Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?
A. Employees
B.
... [Show More] Hackers
C. Visitors
D. Customers
A. Employees
FISMA charges which one of the following agencies with the responsibility of overseeing the security policies and practices of all agencies of the executive branch of the Federal government?
A. Office of Management and Budget (OMB)
B. National Institute of Standards and Technology (NIST)
C. National Security Agency (NSA)
D. Department of Justice
A. Office of Management and Budget (OMB)
Which one of the following publications provides details of the monitoring security control?
A. NIST SP 800 53
B. NIST SP 800 42
C. NIST SP 800 37
D. NIST SP 800 41
C. NIST SP 800 37
Which of the following statements about Discretionary Access Control List (DACL) is true?
A. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.
B. It specifies whether an audit activity should be performed when an object attempts to access a resource.
C. It is a unique number that identifies a user, group, and computer account.
D. It is a rule list containing access control entries.
A. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.
FIPS Publication 199 defines three levels of potential impact to the compromise of confidentiality, integrity, and availability. These levels are:
A. Minimum, Normal, Maximum
B. Low, Moderate, High
C. Unclassified, Confidential, Secret
D. Confidential, Secret, Top Secret
B. Low, Moderate, High
Which of the following individuals is responsible for monitoring the information system environment that can negatively impact the security of the system and its accreditation?
A. Chief Information Security Officer
B. Chief Information Officer
C. Chief Risk Officer
D. Information System Owner
D. Information System Owner
Which of the following professionals plays the role of a monitor and takes part in the organizations configuration management process?
A. Senior Agency Information Security Officer
B. Authorizing Official
C. Common Control Provider
D. Chief Information Officer
C. Common Control Provider
Which of the following is not a standard phase in the System Authorization Process?
A. Pre certification
B. Post authorization
C. Post certification
D. Certification
C. Post certification
What is the potential impact if the loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States?
A. Low
B. Moderate
C. High
D. Limited
A. Low
An assessment procedure consists of a set of which things, each with an associated set of potential assessment methods and assessment objects?
A. Assessment objectives
B. Security controls
C. Operational requirements
D. Assessment objects
A. Assessment objectives
This process is used to determine if the security controls in the information system continue to be effective over time in light of the inevitable changes that occur in the system as well as the environment in which the system operates between authorization decisions.
A. Continuous monitoring
B. Configuration management
C. Vulnerability assessment
D. Certification and accreditation
A. Continuous monitoring
Who does an organization require that is capable of conducting an impartial assessment of security controls employed within or inherited by an information system?
A. Vendor assessor
B. Technical expert
C. Authorization assessor
D. Independent assessor
D. Independent assessor
Which of the following NIST documents provides a guideline for identifying an information system as a National Security System?
A. NIST SP 800 59
B. NIST SP 800 53
C. NIST SP 800 60
D. NIST SP 800 37
A. NIST SP 800 59
Subsequent to a security breach, which of the following techniques are used with the intention to limit the extent of damage caused by the incident?
A. Corrective controls
B. Preventive controls
C. Change controls
D. Incident controls
A. Corrective controls
What process should be initiated when changes to the information system negatively impact the security of the system or when a period of time has elapsed as specified by agency or federal policy?
A. IS audit
B. Systems acquisition
C. Reauthorization
D. Reclassification of data
C. Reauthorization
Which of the following documents can be best aid in selecting controls to be monitored?
A. NIST SP 800 37
B. FISMA
C. FIPS 199
D. NIST SP 800 18
C. FIPS 199
Applying the first three steps in the RMF to legacy systems can be viewed in what way to determine if the necessary and sufficient security controls have been appropriately selected and allocated?
A. Sequential
B. Level of effort
C. Gap analysis
D. Common control
C. Gap analysis
In which type of access control do user ID and password system come under?
A. Physical
B. Administrative
C. Power
D. Technical
D. Technical
Which role in the security authorization process is responsible for organizational information systems?
A. IS program manager
B. Designated authorizing official
C. Certification agent
D. User representative
B. Designated authorizing official [Show Less]