The Actual Exam Version included actual exam questions verified by IT Experts. We verified questions and updated frequently each month and also based on members’ feedback to keep updating with the real exam. We are offering money back immediately if questions in our Actual Exam Version do not appear in your exam. Highly recommend you take the Actual Exam Version then go to the exam as soon as possible.
QUESTION NO: 1
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed
A. Level 4
B. Level 5
C. Level 1
D. Level 2
E. Level 3
QUESTION NO: 2
Which of the following is a type of security management for computers and networks in order to identify security breaches
QUESTION NO: 3
Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through the filter
A. Stateless packet filter firewall
B. PIX firewall
C. Stateful packet filter firewall
D. Virtual firewall
QUESTION NO: 4
Which of the following federal laws is designed to protect computer data from theft
A. Federal Information Security Management Act (FISMA)
B. Computer Fraud and Abuse Act (CFAA)
C. Government Information Security Reform Act (GISRA)
D. Computer Security Act
QUESTION NO: 5
Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media
QUESTION NO: 6
Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one
A. Configuration Item Costing
B. Configuration Identification
C. Configuration Verification and Auditing
D. Configuration Status Accounting
QUESTION NO: 7
Which of the following professionals is responsible for starting the Certification & Accreditation
A. Authorizing Official
B. Information system owner
C. Chief Information Officer (CIO)
D. Chief Risk Officer (CRO)
QUESTION NO: 8
Which of the following security controls is a set of layered security services that address communications and data security problems in the emerging Internet and intranet application space?
A. Internet Protocol Security (IPSec)
B. Common data security architecture (CDSA)
C. File encryptors
D. Application program interface (API)
QUESTION NO: 9
Which of the following protocols is used to establish a secure terminal to a remote network device
QUESTION NO: 10
Which of the following elements of Registration task 4 defines the system’s external interfaces as well as the purpose of each external interface, and the relationship between the interface and the system
A. System firmware
B. System software
C. System interface
D. System hardware
QUESTION NO: 11
Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information
A. Federal Information Processing Standard (FIPS)
B. Special Publication (SP)
C. NISTIRs (Internal Reports)
D. DIACAP by the United States Department of Defense (DoD)
QUESTION NO: 12
Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system
A. Security Control Assessment Task 4
B. Security Control Assessment Task 3
C. Security Control Assessment Task 1
D. Security Control Assessment Task 2
QUESTION NO: 13
Which of the following professionals plays the role of a monitor and takes part in the organization’s configuration management process
A. Chief Information Officer
B. Authorizing Official
C. Common Control Provider
D. Senior Agency Information Security Officer
QUESTION NO: 14
Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls
A. Certification and accreditation (C&A)
B. Risk Management
C. Information systems security engineering (ISSE)
D. Information Assurance (IA)
QUESTION NO: 15
The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.
A. Security operations
B. Continue to review and refine the SSAA
C. Change management
D. Compliance validationE. System operations
F. Maintenance of the SSAA
QUESTION NO: 16
Which of the following email lists is written for the technical audiences, and provides weekly summaries of security issues, new vulnerabilities, potential impact, patches and workarounds, as well as the actions recommended to mitigate risk
A. Cyber Security Tip
B. Cyber Security Alert
C. Cyber Security Bulletin
D. Technical Cyber Security Alert
QUESTION NO: 17
Which of the following tasks obtains the customer agreement in planning the technical effort
A. Task 9
B. Task 11
C. Task 8
D. Task 10
A. NIST Special Publication 800-59
B. NIST Special Publication 800-60
C. NIST Special Publication 800-37A
D. NIST Special Publication 800-37
E. NIST Special Publication 800-53
F. NIST Special Publication 800-53A
QUESTION NO: 19
Which of the following elements are described by the functional requirements task Each correct answer represents a complete solution. Choose all that apply.
QUESTION NO: 20
Which of the following documents is defined as a source document, which is most useful for the
ISSE when classifying the needed security functionality
A. Information Protection Policy (IPP)
C. System Security Context
QUESTION NO: 21
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires basic integrity and availability
A. MAC I
B. MAC II
C. MAC IV
QUESTION NO: 22
What are the responsibilities of a system owner Each correct answer represents a complete solution. Choose all that apply.
A. Integrates security considerations into application and system purchasing decisions and development projects.
B. Ensures that the necessary security controls are in place.
C. Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on.
D. Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.
QUESTION NO: 23
Which of the following Registration Tasks sets up the business or operational functional description and system identification
A. Registration Task 2
B. Registration Task 1
C. Registration Task 3
D. Registration Task 4
QUESTION NO: 24 CORRECT TEXT
Fill in the blank with an appropriate section name. ______is a section of the SEMP template, which specifies the methods and reasoning planned to build the requisite trade-offs between functionality, performance, cost, and risk.
QUESTION NO: 25
Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems
A. National Security AgencyCentral Security Service (NSACSS)
B. National Institute of Standards and Technology (NIST)
C. United States Congress
D. Committee on National Security Systems (CNSS)
QUESTION NO: 26
Which of the following statements is true about residual risks
A. It can be considered as an indicator of threats coupled with vulnerability.
B. It is a weakness or lack of safeguard that can be exploited by a threat.
C. It is the probabilistic risk after implementing all security measures.
D. It is the probabilistic risk before implementing all security measures.
QUESTION NO: 27
According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD Each correct answer represents a complete solution. Choose all that apply.
A. DC Security Design & Configuration
B. EC Enclave and Computing Environment
C. VI Vulnerability and Incident Management
D. Information systems acquisition, development, and maintenance
QUESTION NO: 28
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation Each correct answer represents a complete solution. Choose two.
A. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
B. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
C. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
D. Certification is the official management decision given by a senior agency official to authorize operation of an information system.
QUESTION NO: 29
Which of the following protocols is built in the Web server and browser to encrypt data traveling over the Internet
QUESTION NO: 30
Which of the following configuration management system processes defines which items will be configuration managed, how they are to be identified, and how they are to be documented
A. Configuration verification and audit
B. Configuration control
C. Configuration status accounting
D. Configuration identification