individual who will use that system. Which of the following points are included in CONOPS Each correct answer represents a complete solution. Choose all that apply.

• A. Strategies, tactics, policies, and constraints affecting the system
• B. Organizations, activities, and interactions among participants and stakeholders
• C. Statement of the structure of the system
• D. Clear statement of responsibilities and authorities delegated
• E. Statement of the goals and objectives of the system

Answer: ABDE

NEW QUESTION 10
Which of the following configuration management system processes keeps track of the changes so that the latest acceptable configuration specifications are readily available

• A. Configuration Identification
• B. Configuration Verification and Audit
• C. Configuration Status and Accounting
• D. Configuration Control

Answer: C

NEW QUESTION 11
What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

• A. Conduct activities related to the disposition of the system data and objects.
• B. Combine validation results in DIACAP scorecard.
• C. Conduct validation activities.
• D. Execute and update IA implementation plan.

Answer: BCD

NEW QUESTION 12
Which of the following certification levels requires the completion of the minimum security checklist, and the system user or an independent certifier can complete the checklist

• A. CL 2
• B. CL 3
• C. CL 1
• D. CL 4

Answer: C

NEW QUESTION 13
Which of the following email lists is written for the technical audiences, and provides weekly summaries of security issues, new vulnerabilities, potential impact, patches and workarounds, as well as the actions recommended to mitigate risk

• A. Cyber Security Tip
• B. Cyber Security Alert
• C. Cyber Security Bulletin
• D. Technical Cyber Security Alert

Answer: C

NEW QUESTION 14
Which of the following CNSS policies describes the national policy on use of cryptomaterial by activities operating in high risk environments

• A. CNSSP N
• B. 14
• C. NCSC N
• D. 5
• E. NSTISSP N
• F. 6
• G. NSTISSP N
• H. 7

Answer: B

NEW QUESTION 15
Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information

• A. Federal Information Processing Standard (FIPS)
• B. Special Publication (SP)
• C. NISTIRs (Internal Reports)
• D. DIACAP by the United States Department of Defense (DoD)

Answer: B

NEW QUESTION 16
Which of the following terms describes the security of an information system against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users or the provision of service to unauthorized users

• A. Information Assurance (IA)
• B. Information Systems Security Engineering (ISSE)
• C. Information Protection Policy (IPP)
• D. Information systems security (InfoSec)

Answer: D

NEW QUESTION 17
Which of the following individuals is responsible for monitoring the information system
environment for factors that can negatively impact the security of the system and its accreditation

• A. Chief Information Officer
• B. Chief Information Security Officer
• C. Chief Risk Officer
• D. Information System Owner

Answer: D

NEW QUESTION 18
Which of the following agencies provides command and control capabilities and enterprise infrastructure to continuously operate and assure a global net-centric enterprise in direct support to joint warfighters, National level leaders, and other mission and coalition partners
across the full spectrum of operations

• A. DARPA
• B. DTIC
• C. DISA
• D. DIAP

Answer: C