Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle
A. Phase 1, Definition
B. Phase 3, Validation
C. Phase 4, Post Accreditation Phase
D. Phase 2, Verification
Which of the following roles is also known as the accreditor
A. Data owner
B. Chief Information Officer
C. Chief Risk Officer
D. Designated Approving Authority
The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on behalf of the performing organization. Which one of the following is NOT an example of the transference risk response
A. Warranties
B. Performance bonds
C. Use of insurance
D. Life cycle costing
Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system
A. SSAA
B. TCSEC
C. FIPS
D. FITSAF
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy Each correct answer represents a part of the solution. Choose all that apply.
A. What is being secured
B. Who is expected to comply with the policy
C. Where is the vulnerability, threat, or risk
D. Who is expected to exploit the vulnerability
Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting sensitive, unclassified information in the systems as stated in Section 2315 of Title 10, United States Code
A. Type I cryptography
B. Type II cryptography
C. Type III (E) cryptography
D. Type III cryptography
Which of the following memorandums reminds the departments and agencies of the OMB principles for including and funding security as an element of agency information technology systems and architectures and of the decision criteria which is used to evaluate security for information systems investments
A. OMB M-00-13
B. OMB M-99-18
C. OMB M-00-07
D. OMB M-03-19
FIPS 199 defines the three levels of potential impact on organizations low, moderate, and high. Which of the following are the effects of loss of confidentiality, integrity, or availability in a high level potential impact
A. The loss of confidentiality, integrity, or availability might cause severe degradation in or loss of mission capability to an extent.
B. The loss of confidentiality, integrity, or availability might result in major financial losses.
C. The loss of confidentiality, integrity, or availability might result in a major damage to organizational assets.
D. The loss of confidentiality, integrity, or availability might result in severe damages like life threatening injuries or loss of life.
Which of the following security controls will you use for the deployment phase of the SDLC to build secure software Each correct answer represents a complete solution. Choose all that apply.
A. Risk Adjustments
B. Security Certification and Accreditation (CandA)
C. Vulnerability Assessment and Penetration Testing
D. Change and Configuration Control
Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions
A. DTIC
B. NSA IAD
C. DIAP
D. DARPA