• researchhelpinc@outlook.com
  • +1 862 207 3288
  • WhatsApp

OMB A-130

Posted on by admin

OMB A-130

1. NIST SP 800-37 does not address which of the following:
A. Initiation
B. Validation
C. Certification
D. Accreditation

2. Which of the following is not a requirement of OMB A-130?
A. FISMA reporting
B. Planning for security
C. Review security controls
D. Ensure officials are assigned security responsibilities

3. Which statement most accurately defines residual risk?
A. The risk remaining after the implementation of new or enhanced controls
B. The risk remaining after baseline controls are implemented
C. The risk remaining after the risk assessment process
D. The risk remaining after common controls are implemented

4. A collection of information objects that share the same security policy for access is
A. Information domain
B. User domain
C. Information profile
D. User profile

5. What organization created FISMA?
A. White House
B. DISA
C. Department of Defense
D. Congress
6. What is necessary in order to determine the appropriate security category?
A. Potential impact
B. Cost and benefit of control
C. Threat vulnerability pair
D. Acceptable loss
7. What is the level of impact if the information label is LOW?
A. No adverse impact on the organization
B. Limited adverse impact on the organization
C. Serious adverse impact on the organization
D. Severe adverse impact on the organization
E. Develop Detailed Security Design
8. FIPS Pub 199 uses what term when referring to a HIGH impact?
A. Severe
B. Grave
C. Critical
D. Serious
9. Which is not a primary task included in the Information Management Plan (IMP)?
A. Define the mission need
B. Define the Information Management Model (IMM)
C. Define the Information Protection Policy (IPP)
D. Assess effectiveness of system
10. A Target of Evaluation could be described as:
A. The protection profile
B. The security target
C. The product under evaluation
D. The product evaluation method

11. The Information Management Plan (IMP) helps determine
A. Information Management Model
B. Information Protection Needs
C. System Security Requirements
D. Roles and Responsibilities

12. Which of the following identifies the different function a system will need to perform in order to meet the documented business need?
A. Functional requirements
B. Testing requirements
C. Test scenario
D. Functional scenario

13. Which step is not addressed during the NIST SP 800-60 analysis?
A. Loss of Availability
B. Loss of Confidentiality
C. Loss of Integrity
D. Loss of Repudiation

14. When should the System Design Review (SDR) take place?
A. At the end of the architecture phase
B. At the end of the design phase
C. At the end of the certification phase
D. At the end of the testing phase

15. Which philosophy is established by NSTISSI 7003 Protected Distribution Systems (PDS)?
A. Prevent penetration
B. Detect penetration
C. Penetration response
D. Penetration mitigation

16. DOD Information Systems should only be interconnected under the following circumstances
A. Demonstrable operational requirements
B. Compelling operational requirements
C. Approved authorization of interconnected systems
D. Approved certification of interconnected systems

17. _____ defines the hardware, software, and interfaces used to develop a system.
A. Technical requirements
B. Functional diagram
C. System baseline
D. System architecture

18. Who provides and independent assessment of the security plan?
A. Security Officer
B. Security Manager
C. Program Manager
D. Certification Agent

19. The IATF has three primary elements for defense in depth. Which of the below is not one of these elements?
A. People
B. Technology
C. Operations
D. Policy

20. Which requirement does NIST SP 800-59 tell us is required in order to be defined as a National Security System?
A. Critical to the direct fulfillment of military or intelligence missions
B. Critical to national security operations
C. Critical to the support functions of military operations
D. Critical to the support of the strategic goals of the United States
21. How does FIPS 199 define LOW impact items?
A. Low
B. Minor
C. Limited
D. Moderate

22. The Waterfall design methodology is best described as:
A. Most closely matches the IATF
B. Flexibility and rapid development
C. Better interaction with customers
D. Rigid and clearly defined structure

23. What aspects are taken into account when defining a Mission Assurance Category (MAC)
A. availability and integrity
B. confidentiality and integrity
C. confidentiality and availability
D. sensitivity and importance

PLACE THIS ORDER OR A SIMILAR ORDER WITH US TODAY AND GET AN AMAZING DISCOUNT 🙂

 

© 2020 customphdthesis.com. All Rights Reserved. | Disclaimer: for assistance purposes only. These custom papers should be used with proper reference.