NEW QUESTION 1
The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE Each correct answer represents a complete solution. Choose all that apply.

• A. An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
• B. An ISSE provides advice on the impacts of system changes.
• C. An ISSE provides advice on the continuous monitoring of the information system.
• D. An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
• E. An ISSO takes part in the development activities that are required to implement system changes.

Answer: BCD

NEW QUESTION 2
Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process

• A. Authorizing Official
• B. Information system owner
• C. Chief Information Officer (CIO)
• D. Chief Risk Officer (CRO)

Answer: B

NEW QUESTION 3
Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one

• A. Configuration Item Costing
• B. Configuration Identification
• C. Configuration Verification and Auditing
• D. Configuration Status Accounting

Answer: A

NEW QUESTION 4
Which of the following tasks obtains the customer agreement in planning the technical effort

• A. Task 9
• B. Task 11
• C. Task 8
• D. Task 10

Answer: B

NEW QUESTION 5
You work as a system engineer for BlueWell Inc. Which of the following documents will help you to describe the detailed plans, procedures, and schedules to guide the transition process

• A. Configuration management plan
• B. Transition plan
• C. Systems engineering management plan (SEMP)
• D. Acquisition plan

Answer: B

NEW QUESTION 6
Which of the following memorandums reminds the Federal agencies that it is required by law and policy to establish clear privacy policies for Web activities and to comply with those policies

• A. OMB M-01-08
• B. OMB M-03-19
• C. OMB M-00-07
• D. OMB M-00-13

Answer: D

NEW QUESTION 7
Which of the following federal agencies coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produces foreign intelligence information

• A. National Institute of Standards and Technology (NIST)
• B. National Security AgencyCentral Security Service (NSACSS)
• C. Committee on National Security Systems (CNSS)
• D. United States Congress

Answer: B

NEW QUESTION 8
Which of the following organizations incorporates building secure audio and video
communications equipment, making tamper protection products, and providing trusted microelectronics solutions

• A. DTIC
• B. NSA IAD
• C. DIAP
• D. DARPA

Answer: B

NEW QUESTION 9
Which of the following cooperative programs carried out by NIST encourages performance excellence among U.S. manufacturers, service companies, educational institutions, and healthcare providers

• A. Manufacturing Extension Partnership
• B. Baldrige National Quality Program
• C. Advanced Technology Program
• D. NIST Laboratories

Answer: B

NEW QUESTION 10
You work as a security engineer for BlueWell Inc. According to you, which of the following statements determines the main focus of the ISSE process

• A. Design information systems that will meet the certification and accreditation documentation.
• B. Identify the information protection needs.
• C. Ensure information systems are designed and developed with functional relevance.
• D. Instruct systems engineers on availability, integrity, and confidentiality.

Answer: B

NEW QUESTION 11
Fill in the blank with an appropriate section name. is a section of the SEMP template, which specifies the methods and reasoning planned to build the requisite trade-offs between functionality, performance, cost, and risk.

• A. System Analysis

Answer: A

NEW QUESTION 12
Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs

• A. User representative
• B. DAA
• C. Certification Agent
• D. IS program manager

Answer: D

NEW QUESTION 13
Which of the following cooperative programs carried out by NIST conducts research to advance the nation's technology infrastructure

• A. Manufacturing Extension Partnership
• B. NIST Laboratories
• C. Baldrige National Quality Program
• D. Advanced Technology Program

Answer: B

NEW QUESTION 14
Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle

• A. Phase 1, Definition
• B. Phase 3, Validation
• C. Phase 4, Post Accreditation Phase
• D. Phase 2, Verification

Answer: C

NEW QUESTION 15
Which of the following DoD policies provides assistance on how to implement policy,
assign responsibilities, and prescribe procedures for applying integrated, layered protection of the DoD information systems and networks

• A. DoD 8500.1 Information Assurance (IA)
• B. DoDI 5200.40
• C. DoD 8510.1-M DITSCAP
• D. DoD 8500.2 Information Assurance Implementation

Answer: D

NEW QUESTION 16
Which of the following are the subtasks of the Define Life-Cycle Process Concepts task Each correct answer represents a complete solution. Choose all that apply.

• A. Training
• B. Personnel
• C. Control
• D. Manpower

Answer: ABD

NEW QUESTION 17
Which of the following describes a residual risk as the risk remaining after a risk mitigation has occurred

• A. SSAA
• B. ISSO
• C. DAA
• D. DIACAP

Answer: D