FITSP-MANAGER Exam ||Verified Exam!!|| Most
Recent Exam Actual Complete Real Exam Questions
And Correct Answers (Verified Answers) Already
Graded A+ || Newest Exam!!!
The following OMB guidance established the requirement
for federal agencies to review the security controls in each
system when significant modifications are made to the
system, but at least every three years. This guidance also
requires federal agencies to re-authorize information
systems every three years. - Answer-OMB Circular No. A-
130, Appendix III, Security of Federal Automated
Information Resources
As part of monitoring the security posture of agency
desktops, OMB requires federal agencies to use
vulnerability scanning tools that leverage the ________
protocol. - Answer-SCAP
Following the loss of 26 million records containing PII at
the Department of Veteran Affairs, OMB released M-06-16
Protection of Sensitive Agency Information. This memo
required all of the following EXCEPT: - Answer-Encryption
of all server backup tapes
,2|Page
This Homeland Security Presidential Directive requires all
federal agencies to adopt a standard, government wide
card to reduce identity fraud, protect personal privacy, and
provide for authentication. This directive was called: -
Answer-HSPD-12 - Common Identification Standard
Current regulations still require the re-authorization of
federal information systems at least every three years. -
Answer-True
What elements are components of an information system?
- Answer-Hardware and software, Interconnected systems,
People
What is the main consideration in determining the scope of
authorization for information systems? - Answer-System
Boundaries
Which approach involves continually balancing the
protection of agency information and assets with the cost
of security controls and mitigation strategies? - Answer-
Risk Management Approach
, 3|Page
What establishes the scope of protection for organizational
information systems? - Answer-System Boundaries
List the 7 steps of the RMF process? - Answer-Prepare,
Categorize, Select, Implement, Assess, Authorize, Monitor
During what phase of the SDLC should the organization
consider the security requirements? - Answer-Initiation
Phase / Development / Acquisition Phase
Security Reauthorizations are conducted during which
phase of the SDLC? - Answer-Operations/Maintenance
What NIST Special Publication superseded the original
Special Publication 800-30 as the primary source for
guidance on risk management? - Answer-SP 800-39
Applying the first three steps in the RMF to legacy
systems can be viewed as a
____________________________ to determine if the
necessary and sufficient security controls have been