NEW QUESTION 1
The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.

• A. Security operations
• B. Continue to review and refine the SSAA
• C. Change management
• D. Compliance validation
• E. System operations
• F. Maintenance of the SSAA

Answer: ACDEF

NEW QUESTION 2
The Concept of Operations (CONOPS) is a document describing the characteristics of a proposed system from the viewpoint of an individual who will use that system. Which of the following points are included in CONOPS Each correct answer represents a complete solution. Choose all that apply.

• A. Strategies, tactics, policies, and constraints affecting the system
• B. Organizations, activities, and interactions among participants and stakeholders
• C. Statement of the structure of the system
• D. Clear statement of responsibilities and authorities delegated
• E. Statement of the goals and objectives of the system

Answer: ABDE

NEW QUESTION 3
Which of the following approaches can be used to build a security program Each correct answer represents a complete solution. Choose all that apply.

• A. Right-Up Approach
• B. Left-Up Approach
• C. Bottom-Up Approach
• D. Top-Down Approach

Answer: CD

NEW QUESTION 4
Which of the following agencies serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related information available today

• A. DISA
• B. DIAP
• C. DTIC
• D. DARPA

Answer: C

NEW QUESTION 5
Which of the following phases of the ISSE model is used to determine why the system needs to be built and what information needs to be protected

• A. Develop detailed security design
• B. Define system security requirements
• C. Discover information protection needs
• D. Define system security architecture

Answer: C

NEW QUESTION 6
The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on behalf of the performing organization. Which one of the following is NOT an example of the transference risk response

• A. Warranties
• B. Performance bonds
• C. Use of insurance
• D. Life cycle costing

Answer: D

NEW QUESTION 7
You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of the following tests will help you to perform the above task

• A. Functional test
• B. Reliability test
• C. Performance test
• D. Regression test

Answer: A

NEW QUESTION 8
FIPS 199 defines the three levels of potential impact on organizations low, moderate, and high. Which of the following are the effects of loss of confidentiality, integrity, or availability in a high level potential impact

• A. The loss of confidentiality, integrity, or availability might cause severe degradation in or loss of mission capability to an extent.
• B. The loss of confidentiality, integrity, or availability might result in major financial losses.
• C. The loss of confidentiality, integrity, or availability might result in a major damage to organizational assets.
• D. The loss of confidentiality, integrity, or availability might result in severe damages like life threatening injuries or loss of life.

Answer: ABCD

NEW QUESTION 9
Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems

• A. National Security AgencyCentral Security Service (NSACSS)
• B. National Institute of Standards and Technology (NIST)
• C. United States Congress
• D. Committee on National Security Systems (CNSS)

Answer: D

NEW QUESTION 10
You work as a Network Administrator for PassGuide Inc. You need to secure web services of your company in order to have secure transactions. Which of the following will you recommend for providing security

• A. HTTP
• B. VPN
• C. SMIME
• D. SSL

Answer: D

NEW QUESTION 11
FIPS 199 defines the three levels of potential impact on organizations. Which of the following potential impact levels shows limited adverse effects on organizational operations, organizational assets, or individuals

• A. Moderate
• B. Medium
• C. High
• D. Low

Answer: D

NEW QUESTION 12
Fill in the blank with an appropriate phrase. The process is used for allocating performance and designing the requirements to each function.

• A. functional allocation

Answer: A

NEW QUESTION 13
You work as a security manager for BlueWell Inc. You are going through the NIST SP 800- 37 C&A methodology, which is based on four well defined phases. In which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occur

• A. Continuous Monitoring
• B. Initiation
• C. Security Certification
• D. Security Accreditation

Answer: B

NEW QUESTION 14
Which of the following are the major tasks of risk management Each correct answer represents a complete solution. Choose two.

• A. Risk identification
• B. Building Risk free systems
• C. Assuring the integrity of organizational data
• D. Risk control

Answer: AD

NEW QUESTION 15
Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators

• A. ISO 90012000
• B. Benchmarking
• C. SEI-CMM
• D. Six Sigma

Answer: A

NEW QUESTION 16
Which of the following agencies is responsible for funding the development of many technologies such as computer networking, as well as NLS

• A. DARPA
• B. DTIC
• C. DISA
• D. DIAP

Answer: A

NEW QUESTION 17
Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident

• A. Corrective controls
• B. Safeguards
• C. Detective controls
• D. Preventive controls

Answer: A