FITSP - AUDITOR QUESTIONS AND
ANSWERS WITH COMPLETE
SOLUTIONS ALREADY PASSED!!!
Question 1 Which legislation mandates that federal agencies establish explicit
capital planning and investment control processes when purchasing information
technology?
a) E-Government Act of 2002 b) Federal Information Security Management
Act (FISMA) c) Government Information Security Reform Act (GISRA) d)
Clinger-Cohen Act
ANSWER: d) Clinger-Cohen Act ✔✔
Question 2 Which statutory act mandates that federal departments and agencies
appoint a Chief Information Officer (CIO)?
a) E-Government Act of 2002 b) Federal Information Security Management
Act (FISMA) c) Government Information Security Reform Act (GISRA) d)
Clinger-Cohen Act
ANSWER: d) Clinger-Cohen Act ✔✔
Question 3 Which piece of legislation dictates that federal agencies must design,
document, and execute a comprehensive, agency-wide information security
program?
a) E-Government Act of 2002, Section 208 b) Federal Information Security
Management Act (FISMA) c) Government Information Security Reform Act
(GISRA) d) Clinger-Cohen Act
ANSWER: b) Federal Information Security Management Act (FISMA) ✔✔
The following legislation requires federal agencies to prepare Privacy Impact
Assessments (PIAs) when developing or procuring new information technology:
a) E-Government Act of 2002, Section 208
,b) Federal Information Security Management Act (FISMA)
c) Privacy Act, 1974
d) Clinger-Cohen Act -ANSWER ✔✔E-Government Act of 2002, Section 208
The following legislation requires each agency with an Inspector General to
conduct an annual evaluation of agency's information security program, or to
appoint an
independent external auditor, to conduct the evaluation on their behalf:
a) E-Government Act of 2002, Title I
b) Federal Information Security Management Act (FISMA)
c) Government Information Security Reform Act (GISRA)
d) Clinger-Cohen Act -ANSWER ✔✔Federal Information Security Management
Act (FISMA)
The Secretary of what department or agency was delegated the responsibility by
FISMA to prescribe standards and guidelines pertaining to federal information
systems
to improve the efficiency of operation or security of Federal information systems:
a) Department of Homeland Security (DHS)
b) Defense Department
c) Commerce Department
d) National Security Agency -ANSWER ✔✔
The following OMB guidance established the requirement for federal agencies to
review the security controls in each system when significant modifications are
made to
,the system, or at least every three years. This guidance also requires federal
agencies to re-authorize information systems every three years.
a) OMB Circular No. A-123- Management Accountability and Control
b) OMB Circular No. A-130, Appendix III, Security of Federal Automated
Information Resources
c) OMB Circular No. A-127, Financial Management Systems
d) OMB Circular No. A-136, Financial Management Reporting Requirements -
ANSWER ✔✔OMB Circular No. A-130, Appendix III, Security of Federal
Automated Information Resources
The Federal Information Security Modernization Act of 2014 (FISMA 2014)
formally assigns information security responsibilities to which of the following
agencies/departments (select two):
a) Commerce
b) DHS
c) Justice
d) OMB -ANSWER ✔✔DHS and OMB
What is the required frequency of FISMA reporting feeds for CFO Act agencies?
a) Monthly
b) Quarterly
c) Semi-annually
d) Annually -ANSWER ✔✔Monthly
Which law directed the Secretary of Health and Human Services to develop
standards for protecting electronic health information?
a) AARA
, b) HITECH
c) HIPAA
d) ePHI -ANSWER ✔✔HIPAA
Current regulations still require the re-authorization of Federal information systems
at least every three years.
a) True
b) False -ANSWER ✔✔False
As part of monitoring the security posture of agency desktops, OMB requires
Federal agencies to
use vulnerability scanning tools that leverage the protocol.
a) SNMP
b) SMTP
c) SCAP
d) LDAP -ANSWER ✔✔SCAP
Following the loss of 26 million records containing Pll at the Department of
Veteran Affairs, OMB released M-06-16 Protection of Sensitive Agency
Information. This memo required all of the following except:
a) Encryption of all data on mobile computers/devices
b) Permits remote access only with two-factor authentication, for which one factor
is provided by a device separate from the computer gaining access
c) Use a "time-out" function for remote access and mobile devices requiring user
reauthentication after 30 minutes of inactivity
d) Encryption of all server backup tapes -ANSWER ✔✔Encryption of all server
backup tapes
ANSWERS WITH COMPLETE
SOLUTIONS ALREADY PASSED!!!
