EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following are the most important tasks of the Information Management Plan (IMP) Each correct answer represents a complete solution. Choose all that apply.

Question2: Which of the following tasks prepares the technical management plan in planning the technical effort

Question3: In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47, do the organizations build and execute a plan for establishing the interconnection, including executing or configuring appropriate security controls

Question4: Which of the following organizations assists the President in overseeing the preparation of the federal budget and to supervise its administration in Executive Branch agencies

Question5: Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs

Question6: Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which of the following is the correct order of C&A phases in a DITSCAP assessment

Question7: Which of the following is a document, usually in the form of a table, that correlates any two baseline documents that require a many-to-many relationship to determine the completeness of the relationship

Question8: The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation Each correct answer represents a complete solution. Choose all that apply.

Question9: You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control

Question10: Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense

Question11: Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information

Question12: Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the international information security standards Each correct answer represents a complete solution. Choose all that apply.

Question13: Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that the system requires C&A Support

Question14: SIMULATION
For interactive and self-paced preparation of exam ISSEP, try our practice exams.
Practice exams also include self assessment and reporting features!
Fill in the blank with an appropriate word. _______ has the goal to securely interconnect people and systems independent of time or location.

Question15: Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards Each correct answer represents a complete solution. Choose all that apply.

Question16: SIMULATION
Fill in the blank with an appropriate phrase. A ____________________ is defined as any activity that has an effect on defining, designing, building, or executing a task, requirement, or procedure.

Question17: Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual

Question18: Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system

Question19: Which of the following cooperative programs carried out by NIST provides a nationwide network of local centers offering technical and business assistance to small manufacturers

Question20: SIMULATION
Fill in the blank with an appropriate section name. _________________ is a section of the SEMP template, which specifies the methods and reasoning planned to build the requisite trade-offs between functionality, performance, cost, and risk.

Question21: The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE Each correct answer represents a complete solution. Choose all that apply.

Question22: Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response

Question23: Which of the following CNSS policies describes the national policy on controlled access protection

Question24: A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy Each correct answer represents a part of the solution. Choose all that apply.

Question25: Which of the following sections of the SEMP template defines the project constraints, to include constraints on funding, personnel, facilities, manufacturing capability and capacity, critical resources, and other constraints

Question26: Which of the following DITSCAPNIACAP model phases is used to confirm that the evolving system development and integration complies with the agreements between role players documented in the first phase

Question27: Which of the following is a type of security management for computers and networks in order to identify security breaches

Question28: You work as a systems engineer for BlueWell Inc. You are working on translating system requirements into detailed function criteria. Which of the following diagrams will help you to show all of the function requirements and their groupings in one diagram

Question29: Which of the following processes provides guidance to the system designers and form the basis of major events in the acquisition phases, such as testing the products for system integration

Question30: Which of the following DoD policies establishes policies and assigns responsibilities to achieve DoD IA through a defense-in-depth approach that integrates the capabilities of personnel, operations, and technology, and supports the evolution to network-centric warfare

Question31: Which of the following terms describes the measures that protect and support information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

Question32: Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one

Question33: Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology systems and architectures and of the decision criteria which is used to evaluate security for information systems investments

Question34: Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non- repudiation

Question35: Which of the CNSS policies describes the national policy on certification and accreditation of national security telecommunications and information systems

Question36: You have been tasked with finding an encryption methodology that will encrypt most types of email attachments. The requirements are that your solution must use the RSA algorithm. Which of the following is your best choice

Question37: The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3 Each correct answer represents a complete solution.
Choose all that apply.

Question38: Which of the following certification levels requires the completion of the minimum security checklist and more in-depth, independent analysis

Question39: Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task

Question40: Della works as a systems engineer for BlueWell Inc. She wants to convert system requirements into a comprehensive function standard, and break the higher-level functions into lower-level functions. Which of the following processes will Della use to accomplish the task

Question41: Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart

Question42: SIMULATION
Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after the implementation of new or enhanced controls.

Question43: Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site

Question44: SIMULATION
Fill in the blank with an appropriate phrase. __________ seeks to improve the quality of process outputs by identifying and removing the causes of defects and variability in manufacturing and business processes.

Question45: Which of the following NIST documents describes that minimizing negative impact on an organization and a need for sound basis in decision making are the fundamental reasons organizations implement a risk management process for their IT systems

Question46: Which of the following CNSS policies describes the national policy on securing voice communications

Question47: Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package

Question48: Which of the following Registration Tasks sets up the system architecture description, and describes the C&A boundary

Question49: According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD Each correct answer represents a complete solution. Choose all that apply.

Question50: Which of the following cooperative programs carried out by NIST speed ups the development of modern technologies for broad, national benefit by co-funding research and development partnerships with the private sector

Question51: System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan Each correct answer represents a part of the solution. Choose all that apply.

Question52: Which of the following Registration Tasks sets up the business or operational functional description and system identification

Question53: Which of the following federal laws establishes roles and responsibilities for information security, risk management, testing, and training, and authorizes NIST and NSA to provide guidance for security planning and implementation

Question54: Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production Each correct answer represents a part of the solution. Choose all that apply.

Question55: Which of the following types of CNSS issuances describes how to implement the policy or prescribes the manner of a policy

Question56: SIMULATION
Fill in the blank with an appropriate phrase. The ____________ helps the customer understand and document the information management needs that support the business or mission.

Question57: Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through the filter

Question58: You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation of Federal Information Systems

Question59: You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of the following tests will help you to perform the above task

Question60: Which of the following federal laws is designed to protect computer data from theft

Question61: John works as a security engineer for BlueWell Inc. He wants to identify the different functions that the system will need to perform to meet the documented missionbusiness needs. Which of the following processes will John use to achieve the task

Question62: Which of the following principles are defined by the IATF model Each correct answer represents a complete solution. Choose all that apply.

Question63: Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using

Question64: Which of the following are the major tasks of risk management Each correct answer represents a complete solution. Choose two.

Question65: SIMULATION
Fill in the blanks with an appropriate phrase. The______________ is the process of translating system requirements into detailed function criteri a.

Question66: Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system

Question67: Which of the following refers to a process that is used for implementing information security

Question68: Which of the following certification levels requires the completion of the minimum security checklist, and the system user or an independent certifier can complete the checklist

Question69: Which of the following terms describes the security of an information system against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users or the provision of service to unauthorized users

Question70: Which of the following security controls is a set of layered security services that address communications and data security problems in the emerging Internet and intranet application space

Question71: Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident

Question72: The Concept of Operations (CONOPS) is a document describing the characteristics of a proposed system from the viewpoint of an individual who will use that system. Which of the following points are included in CONOPS Each correct answer represents a complete solution. Choose all that apply.

Question73: Which of the following is a 1996 United States federal law, designed to improve the way the federal government acquires, uses, and disposes information technology

Question74: Which of the following agencies serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related information available today

Question75: Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality

Question76: Which of the following security controls is standardized by the Internet Engineering Task Force (IETF) as the primary network layer protection mechanism

Question77: Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems

Question78: Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions

Question79: Which of the following acts promote a risk-based policy for cost effective security Each correct answer represents a part of the solution. Choose all that apply.

Question80: Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls

Question81: NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews

Question82: In which of the following DIACAP phases is residual risk analyzed

Question83: Which of the following federal agencies coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produces foreign intelligence information

Question84: Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system

Question85: Which of the following are the benefits of SE as stated by MIL-STD-499B Each correct answer represents a complete solution. Choose all that apply.

Question86: Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event

Question87: An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official Each correct answer represents a complete solution. Choose all that apply.

Question88: You work as a Network Administrator for PassGuide Inc. You need to secure web services of your company in order to have secure transactions. Which of the following will you recommend for providing security

Question89: Which of the following are the subtasks of the Define Life-Cycle Process Concepts task Each correct answer represents a complete solution. Choose all that apply.

Question90: You work as a system engineer for BlueWell Inc. Which of the following documents will help you to describe the detailed plans, procedures, and schedules to guide the transition process

Question91: Which of the following is designed to detect unwanted attempts at accessing, manipulating, and disabling of computer systems through the Internet

Question92: Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting sensitive, unclassified information in the systems as stated in Section 2315 of Title 10, United States Code

Question93: Which of the following is NOT used in the practice of Information Assurance (IA) to define assurance requirements

Question94: SIMULATION
Fill in the blank with an appropriate phrase. _________________ is used to verify and accredit systems by making a standard process, set of activities, general tasks, and management structure.

Question95: Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy

Question96: Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques and measures selected or developed

Question97: Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy

Question98: Which of the following policies describes the national policy on the secure electronic messaging service

Question99: You work as a systems engineer for BlueWell Inc. You want to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non- repudiation. Which of the following processes will you use to accomplish the task

Question100: Which of the following DITSCAPNIACAP model phases is used to show the required evidence to support the DAA in accreditation process and conclude in an Approval To Operate (ATO)

Question101: Which of the following phases of the ISSE model is used to determine why the system needs to be built and what information needs to be protected

Question102: Which of the following rated systems of the Orange book has mandatory protection of the TCB

Question103: The DoD 8500 policy series represents the Department's information assurance strategy. Which of the following objectives are defined by the DoD 8500 series Each correct answer represents a complete solution. Choose all that apply.

