True or false the rmf - Study guides, Class notes & Summaries

Which of the following controls are part of the Risk Management Framework Step 4: Assess Security Controls? - ANSWER--Initiate RMF milestone plan -*Assess security controls* -*Develop and approve security assessment plan* -Assign qualified personnel to RMF roles The Department of Defense follows the DoD 8500 series documentation for Cybersecurity policy - ANSWER--*True* -False Within the Risk Management Framework, who can determine whether or not the system is approved to operate at an...

this legislation requires Federal agencies to develop document and implement an agency wide information security program - Answer- Clinger-Cohen What are the six steps of the RMF - Answer- Categorize Select Implement Assess Authorize Monitor What is the term used to evaluate operational information systems against the RMF, to determine the security controls in place and the requirements to mitigate risk at a acceptable level? - Answer- Gap Anaylsis What is the legal precedence - An...

___________________________ is a part of the U.S. Department of Commerce, and it includes an Information Technology Laboratory (ITL). - Answer- NIST National Institute of Standards and Technology. What does TIC stand for? - Answer- Trusted Internet Connection What does USA Patriot Act stand for? - Answer- United & Strengthening America by providing appropriate tools required to intercept and obstruct terrorism What does FISMA stand for? - Answer- Federal Information Security Management ...

CAP Test FedVTE The authorization decision document conveys the final security authorization decision from the authorizing official to the information system owner. The authorization decision document contains all of the following information except? A. Authorization decision B. Terms and conditions for the authorization C. Approving revisions to the SSAA D. Authorization termination date - C. Approving revisions to the SSAA Security categorization of an National Security ...

FedVTE CAP Exam 50 Questions with Verified Answers Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers? A. Employees B. Hackers C. Visitors D. Customers - CORRECT ANSWER A. Employees FISMA charges which one of the following agencies with the responsibility of overseeing the security policies and practices of all agencies of the executive branch of the Federal government? A. Office of Management an...

According to "The Common Sense Guide to Mitigating Insider Threats," which item is NOT a best practice to protect against the insider threat? (Identify countermeasures used to combat cyber threats) Make sure that only one person has access to critical passwords and certain classified information. Among the more complex technical areas comprising the Joint Information Environment implementation strategy is Data Center Consolidation. What is the purpose of such consolidation? (Identify t...

1. Name the reporting tool, which automates Agency FISMA reporting directly to the DHS. a) FISMA b) DHS Reporting Metrics c) Cyberscope d) Cyberstat - Answer- Correct answer: c) CyberScope. In OMB M-10-15, CyberScope was designated as the reporting tool for FISMA reporting. Incorrect answers: a) FISMA requires the reports; b) DHS Reporting Metrics indicate what must be reported; d) CyberStat refers to OMB's reviews 2. Which family of security controls is considered Tier 2? a) ...

Palo Alto (1-6) Test questions and answers_ 2021/2022. Which built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems? a. superuser b. custom role c. deviceadmin d. vsysadmin Which Next Generation VM Series Model requires a minimum of 16 GB of memory and 60 GB of dedicated disk drive capacity? Select one: a. VM-700 b. VM-500 c. VM-100 d. VM-50 On the Next Generation firewall, a commit lock blocks other administrator...

C A security program alerts you of a failed logon attempt to a secure system. On investigation, you learn the system's normal user accidentally had caps lock turned on. What kind of alert was it? A. True positive B. True negative C. False positive D. False negative A Your security policy calls for the company's financial data archive to have its confidentiality, integrity, availability, and accountability protected. Presently it's stored on two redundant servers protected by st...

1. List the 3 security objectives under FISMA. a) Confidentiality, Integrity, Authentication b) Confidentiality, Integrity, Availability c) Containment, Integrity, Availability d) Confidentiality, Impact, Availability - Answer- Correct answer: b) Confidentiality, Integrity, Availability FISMA 2002, Section 3542 states: "The term 'information security' means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction...