FITSP-M Exam UPDATED ACTUAL
QUESTIONS AND CORRECT ANSWERS
The Privacy Act of 1974 established policy objectives to protect... - CORRECT
ANSWER Personally Identifiable Information (PII)
Four Objectives:
-Restrict Disclosure
-Increased rights of access to agency records
-Grant individuals the right to seek amendment
-Establish a code of fair information practices
The Paperwork Reduction Act of 1980 granted... - CORRECT ANSWER OMB
responsibility for creating Policies, helping other agencies comply with federal mandates.
(think: Paper / Policies)
Computer Fraud and Abuse Act of 1986 is.... - CORRECT ANSWER Intended to
reduce cracking of computer systems and to address Federal computer related offenses
Computer Security Act of 1987 - CORRECT ANSWER -Assigned NIST to create
security standards/guidelines
-Required security policies and security plans
-Mandated security training
-Superseded by FISMA (OMB (creates policies) and DHS(enforces/implements)).
The Clinger-Cohen Act (Information Technology Reform Act of 1996).... - CORRECT
ANSWER -Implemented The Capital Planning Investment Control (CPIC) IT budget
planning process
-Granted the Director of OMB oversight of acquisitions
-Established CIO positions in every Federal department and agency
-Defined Federal Enterprise Architecture
-Requires annual reporting to Congress
,(Think C's)
The Cybersecurity Protection Act of 2014 - CORRECT ANSWER Amends the
Homeland Security Act of 2002 to establish a national cybersecurity and communications
integration center in the Department of Homeland Security (DHS) to carry out the
responsibilities of the DHS Under Secretary responsible for overseeing critical infrastructure
protection, cybersecurity, and related DHS programs.
The USA PATRIOT Act of 2001... - CORRECT ANSWER "Uniting and Strengthening
America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act"
-Amended the definition of electronic surveillance
-Created law enforcement initiatives to forestall and respond to threats against the US
The USA PATRIOT Act redefined money laundering to include - CORRECT
ANSWER -Making a financial transaction in the US to commit a crime
-Bribery of public officials and fraudulent use of public funds
-Smuggling or illegal export of controlled munitions
-Smuggling of any item controlled under export regulations
Cyber Security Workforce Act requires agencies to... - CORRECT ANSWER -
Classify/identify cybersecurity positions
-Identify employees with cybersecurity training/certifications
The NICE (National Initiative for Cyber Security Education) is... - CORRECT
ANSWER -Operated by NIST
-A partnership between government, academia, and the private sector
-Focused on cybersecurity education, training, and workforce development.
Who sets policy and determines reporting frequency? - CORRECT ANSWER OMB
, Who publishes Standards(if required) and Guidelines for OMB policies? - CORRECT
ANSWER NIST
What agency is tasked with implementation, oversight and monitoring against established
policies, standards, and guidelines? - CORRECT ANSWER DHS
What agency determines the FISMA metrics (as directed by OMB)? - CORRECT
ANSWER DHS
What two types of documents does OMB publish? - CORRECT ANSWER -Circulars
(A-###)
-Memorandum (M-FY-##)
How long are OMB Circulars in effect? - CORRECT ANSWER Two or more years
(circulars have longer lives than memoranda).
OMB Circular A-130, Managing Information as a Strategic Resource - CORRECT
ANSWER -Establishes policy for the management of Federal information resources
-Appendix III, Security of Federal Automated Information Resources
-Requires accreditation of Federal Information Systems to operate according to assessment of
management, operational, and technical controls
OMB Circular A-130 Section III - CORRECT ANSWER Applies Government Wide
and mandates security ASSESSMENTS & AUTHORIZATIONS every 3 years (unless
continuous monitoring is in place)
What metric based reporting, which changes every year based on evolving threats and
vulnerabilities, is required to be submitted to DHS and at what frequency? - CORRECT
ANSWER Cyberscope, which is submitted monthly
QUESTIONS AND CORRECT ANSWERS
The Privacy Act of 1974 established policy objectives to protect... - CORRECT
ANSWER Personally Identifiable Information (PII)
Four Objectives:
-Restrict Disclosure
-Increased rights of access to agency records
-Grant individuals the right to seek amendment
-Establish a code of fair information practices
The Paperwork Reduction Act of 1980 granted... - CORRECT ANSWER OMB
responsibility for creating Policies, helping other agencies comply with federal mandates.
(think: Paper / Policies)
Computer Fraud and Abuse Act of 1986 is.... - CORRECT ANSWER Intended to
reduce cracking of computer systems and to address Federal computer related offenses
Computer Security Act of 1987 - CORRECT ANSWER -Assigned NIST to create
security standards/guidelines
-Required security policies and security plans
-Mandated security training
-Superseded by FISMA (OMB (creates policies) and DHS(enforces/implements)).
The Clinger-Cohen Act (Information Technology Reform Act of 1996).... - CORRECT
ANSWER -Implemented The Capital Planning Investment Control (CPIC) IT budget
planning process
-Granted the Director of OMB oversight of acquisitions
-Established CIO positions in every Federal department and agency
-Defined Federal Enterprise Architecture
-Requires annual reporting to Congress
,(Think C's)
The Cybersecurity Protection Act of 2014 - CORRECT ANSWER Amends the
Homeland Security Act of 2002 to establish a national cybersecurity and communications
integration center in the Department of Homeland Security (DHS) to carry out the
responsibilities of the DHS Under Secretary responsible for overseeing critical infrastructure
protection, cybersecurity, and related DHS programs.
The USA PATRIOT Act of 2001... - CORRECT ANSWER "Uniting and Strengthening
America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act"
-Amended the definition of electronic surveillance
-Created law enforcement initiatives to forestall and respond to threats against the US
The USA PATRIOT Act redefined money laundering to include - CORRECT
ANSWER -Making a financial transaction in the US to commit a crime
-Bribery of public officials and fraudulent use of public funds
-Smuggling or illegal export of controlled munitions
-Smuggling of any item controlled under export regulations
Cyber Security Workforce Act requires agencies to... - CORRECT ANSWER -
Classify/identify cybersecurity positions
-Identify employees with cybersecurity training/certifications
The NICE (National Initiative for Cyber Security Education) is... - CORRECT
ANSWER -Operated by NIST
-A partnership between government, academia, and the private sector
-Focused on cybersecurity education, training, and workforce development.
Who sets policy and determines reporting frequency? - CORRECT ANSWER OMB
, Who publishes Standards(if required) and Guidelines for OMB policies? - CORRECT
ANSWER NIST
What agency is tasked with implementation, oversight and monitoring against established
policies, standards, and guidelines? - CORRECT ANSWER DHS
What agency determines the FISMA metrics (as directed by OMB)? - CORRECT
ANSWER DHS
What two types of documents does OMB publish? - CORRECT ANSWER -Circulars
(A-###)
-Memorandum (M-FY-##)
How long are OMB Circulars in effect? - CORRECT ANSWER Two or more years
(circulars have longer lives than memoranda).
OMB Circular A-130, Managing Information as a Strategic Resource - CORRECT
ANSWER -Establishes policy for the management of Federal information resources
-Appendix III, Security of Federal Automated Information Resources
-Requires accreditation of Federal Information Systems to operate according to assessment of
management, operational, and technical controls
OMB Circular A-130 Section III - CORRECT ANSWER Applies Government Wide
and mandates security ASSESSMENTS & AUTHORIZATIONS every 3 years (unless
continuous monitoring is in place)
What metric based reporting, which changes every year based on evolving threats and
vulnerabilities, is required to be submitted to DHS and at what frequency? - CORRECT
ANSWER Cyberscope, which is submitted monthly