Question 1 Which legislation mandates that federal agencies establish explicit
capital planning and investment control processes when purchasing information
technology?
a) E-Government Act of 2002 b) Federal Information Security Management
Act (FISMA) c) Government Information Security Reform Act (GISRA) d)
Clinger-Cohen Act
ANSWER: d) Clinger-Cohen Act ✔✔
Question 2 Which statutory act mandates that federal departments and agencies
appoint a Chief Information Officer (CIO)?
a) E-Government Act of 2002 b) Federal Information Security Management
Act (FISMA) c) Government Information Security Reform Act (GISRA) d)
Clinger-Cohen Act
ANSWER: d) Clinger-Cohen Act ✔✔
Question 3 Which piece of legislation dictates that federal agencies must design,
document, and execute a comprehensive, agency-wide information security
program?
a) E-Government Act of 2002, Section 208 b) Federal Information Security
Management Act (FISMA) c) Government Information Security Reform Act
(GISRA) d) Clinger-Cohen Act
ANSWER: b) Federal Information Security Management Act (FISMA) ✔✔
The following legislation requires federal agencies to prepare Privacy Impact
Assessments (PIAs) when developing or procuring new information technology:
a) E-Government Act of 2002, Section 208
,b) Federal Information Security Management Act (FISMA)
c) Privacy Act, 1974
d) Clinger-Cohen Act -ANSWER ✔✔E-Government Act of 2002, Section 208
The following legislation requires each agency with an Inspector General to
conduct an annual evaluation of agency's information security program, or to
appoint an
independent external auditor, to conduct the evaluation on their behalf:
a) E-Government Act of 2002, Title I
b) Federal Information Security Management Act (FISMA)
c) Government Information Security Reform Act (GISRA)
d) Clinger-Cohen Act -ANSWER ✔✔Federal Information Security Management
Act (FISMA)
The Secretary of what department or agency was delegated the responsibility by
FISMA to prescribe standards and guidelines pertaining to federal information
systems
to improve the efficiency of operation or security of Federal information systems:
a) Department of Homeland Security (DHS)
b) Defense Department
c) Commerce Department
d) National Security Agency -ANSWER ✔✔
The following OMB guidance established the requirement for federal agencies to
review the security controls in each system when significant modifications are
made to
,the system, or at least every three years. This guidance also requires federal
agencies to re-authorize information systems every three years.
a) OMB Circular No. A-123- Management Accountability and Control
b) OMB Circular No. A-130, Appendix III, Security of Federal Automated
Information Resources
c) OMB Circular No. A-127, Financial Management Systems
d) OMB Circular No. A-136, Financial Management Reporting Requirements -
ANSWER ✔✔OMB Circular No. A-130, Appendix III, Security of Federal
Automated Information Resources
The Federal Information Security Modernization Act of 2014 (FISMA 2014)
formally assigns information security responsibilities to which of the following
agencies/departments (select two):
a) Commerce
b) DHS
c) Justice
d) OMB -ANSWER ✔✔DHS and OMB
What is the required frequency of FISMA reporting feeds for CFO Act agencies?
a) Monthly
b) Quarterly
c) Semi-annually
d) Annually -ANSWER ✔✔Monthly
Which law directed the Secretary of Health and Human Services to develop
standards for protecting electronic health information?
a) AARA
, b) HITECH
c) HIPAA
d) ePHI -ANSWER ✔✔HIPAA
Current regulations still require the re-authorization of Federal information systems
at least every three years.
a) True
b) False -ANSWER ✔✔False
As part of monitoring the security posture of agency desktops, OMB requires
Federal agencies to
use vulnerability scanning tools that leverage the protocol.
a) SNMP
b) SMTP
c) SCAP
d) LDAP -ANSWER ✔✔SCAP
Following the loss of 26 million records containing Pll at the Department of
Veteran Affairs, OMB released M-06-16 Protection of Sensitive Agency
Information. This memo required all of the following except:
a) Encryption of all data on mobile computers/devices
b) Permits remote access only with two-factor authentication, for which one factor
is provided by a device separate from the computer gaining access
c) Use a "time-out" function for remote access and mobile devices requiring user
reauthentication after 30 minutes of inactivity
d) Encryption of all server backup tapes -ANSWER ✔✔Encryption of all server
backup tapes