Question104: Which of the following characteristics are described by the DIAP Information Readiness Assessment function Each correct answer represents a complete solution. Choose all that apply.

Question105: Which of the following processes illustrate the study of a technical nature of interest to focused audience, and consist of interim or final reports on work made by NIST for external sponsors, including government and non-government sponsors

Question106: You work as a security engineer for BlueWell Inc. According to you, which of the following DITSCAPNIACAP model phases occurs at the initiation of the project, or at the initial C&A effort of a legacy system

Question107: Which of the following federal laws are related to hacking activities Each correct answer represents a complete solution. Choose three.

Question108: The functional analysis process is used for translating system requirements into detailed function criteria.
Which of the following are the elements of functional analysis process Each correct answer represents a complete solution. Choose all that apply.

Question109: Which of the following configuration management system processes keeps track of the changes so that the latest acceptable configuration specifications are readily available

Question110: The principle of the SEMP is not to repeat the information, but rather to ensure that there are processes in place to conduct those functions. Which of the following sections of the SEMP template describes the work authorization procedures as well as change management approval processes

Question111: In which of the following phases of the interconnection life cycle as defined by NIST SP 800-47 does the participating organizations perform the following tasks Perform preliminary activities. Examine all relevant technical, security and administrative issues. Form an agreement governing the management, operation, and use of the interconnection.

Question112: Which of the following statements is true about residual risks

Question113: Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.

Question114: You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A methodology, which is based on four well defined phases. In which of the following phases of NIST SP
800-37 C&A methodology does the security categorization occur

Question115: SIMULATION
Fill in the blank with the appropriate phrase. __________ provides instructions and directions for completing the Systems Security Authorization Agreement (SSAA).

Question116: The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer Each correct answer represents a complete solution. Choose all that apply.

Question117: Which of the following cooperative programs carried out by NIST encourages performance excellence among U.S. manufacturers, service companies, educational institutions, and healthcare providers

Question118: Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle

Question119: Which of the following acts assigns the Chief Information Officers (CIO) with the responsibility to develop Information Technology Architectures (ITAs) and is also referred to as the Information Technology Management Reform Act (ITMRA)

Question120: Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process

Question121: Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions

Question122: Which of the following DoD policies establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels

Question123: Which of the following firewall types operates at the Network layer of the OSI model and can filter data by port, interface address, source address, and destination address

Question124: Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document Each correct answer represents a complete solution.
Choose all that apply.

Question125: Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities

Question126: Which of the following roles is also known as the accreditor

Question127: SIMULATION
Fill in the blank with an appropriate phrase. The ______________ process is used for allocating performance and designing the requirements to each function.

Question128: Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media

Question129: Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life

Question130: Which of the following are the ways of sending secure e-mail messages over the Internet Each correct answer represents a complete solution. Choose two.

Question131: Which of the following elements of Registration task 4 defines the system's external interfaces as well as the purpose of each external interface, and the relationship between the interface and the system

Question132: Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls

Question133: What are the responsibilities of a system owner Each correct answer represents a complete solution.
Choose all that apply.

Question134: Which of the following are the phases of the Certification and Accreditation (C&A) process Each correct answer represents a complete solution. Choose two.

Question135: Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States

Question136: Which of the following documents is described in the statement below It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning.

Question137: Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information

Question138: Which of the following responsibilities are executed by the federal program manager

Question139: Which of the following cooperative programs carried out by NIST conducts research to advance the nation's technology infrastructure

Question140: Which of the following tasks obtains the customer agreement in planning the technical effort

Question141: Which of the following individuals is an upper-level manager who has the power and capability to evaluate the mission, business case, and budgetary needs of the system while also considering the security risks

Question142: Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process

Question143: Which of the following elements are described by the functional requirements task Each correct answer represents a complete solution. Choose all that apply.

Question144: Which of the following agencies is responsible for funding the development of many technologies such as computer networking, as well as NLS

Question145: Which of the following are the functional analysis and allocation tools Each correct answer represents a complete solution. Choose all that apply.

Question146: Which of the of following departments protects and supports DoD information, information systems, and information networks that are critical to the department and the armed forces during the day-to-day operations, and in the time of crisis

Question147: You work as a security engineer for BlueWell Inc. According to you, which of the following statements determines the main focus of the ISSE process

Question148: Which of the following types of CNSS issuances establishes or describes policy and programs, provides authority, or assigns responsibilities

Question149: Which of the following CNSS policies describes the national policy on use of cryptomaterial by activities operating in high risk environments

Question150: Which of the following individuals reviews and approves project deliverables from a QA perspective

Question151: Which of the following approaches can be used to build a security program Each correct answer represents a complete solution. Choose all that apply.

Question152: You work as a systems engineer for BlueWell Inc. You want to communicate the quantitative and qualitative system characteristics to all stakeholders. Which of the following documents will you use to achieve the above task

Question153: Which of the following memorandums reminds the Federal agencies that it is required by law and policy to establish clear privacy policies for Web activities and to comply with those policies

Question154: Which of the following acts is endorsed to provide a clear statement of the proscribed activity concerning computers to the law enforcement community, those who own and operate computers, and those tempted to commit crimes by unauthorized access to computers

Question155: Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats

Question156: Which of the following elements of Registration task 4 defines the operating system, database management system, and software applications, and how they will be used

Question157: Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response.
Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created

Question158: FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed

Question159: Which of the following tasks describes the processes required to ensure that the project includes all the work required, and only the work required, to complete the project successfully

Question160: Which of the following individuals is responsible for the oversight of a program that is supported by a team of people that consists of, or be exclusively comprised of contractors

Question161: Which of the following email lists is written for the technical audiences, and provides weekly summaries of security issues, new vulnerabilities, potential impact, patches and workarounds, as well as the actions recommended to mitigate risk

Question162: SIMULATION
Fill in the blanks with an appropriate phrase. A ________ is an approved build of the product, and can be a single component or a combination of components.

Question163: Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems

Question164: In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199 Each correct answer represents a complete solution.
Choose all that apply.

Question165: Which of the following is NOT an objective of the security program

Question166: Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment

Question167: Which of the following is the application of statistical methods to the monitoring and control of a process to ensure that it operates at its full potential to produce conforming product

Question168: Which of the following categories of system specification describes the technical, performance, operational, maintenance, and support characteristics for the entire system

Question169: Which of the following protocols is used to establish a secure terminal to a remote network device

Question170: TQM recognizes that quality of all the processes within an organization contribute to the quality of the product. Which of the following are the most important activities in the Total Quality Management Each correct answer represents a complete solution. Choose all that apply.

Question171: Which of the following organizations is a USG initiative designed to meet the security testing, evaluation, and assessment needs of both information technology (IT) producers and consumers

Question172: There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event

Question173: A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies Each correct answer represents a complete solution. Choose all that apply.

Question174: Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems

Question175: FIPS 199 defines the three levels of potential impact on organizations low, moderate, and high. Which of the following are the effects of loss of confidentiality, integrity, or availability in a high level potential impact

Question176: Which of the following security controls will you use for the deployment phase of the SDLC to build secure software Each correct answer represents a complete solution. Choose all that apply.

Question177: You work as a security engineer for BlueWell Inc. You are working on the ISSE model. In which of the following phases of the ISSE model is the system defined in terms of what security is needed

Question178: Which of the following agencies provides command and control capabilities and enterprise infrastructure to continuously operate and assure a global net-centric enterprise in direct support to joint warfighters, National level leaders, and other mission and coalition partners across the full spectrum of operations

Question179: Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should respond to the risk with the preplanned risk response

Question180: Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation

Question181: Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system

Question182: Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted as a Federal Information Processing Standard

Question183: DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires basic integrity and availability

Question184: Which of the following is the acronym of RTM

Question185: DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires high integrity and medium availability

Question186: Which of the following tools demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators

Question187: Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information

Question188: The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.

Question189: According to which of the following DoD policies, the implementation of DITSCAP is mandatory for all the systems that process both DoD classified and unclassified information?

Question190: Continuous Monitoring is the fourth phase of the security certification and accreditation process. What activities are performed in the Continuous Monitoring process Each correct answer represents a complete solution. Choose all that apply.

Question191: Which of the following Net-Centric Data Strategy goals are required to increase enterprise and community data over private user and system data Each correct answer represents a complete solution. Choose all that apply.

Question192: Which of the following describes a residual risk as the risk remaining after a risk mitigation has occurred

Question193: What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process Each correct answer represents a complete solution. Choose all that apply.

Question194: Which of the following memorandums directs the Departments and Agencies to post clear privacy policies on World Wide Web sites, and provides guidance for doing it

Question195: FIPS 199 defines the three levels of potential impact on organizations. Which of the following potential impact levels shows limited adverse effects on organizational operations, organizational assets, or individuals

Question196: The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on behalf of the performing organization.
Which one of the following is NOT an example of the transference risk response