FITSP-M KNOWLEDGE CHECK
QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS 100%
CORRECT RATED A+
Question 1 What is the primary function of Step 1 in the NIST Risk
Management Framework (RMF)?
ANSWER: To categorize the information system and the information
processed, stored, and transmitted by that system based on an analysis of
potential organizational impact. ✔✔
Question 2 During which specific RMF step and associated task are security
control weaknesses and deficiencies officially tracked and addressed?
ANSWER: The Assess step, where deficiencies identified by the assessor are
documented and managed using a Plan of Action and Milestones (POA&M).
✔✔
Question 3 What distinct types of risk remediation and management actions
can an organization utilize to address identified security risks?
ANSWER: Accept, Reject, Share, Transfer, and Remediate. ✔✔
Question 4 Which specific document establishes the baseline policy framework
for information resources management across all branches of the Federal
government?
ANSWER: OMB Circular A-130 ✔✔
Name an initiative to create security configuration baselines for Information
Technology products widely deployed across the federal agencies. -ANSWER
✔✔US Government Configuration Baseline (USGCB) p. 80
, Agencies required to adhere to DHS' direction to report data through this automated
tool. What is a the required frequency of these data feeds? -ANSWER
✔✔CyberScope - Monthly data feeds p. 78 & 97
Which two NIST Special Publications provide management overview and risk
assessment guidance on risk management? -ANSWER ✔✔SP 800-30 - Guide for
Conducting Risk Assessments
SP 800-39 - Managing Information Security Risk: Organization, Mission, and
Information Systems View
P. 133
What are the four components of the new Risk Management Model? -ANSWER
✔✔Frame risk
Assess risk
Respond to risk one determined
Monitor risk on an ongoing basis
P. 130
Give an example of Tier 1 risk -ANSWER ✔✔Strategic Risk
Legal Risk
Compliance Risk
Financial Risk
Reputation Risk
Environment Risk
P. 149
QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS 100%
CORRECT RATED A+
Question 1 What is the primary function of Step 1 in the NIST Risk
Management Framework (RMF)?
ANSWER: To categorize the information system and the information
processed, stored, and transmitted by that system based on an analysis of
potential organizational impact. ✔✔
Question 2 During which specific RMF step and associated task are security
control weaknesses and deficiencies officially tracked and addressed?
ANSWER: The Assess step, where deficiencies identified by the assessor are
documented and managed using a Plan of Action and Milestones (POA&M).
✔✔
Question 3 What distinct types of risk remediation and management actions
can an organization utilize to address identified security risks?
ANSWER: Accept, Reject, Share, Transfer, and Remediate. ✔✔
Question 4 Which specific document establishes the baseline policy framework
for information resources management across all branches of the Federal
government?
ANSWER: OMB Circular A-130 ✔✔
Name an initiative to create security configuration baselines for Information
Technology products widely deployed across the federal agencies. -ANSWER
✔✔US Government Configuration Baseline (USGCB) p. 80
, Agencies required to adhere to DHS' direction to report data through this automated
tool. What is a the required frequency of these data feeds? -ANSWER
✔✔CyberScope - Monthly data feeds p. 78 & 97
Which two NIST Special Publications provide management overview and risk
assessment guidance on risk management? -ANSWER ✔✔SP 800-30 - Guide for
Conducting Risk Assessments
SP 800-39 - Managing Information Security Risk: Organization, Mission, and
Information Systems View
P. 133
What are the four components of the new Risk Management Model? -ANSWER
✔✔Frame risk
Assess risk
Respond to risk one determined
Monitor risk on an ongoing basis
P. 130
Give an example of Tier 1 risk -ANSWER ✔✔Strategic Risk
Legal Risk
Compliance Risk
Financial Risk
Reputation Risk
Environment Risk
P. 149
