NEW QUESTION 1
Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package

• A. Initiation
• B. Security Certification
• C. Continuous Monitoring
• D. Security Accreditation

Answer: D

NEW QUESTION 2
Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information

• A. Type III cryptography
• B. Type III (E) cryptography
• C. Type II cryptography
• D. Type I cryptography

Answer: D

NEW QUESTION 3
Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities

• A. Advisory memoranda
• B. Directives
• C. Instructions
• D. Policies

Answer: D

NEW QUESTION 4
Which of the following security controls is a set of layered security services that address communications and data security problems in the emerging Internet and intranet application space

• A. Internet Protocol Security (IPSec)
• B. Common data security architecture (CDSA)
• C. File encryptors
• D. Application program interface (API)

Answer: B

NEW QUESTION 5
Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology systems and architectures and of the decision criteria which is used to evaluate security for information systems investments

• A. OMB M-00-13
• B. OMB M-99-18
• C. OMB M-00-07
• D. OMB M-03-19

Answer: C

NEW QUESTION 6
NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews

• A. Abbreviated
• B. Significant
• C. Substantial
• D. Comprehensive

Answer: A

NEW QUESTION 7
You work as a security engineer for BlueWell Inc. According to you, which of the following DITSCAPNIACAP model phases occurs at the initiation of the project, or at the initial C&A effort of a legacy system

• A. Post Accreditation
• B. Definition
• C. Verification
• D. Validation

Answer: B

NEW QUESTION 8
In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47, do the organizations build and execute a plan for establishing the interconnection, including executing or configuring appropriate security controls

• A. Establishing the interconnection
• B. Planning the interconnection
• C. Disconnecting the interconnection
• D. Maintaining the interconnection

Answer: A

NEW QUESTION 9
Which of the following is a type of security management for computers and networks in order to identify security breaches

• A. IPS
• B. IDS
• C. ASA
• D. EAP

Answer: B

NEW QUESTION 10
Which of the following protocols is built in the Web server and browser to encrypt data traveling over the Internet

• A. UDP
• B. SSL
• C. IPSec
• D. HTTP

Answer: B

NEW QUESTION 11
Which of the following DITSCAPNIACAP model phases is used to confirm that the evolving system development and integration complies with the agreements between role players documented in the first phase

• A. Verification
• B. Validation
• C. Post accreditation
• D. Definition

Answer: A

NEW QUESTION 12
Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the international information security standards Each correct answer represents a complete solution. Choose all that apply.

• A. Organization of information security
• B. Human resources security
• C. Risk assessment and treatment
• D. AU audit and accountability

Answer: ABC

NEW QUESTION 13
The DoD 8500 policy series represents the Department's information assurance strategy. Which of the following objectives are defined by the DoD 8500 series Each correct answer represents a complete solution. Choose all that apply.

• A. Providing IA Certification and Accreditation
• B. Providing command and control and situational awareness
• C. Defending systems
• D. Protecting information

Answer: BCD

NEW QUESTION 14
Which of the following is designed to detect unwanted attempts at accessing, manipulating, and disabling of computer systems through the Internet

• A. DAS
• B. IDS
• C. ACL
• D. Ipsec

Answer: B

NEW QUESTION 15
Which of the following categories of system specification describes the technical, performance, operational, maintenance, and support characteristics for the entire system

• A. Process specification
• B. Product specification
• C. Development specification
• D. System specification

Answer: D

NEW QUESTION 16
Which of the following federal laws is designed to protect computer data from theft

• A. Federal Information Security Management Act (FISMA)
• B. Computer Fraud and Abuse Act (CFAA)
• C. Government Information Security Reform Act (GISRA)
• D. Computer Security Act

Answer: B

NEW QUESTION 17
There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event

• A. Acceptance
• B. Enhance
• C. Share
• D. Exploit

Answer: A