True or false the rmf - Study guides, Class notes & Summaries

According to a 2013 Pricewaterhouse/ CSO Magazine/Us Secret Service/Carnegie Mellon survey, about what percentage of electronic crime events are caused by insiders - ️️--> 20-25% 5-10% Greater than 80% About 60% Less than 5% The DoD instruction that definitively defines cybersecurity is - ️️-->DoDI 8500.01, signed in March of 2014 Interium DoDI 5000.2 NIST Special Publication 800-145 Federal Information Systems Management Act (FISMA) USC Title 40. Clinger Cohen Act The...

What is the first step in applying the RMF? correct answers Categorize the information system and the information processed All of the following are risk treatments in different frameworks except? correct answers Ignore Which of the following is NOT one of the components of the COSO framework? correct answers Meeting stakeholder needs Which of the following is a generic blueprint offered by a service organization which must be flexible, scalable, robust, and detailed? correct answers se...

DoD's official site for enterprise RMF policy and implementation guidelines is: (Identify the Systems-Level Continuous Monitoring Strategy) - ️️The Risk Management Framework (RMF) Knowledge Service (KS) Suggested best practices to reduce security risks in the supply chain include: (Select all that apply) (Identify the importance of software assurance and supply chain risk management as part of cybersecurity bests practices) - ️️Select trusted suppliers Assess product security over...

How many phases are there in RMF? Correct Answer 6 How often do you assess a system? Correct Answer Annually The authorizing official has to approve at Step 1 categorization step. (T or F) Correct Answer True The system security plan must be signed by the authorizing official. (T or F) Correct Answer True The system security plan must be signed by the authorizing official prior to authorization to operate. (T or F) Correct Answer True Authorization to operate can be allocated up t...

Which of the following documents do NOT give specific guidance on selecting or defining security controls? - Answer DOD 5220.22-M Impact values are assigned based on - Answer Potential harm to the nation, organizations, mission, or individuals Who has responsibility for determining which security controls apply to an information system? - Answer Common Control Provider Information Security Architect - incorrect Chief Information Officer or Senior Information Security Officer All of t...

SFPC SPED STUDY SET TEST V2 2024/2025 What specifies classification levels, special requirements, and declassification instructions for classified programs, projects, and plans? - CORRECT ANSWERSecurity Classification Guide Which of the following is a true statement regarding the special handling requirements of Foreign Government Information (FGI)? A)When the classification marking on a document containing FGI is not in English, or when the foreign government marking requires a diffe...

SFPC SPED STUDY SET TEST V2 2024/2025 What specifies classification levels, special requirements, and declassification instructions for classified programs, projects, and plans? - CORRECT ANSWERSecurity Classification Guide Which of the following is a true statement regarding the special handling requirements of Foreign Government Information (FGI)? A)When the classification marking on a document containing FGI is not in English, or when the foreign government marking requires a diffe...

FedVTE CAP Exam 50 Questions with Verified Answers Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers? A. Employees B. Hackers C. Visitors D. Customers - CORRECT ANSWER A. Employees FISMA charges which one of the following agencies with the responsibility of overseeing the security policies and practices of all agencies of the executive branch of the Federal government? A. Office of Management an...

CLE 074 Exam Study Guide with Complete Solutions The key governance in Tier 3 of the risk management hierarchy is the Authorizing Official; in Tier 2, the Principal Authorizing Official; in Tier 1, the DoD Chief Information Officer - Answer---> True False The Security Plan is initiated at Step One of the RMF process and used in all subsequent steps EXCEPT: - Answer--->Step Four, Assess Security Controls Step Two, Select Security Controls Step Six, Monitor Security Controls, Step ...

The key governance in Tier 3 of the risk management hierarchy is the Authorizing Official; in Tier 2, the Principal Authorizing Official; in Tier 1, the DoD Chief Information Officer → --> True False The Security Plan is initiated at Step One of the RMF process and used in all subsequent steps EXCEPT: → -->Step Four, Assess Security Controls Step Two, Select Security Controls Step Six, Monitor Security Controls, Step Five, Authorize Security Controls Step Three, Implement S...