NEW QUESTION 1
Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production
Each correct answer represents a part of the solution. Choose all that apply.

• A. Office of Management and Budget (OMB)
• B. NIST
• C. FISMA
• D. FIPS

Answer: C

NEW QUESTION 2
Which of the following Registration Tasks sets up the business or operational functional description and system identification

• A. Registration Task 2
• B. Registration Task 1
• C. Registration Task 3
• D. Registration Task 4

Answer: B

NEW QUESTION 3
Which of the following assessment methodologies defines a six-step technical security evaluation

• A. FITSAF
• B. OCTAVE
• C. FIPS 102
• D. DITSCAP

Answer: C

NEW QUESTION 4
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199 Each correct answer represents a complete solution. Choose all that apply.

• A. High
• B. Medium
• C. Low
• D. Moderate

Answer: ABC

NEW QUESTION 5
Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process

• A. Chief Information Officer
• B. Authorizing Official
• C. Common Control Provider
• D. Senior Agency Information Security Officer

Answer: C

NEW QUESTION 6
You work as a security engineer for BlueWell Inc. You are working on the ISSE model. In
which of the following phases of the ISSE model is the system defined in terms of what security is needed

• A. Define system security architecture
• B. Develop detailed security design
• C. Discover information protection needs
• D. Define system security requirements

Answer: D

NEW QUESTION 7
Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart

• A. Risk response plan
• B. Quantitative analysis
• C. Risk response
• D. Contingency reserve

Answer: D

NEW QUESTION 8
In which of the following DIACAP phases is residual risk analyzed

• A. Phase 2
• B. Phase 3
• C. Phase 5
• D. Phase 1
• E. Phase 4

Answer: E

NEW QUESTION 9
Which of the following configuration management system processes keeps track of the changes so that the latest acceptable configuration specifications are readily available

• A. Configuration Identification
• B. Configuration Verification and Audit
• C. Configuration Status and Accounting
• D. Configuration Control

Answer: C

NEW QUESTION 10
Fill in the blank with an appropriate phrase. The helps the customer understand and document the information management needs that support the business or mission.

• A. systems engineer

Answer: A

NEW QUESTION 11
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed

• A. Level 4
• B. Level 5
• C. Level 1
• D. Level 2
• E. Level 3

Answer: A

NEW QUESTION 12
Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system

• A. Phase 3
• B. Phase 2
• C. Phase 4
• D. Phase 1

Answer: B

NEW QUESTION 13
The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer Each correct answer represents a complete solution. Choose all that apply.

• A. Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan
• B. Preserving high-level communications and working group relationships in an organization
• C. Establishing effective continuous monitoring program for the organization
• D. Facilitating the sharing of security risk-related information among authorizing officials

Answer: ABC

NEW QUESTION 14
Which of the following statements is true about residual risks

• A. It can be considered as an indicator of threats coupled with vulnerability.
• B. It is a weakness or lack of safeguard that can be exploited by a threat.
• C. It is the probabilistic risk after implementing all security measures.
• D. It is the probabilistic risk before implementing all security measures.

Answer: C

NEW QUESTION 15
What are the responsibilities of a system owner Each correct answer represents a complete solution. Choose all that apply.

• A. Integrates security considerations into application and system purchasing decisions and development projects.
• B. Ensures that the necessary security controls are in place.
• C. Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on.
• D. Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.

Answer: ACD

NEW QUESTION 16
Which of the following Registration Tasks sets up the system architecture description, and describes the C&A boundary

• A. Registration Task 3
• B. Registration Task 4
• C. Registration Task 2
• D. Registration Task 1

Answer: B

NEW QUESTION 17
You work as an ISSE for BlueWell Inc. You want to break down user roles, processes, and information until ambiguity is reduced to a satisfactory degree. Which of the following tools will help you to perform the above task

• A. PERT Chart
• B. Gantt Chart
• C. Functional Flow Block Diagram
• D. Information Management Model (IMM)

Answer: D