100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
FITSP-A Module 3 Questions & ANSWERS!! $13.49   Add to cart

Exam (elaborations)

FITSP-A Module 3 Questions & ANSWERS!!

 3 views  0 purchase
  • Course
  • FITSP-A
  • Institution
  • FITSP-A

. What elements are components of an information system? a) Hardware and software b) Interconnected systems c) People d) All of the above - ANSWER Correct answer: d) All of the above OMB Circular A-130, App ill: "A system normally includes hardware, software, information, data, applications, c...

[Show more]

Preview 2 out of 15  pages

  • August 19, 2024
  • 15
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • fitsp a module 3
  • fitsp a
  • FITSP-A
  • FITSP-A
avatar-seller
shantelleG
FITSP-A Module 3 Questions &
ANSWERS!!
1. What elements are components of an information system?

a) Hardware and software

b) Interconnected systems

c) People

d) All of the above - ANSWER Correct answer: d) All of the above

OMB Circular A-130, App ill: "A system normally includes hardware, software, information, data,
applications, communications, and people.'

Incorrect answers: The individual choices alone do not constitute a system. Information systems must be
considered in a holistic manner.



2. What are some of the threats that the information system faces?

a) Environmental disruptions

b) Human errors

c) Cyber-attacks

d) All of the above - ANSWER Correct answer: d) All of the above

NIST SP 800-39r1, p. 1: "Threats to information and information systems can include purposeful attacks,
environmental disruptions, and human/machine errors and result in great harm to the national and
economic security interests of the United States.

Incorrect answers: The individual choices alone do not cover all the threats that must be considered in
protecting systems



SDLC - ANSWER System Development Life Cycle

The five phases, as described in SP 800-64 are Initiation,

Development/Acquisition, Implementation, Operations/Maintenance, and Disposal.

( I D/A I O/M D )

, 3. During what phase of the SDLC should the organization consider the security requirements (mark all
that apply)?

a) Initiation Phase / Development / Acquisition Phase

b) Implementation Phase

c) Operation / Maintenance Phase



NIST SP 800-39, Appendix D defines roles and responsibilities of information security personnel.
Paragraphs D.5 & D.6 state that the SISO and AO have inherent U.S. Government authority and so must
be assigned to government personnel.



Incorrect answers: The other two positions are also addressed in SP 800-39, but do not have inherent
U.S. Government authority.



8. Place the 4 components of risk management in the correct order.



a) Monitor

b) Frame

c) Respond

d) Assess - ANSWER Correct answer: b), d), c), a). (FARM)



NIST SP 800-39, Paragraph 2.1 states: "Risk management is a comprehensive process that requires
organizations to: (i) frame risk (i.e., establish the context for risk-based decisions); (ii) assess risk; (iii)
respond to risk once determined; and (iv) monitor risk on an ongoing basis using effective organizational
communications and a feedback loop for continuous improvement in the risk-related activities of
organizations."



Incorrect answers: Other orders are incorrect based on SP 800-39.



9. The following are the possible outcomes of the Authorization Decision (mark all that apply):



a) Authorization to Operate

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller shantelleG. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

81989 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.49
  • (0)
  Add to cart