FITSP OPERATOR STUDY SET
QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS 100%
CORRECT RATED A+
Question 1
What is the core purpose of FIPS 199 within federal information systems?
ANSWER: It establishes the standards for security categorization of information
and information systems based on potential impact levels across three security
objectives: Confidentiality, Integrity, and Availability. ✔✔
Question 2
What are the consecutive steps that comprise the NIST Risk Management
Framework (RMF)?
ANSWER: Prepare, Categorize, Select, Implement, Assess, Authorize, and
Monitor. ✔✔
Question 3
What mandate does FISMA impose on federal agencies regarding cybersecurity
governance?
ANSWER: It requires federal agencies to develop, document, and implement an
agency-wide information security program, which includes mandatory annual
reporting on its effectiveness. ✔✔
Question 4
What are the five core functions that make up the structural framework of the NIST
Cybersecurity Framework?
ANSWER: Identify, Protect, Detect, Respond, and Recover. ✔✔
,Question 5
What is the primary objective of the Privacy Act of 1974 regarding data handling?
ANSWER: To protect personally identifiable information (PII) held by federal
agencies by requiring a legitimate, valid justification for its collection,
maintenance, and retention. ✔✔
Question 6
How does a digital signature ensure both message integrity and non-repudiation?
ANSWER: It utilizes a cryptographic mechanism where a sender signs a message
or hash using their private key, proving the identity of the sender and verifying that
the data has not been altered. ✔✔
Question 7
What policy framework is established by OMB Circular A-130?
ANSWER: It provides the governing policy and guidelines for managing federal
information resources, specifically focusing on the integration of security and
privacy protections. ✔✔
Symmetric vs Asymmetric Encryption -ANSWER ✔✔Symmetric uses the same
key for encryption and decryption; asymmetric uses a public/private key pair.
FIPS 199 Impact Levels -ANSWER ✔✔Low, Moderate, High.
SP 800-53A -ANSWER ✔✔Methods for assessing the effectiveness of security
controls.
CIA Triad -ANSWER ✔✔Confidentiality, Integrity, Availability.
, SP 800-88 -ANSWER ✔✔Media sanitization - clearing, purging, and destruction.
HSPD-12 -ANSWER ✔✔Common Identification Standard for Federal Employees.
SCAP -ANSWER ✔✔Security Content Automation Protocol.
FIPS 140-2 -ANSWER ✔✔Cryptographic module standards.
FIPS 200 -ANSWER ✔✔Minimum security requirements for federal information
systems.
SP 800-122 -ANSWER ✔✔Guide to protecting confidentiality of PII.
Risk Avoidance -ANSWER ✔✔Proactively eliminating risk by avoiding related
activities.
Risk Rejection -ANSWER ✔✔Ignoring or dismissing the existence of a risk.
Cold Site -ANSWER ✔✔A low-cost disaster recovery site with no pre-installed
equipment.
Hot Site -ANSWER ✔✔A high-cost disaster recovery site with pre-installed
equipment for rapid recovery.
QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS 100%
CORRECT RATED A+
Question 1
What is the core purpose of FIPS 199 within federal information systems?
ANSWER: It establishes the standards for security categorization of information
and information systems based on potential impact levels across three security
objectives: Confidentiality, Integrity, and Availability. ✔✔
Question 2
What are the consecutive steps that comprise the NIST Risk Management
Framework (RMF)?
ANSWER: Prepare, Categorize, Select, Implement, Assess, Authorize, and
Monitor. ✔✔
Question 3
What mandate does FISMA impose on federal agencies regarding cybersecurity
governance?
ANSWER: It requires federal agencies to develop, document, and implement an
agency-wide information security program, which includes mandatory annual
reporting on its effectiveness. ✔✔
Question 4
What are the five core functions that make up the structural framework of the NIST
Cybersecurity Framework?
ANSWER: Identify, Protect, Detect, Respond, and Recover. ✔✔
,Question 5
What is the primary objective of the Privacy Act of 1974 regarding data handling?
ANSWER: To protect personally identifiable information (PII) held by federal
agencies by requiring a legitimate, valid justification for its collection,
maintenance, and retention. ✔✔
Question 6
How does a digital signature ensure both message integrity and non-repudiation?
ANSWER: It utilizes a cryptographic mechanism where a sender signs a message
or hash using their private key, proving the identity of the sender and verifying that
the data has not been altered. ✔✔
Question 7
What policy framework is established by OMB Circular A-130?
ANSWER: It provides the governing policy and guidelines for managing federal
information resources, specifically focusing on the integration of security and
privacy protections. ✔✔
Symmetric vs Asymmetric Encryption -ANSWER ✔✔Symmetric uses the same
key for encryption and decryption; asymmetric uses a public/private key pair.
FIPS 199 Impact Levels -ANSWER ✔✔Low, Moderate, High.
SP 800-53A -ANSWER ✔✔Methods for assessing the effectiveness of security
controls.
CIA Triad -ANSWER ✔✔Confidentiality, Integrity, Availability.
, SP 800-88 -ANSWER ✔✔Media sanitization - clearing, purging, and destruction.
HSPD-12 -ANSWER ✔✔Common Identification Standard for Federal Employees.
SCAP -ANSWER ✔✔Security Content Automation Protocol.
FIPS 140-2 -ANSWER ✔✔Cryptographic module standards.
FIPS 200 -ANSWER ✔✔Minimum security requirements for federal information
systems.
SP 800-122 -ANSWER ✔✔Guide to protecting confidentiality of PII.
Risk Avoidance -ANSWER ✔✔Proactively eliminating risk by avoiding related
activities.
Risk Rejection -ANSWER ✔✔Ignoring or dismissing the existence of a risk.
Cold Site -ANSWER ✔✔A low-cost disaster recovery site with no pre-installed
equipment.
Hot Site -ANSWER ✔✔A high-cost disaster recovery site with pre-installed
equipment for rapid recovery.
