Question 1
This organization is responsible for implementing the national strategies in combating computer and intellectual property crimes worldwide. Specifically, to prevent, investigate, and prosecute computer crimes by working with other government agencies, the private sector, academic institutions, and foreign counterparts.
A) The United States Computer Emergency Readiness Team
B) The National Institute of Standards and Technology
C) The US Department of Justice Computer Crime and Intellectual Property Section
D) The Federal Bureau of Investigation National Cyber Investigation Joint Task Force

Question 2
U.S. Presidents use this power to set policy directives that implement or interpret federal statutes, a constitutional provision, or a treaty.
A) Public Law
B) Executive Orders
C) Technical Standards
D) Legislation

Question 3
Which public law provides additional penalties for related activities in connection with access devices and computers.
A) Computer Fraud and Abuse Act of 1986
B) Privacy Act of 1974
C) Computer Security Act of 1987
D) Comprehensive Crime Control Act of 1984

Question 4
Which public law establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies.
A) Privacy Act of 1974
B) Computer Fraud and Abuse Act of 1986
C) Comprehensive Crime Control Act of 1984

Question 5
FISMA was created by what organization?
A) DISA
B) Congress
C) White House
D) Department of Defense

Question 6
This Act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.
A) Confidential Information Protection and Statistical Efficiency Act of 2002
B) E-Government Act of 2002
C) Computer Security Act of 1987
D) Federal Information Security Management Act of 2002

Question 7
What is the level of impact if the information label is LOW?
A) Limited adverse impact on the organization
B) Serious adverse impact on the organization
C) Severe adverse impact on the organization
D) No adverse impact on the organization

Question 8
FIPS Pub 199 uses what term when referring to a HIGH impact?
A) Critical
B) Grave
C) Serious
D) Severe

Question 9
This Act intended to enhance the security and resiliency of the cyber and communications infrastructure of the United States.
A) Cybersecurity Act of 2012
B) Federal Information Security Management Act of 2002
C) Confidential Information Protection and Statistical Efficiency Act of 2002
D) Computer Security Act of 1987

Question 10
What are the three primary goals of the Comprehensive National Cybersecurity
Initiative (CNCI)?
A) To strengthen the future cybersecurity environment; To build cybersecurity capability in the electricity sector; To protect the nation's communication grid from cyber threats
B) To establish a front line of defense against todays immediate threats; To defend against the full spectrum of threats; To develop and implement a government-wide cyber counterintelligence (CI) plan
C) To defend against the full spectrum of threats; To coordinate and redirect research and development (R&D) efforts; To develop and implement a government-wide cyber counterintelligence (CI) plan
D) To establish a front line of defense against todays immediate threats; To defend against the full spectrum of threats; To strengthen the future cybersecurity environment

Question 11
This is the mission of what federal organization - to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
A) Office of Management and Budget (OMB)
B) Department of Homeland Security (DHS)
C) National Institute of Standards and Technology (NIST)
D) Department of Commerce (DOC)

Question 12
Which of the following identifies the different function a system will need to perform in order to meet the documented business need?
A) Test scenario
B) Functional requirements
C) Testing requirements
D) Functional scenario
View Feedback

Question 13
This act provides for the sharing of certain cyber threat intelligence and provide cyber threat information between the intelligence community and cyber security entities including the private sector and utilities.

A) Federal Information Security Management Act (FISMA)
B) Cyber Intelligence Sharing and Protection Act (CISPA)
C) Government Information Security Reform Act (GISRA)
D) The PATRIOT Act

Question 14
The NIST organization has defined best practices for creating continuity plans. Which of the following phases deals with identifying and prioritizing critical functions and systems?
A) Develop recovery strategies
B) Conduct the business impact analysis
C) Identify preventive controls.
D) Develop the continuity planning policy statement.

Question 15
What is the primary purpose of the Framework for Improving Critical Infrastructure Cybersecurity?
A) To enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity.
B) Establishing a process for identifying critical infrastructure with especially high priority for protection and to direct regulatory agencies to determine the adequacy of current requirements and their authority to establish additional requirements to address risks.
C) To protect the American people, to protect the Nation's critical infrastructure, and to protect Federal government computers and networks,
D) Providing a stable, but flexible catalog of security controls to meet current information protection needs and creating a foundation for the development of assessment methods and procedures for determining security control effectiveness.

Question 16
DOD Information Systems should only be interconnected under the following circumstances
A) Approved certification of interconnected systems
B) Compelling operational requirements
C) Approved authorization of interconnected systems
D) Demonstrable operational requirements

Question 17
Which of the following U.S. Acts permits people to legally access data collected about them by government agencies?
A) Signal Intelligence Presidential Directive
B) Privacy Act of 1974
C) Freedom of Information Act
D) Electronic Communications Privacy Act of 1986

Question 18
Who provides and independent assessment of the security plan?
A) Certification Agent
B) Program Manager
C) Security Officer
D) Security Manager

Question 19
FIPS 199 was established to develop standards for categorizing information and information systems. The potential of impact is high if:
A) the loss of CIA results in major damage to organizational assets
B) the loss of CIA results in significant financial loss
C) the loss of CIA significantly reduces the effectiveness of system functions
D) the loss of CIA results in minor harm to individuals

Question 20
According to FIPS 200, CIA uses 17 security-related areas. "Organizations must develop, document, periodically update, and implement security plans for organizational information systems that describe the security controls in place or planned for the information systems..." applies to which of the 17?
A) System and Information Integrity
B) Configuration Management
C) Contingency Planning
D) Planning

Question 21
How does FIPS 199 define LOW impact items?
A) Limited
B) Moderate
C) Minor
D) Low

Question 22
The Waterfall design methodology is best described as:
A) Most closely matches the IATF
B) Better interaction with customers
C) Flexibility and rapid development
D) Rigid and clearly defined structure

Question 23
What aspects are taken into account when defining a Mission Assurance Category (MAC)
A) confidentiality and integrity
B) sensitivity and importance
C) confidentiality and availability
D) availability and integrity.