Which of the following assessment methodologies defines a six-step technical security evaluation
A. FITSAF
B. OCTAVE
C. FIPS 102
D. DITSCAP
You work as a security engineer for BlueWell Inc. You are working on the ISSE model. In which of the following phases of the ISSE model is the system defined in terms of what security is needed
A. Define system security architecture
B. Develop detailed security design
C. Discover information protection needs
D. Define system security requirements
Which of the following responsibilities are executed by the federal program manager
A. Ensure justification of expenditures and investment in systems engineering activities.
B. Coordinate activities to obtain funding.
C. Review project deliverables.
D. Review and approve project plans.
Which of the following acts promote a risk-based policy for cost effective security Each correct answer represents a part of the solution. Choose all that apply.
A. Clinger-Cohen Act
B. Lanham Act
C. Paperwork Reduction Act (PRA)
D. Computer Misuse Act
Which of the following cooperative programs carried out by NIST provides a nationwide network of local centers offering technical and business assistance to small manufacturers
A. NIST Laboratories
B. Advanced Technology Program
C. Manufacturing Extension Partnership
D. Baldrige National Quality Program
The DoD 8500 policy series represents the Department's information assurance strategy. Which of the following objectives are defined by the DoD 8500 series Each correct answer represents a complete solution. Choose all that apply.
A. Providing IA Certification and Accreditation
B. Providing command and control and situational awareness
C. Defending systems
D. Protecting information
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires high integrity and medium availability
A. MAC I
B. MAC II
C. MAC III
D. MAC IV
Under which of the following CNSS policies, NIACAP is mandatory for all the systems that process USG classified information
A. NSTISSP No. 11
B. NSTISSP No. 101
C. NSTISSP No. 7
D. NSTISSP No. 6
Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non- repudiation
A. Parkerian Hexad
B. Five Pillars model
C. Capability Maturity Model (CMM)
D. Classic information security model
Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted as a Federal Information Processing Standard
A. Type III (E) cryptography
B. Type III cryptography
C. Type I cryptography
D. Type II cryptography