FITSP-M Knowledge Check Exam UPDATED
ACTUAL QUESTIONS AND CORRECT
ANSWERS
What is the main function of Step 1 in the RMF? - CORRECT ANSWER Categorize
the information system and the information processed, stored, and transmitted by that system
based on an impact analysis
During which step and task are the security control weaknesses and deficiencies addressed? -
CORRECT ANSWER Assess - using an POAM by the assessor
What types of remediation actions can be utilized? - CORRECT ANSWER Accept
Reject
Share
Transfer
Remediate
Which document provides a policy framework for information resources management across
the Federal government? - CORRECT ANSWER OMB Circular A-130 p. 58
Name an initiative to create security configuration baselines for Information Technology
products widely deployed across the federal agencies. - CORRECT ANSWER US
Government Configuration Baseline (USGCB) p. 80
Agencies required to adhere to DHS' direction to report data through this automated tool.
What is a the required frequency of these data feeds? - CORRECT
ANSWER CyberScope - Monthly data feeds p. 78 & 97
Which two NIST Special Publications provide management overview and risk assessment
guidance on risk management? - CORRECT ANSWER SP 800-30 - Guide for
Conducting Risk Assessments
, SP 800-39 - Managing Information Security Risk: Organization, Mission, and Information
Systems View
P. 133
What are the four components of the new Risk Management Model? - CORRECT
ANSWER Frame risk
Assess risk
Respond to risk one determined
Monitor risk on an ongoing basis
P. 130
Give an example of Tier 1 risk - CORRECT ANSWER Strategic Risk
Legal Risk
Compliance Risk
Financial Risk
Reputation Risk
Environment Risk
P. 149
Which phase of the SLDC should define security requirements? - CORRECT
ANSWER Initiation p. 140
What establishes the scope of protection for organizational information systems? -
CORRECT ANSWER Something?
Dynamic Subsystem - CORRECT ANSWER A subsystem that is not continually
present during the execution phase of an information system. Service-oriented architectures
and cloud computing architectures are examples of architectures that employ dynamic
subsystems.
ACTUAL QUESTIONS AND CORRECT
ANSWERS
What is the main function of Step 1 in the RMF? - CORRECT ANSWER Categorize
the information system and the information processed, stored, and transmitted by that system
based on an impact analysis
During which step and task are the security control weaknesses and deficiencies addressed? -
CORRECT ANSWER Assess - using an POAM by the assessor
What types of remediation actions can be utilized? - CORRECT ANSWER Accept
Reject
Share
Transfer
Remediate
Which document provides a policy framework for information resources management across
the Federal government? - CORRECT ANSWER OMB Circular A-130 p. 58
Name an initiative to create security configuration baselines for Information Technology
products widely deployed across the federal agencies. - CORRECT ANSWER US
Government Configuration Baseline (USGCB) p. 80
Agencies required to adhere to DHS' direction to report data through this automated tool.
What is a the required frequency of these data feeds? - CORRECT
ANSWER CyberScope - Monthly data feeds p. 78 & 97
Which two NIST Special Publications provide management overview and risk assessment
guidance on risk management? - CORRECT ANSWER SP 800-30 - Guide for
Conducting Risk Assessments
, SP 800-39 - Managing Information Security Risk: Organization, Mission, and Information
Systems View
P. 133
What are the four components of the new Risk Management Model? - CORRECT
ANSWER Frame risk
Assess risk
Respond to risk one determined
Monitor risk on an ongoing basis
P. 130
Give an example of Tier 1 risk - CORRECT ANSWER Strategic Risk
Legal Risk
Compliance Risk
Financial Risk
Reputation Risk
Environment Risk
P. 149
Which phase of the SLDC should define security requirements? - CORRECT
ANSWER Initiation p. 140
What establishes the scope of protection for organizational information systems? -
CORRECT ANSWER Something?
Dynamic Subsystem - CORRECT ANSWER A subsystem that is not continually
present during the execution phase of an information system. Service-oriented architectures
and cloud computing architectures are examples of architectures that employ dynamic
subsystems.
