Which publication replaced the DoDD 8570.01, 'Information Assurance Training Certification and Workforce Management'?

What is not included in the DoD Core Security Authorization Spreadsheet?

What role did the Joint Task Force Transformation Initiative (JTFTI) play in the RMF process?

Of the following roles, which has the PRIMARY responsibility for assembling and submitting an authorization package for an information system?

For now, systems continue to receive Authorizations with three-year Termination Dates. This is based on earlier guidance from which of the options below?

Which automated tool provides a repository for artifacts?

A tornado is an example of which of the following?

Maintenance controls are found in which family classification?

How many system-level families of security controls are listed in NIST SP 800-53, Revision 1, 'Security and Privacy Controls for Federal Information Systems and Organizations'?

What is included in ACAS?

The System Security Plan (SSP) indicates the assessment results of each security control as one of these three options:

In the multi-tiered risk management process described by NIST, at which level of the process is the organization depicted?

Of the following roles, which has the PRIMARY responsibility for developing a strategy for the continuous monitoring of security Control Effectiveness for an Information System?

A 'Type Authorization' includes which of the following requirements:

According to DoDI 8510.01, Risk Management Framework for DoD Information Technology, which of the following is a required document in an authorization package?

Which of these statements most accurately reflects DoD policy regarding National Security Systems (NSS) and RMF?

Of the following roles, which has the PRIMARY responsibility for preparing the security control assessment report for an information system?

Of the following roles, which has the PRIMARY responsibility for selecting security controls for an information system?

Which publication contains tables for use in quantification of risk?

Which of the following Documents will you use to help you follow the process of categorizing the system?

Which NIST publication provides guidance on implementing an ISCM?

Of the following roles, which has the PRIMARY responsibility for updating the security plan, security assessment report, and Plan of Actions & Milestones based on the results of the continuous Monitoring process?

Which of the following describes the purpose of NIST SP 800-53, Rev 4/5?

Which RMF step aligns with the System Development Life Cycle Phase 'Operations and Support'?

What is the primary gateway for gaining access to NIST Computer Security Publications, Standards, and guidelines plus other useful security-related information?

Of the following, which has the PRIMARY responsibility for assessing the implementation of security controls for an information system?

Of the following roles, which has the PRIMARY responsibility for determining the security impact of proposed or actual changes to the information system or its environment of operation?

In the three-tier RMF governance structure as implemented by DoD, which of the following most accurately describes Tier 3?

How are PIT and PIT Systems treated differently under RMF?

Who prepares the Security Assessment Plan?

What are the major steps of the Risk Management Framework (RMF)?

Of the following roles, which has the PRIMARY responsibility for identifying common controls provided by an organization?

Which document provides an overview of the security requirements of a system and the controls in place or planned for meeting those requirements?

Which of the following describes the purpose of NIST SP 800-37, Rev. 2, 'Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy'?

Which of the following forms of DoD information technology are required to undergo the RMF Assess process only?

For a security control listed in NIST SP 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations', which of the following describes the control statement in the control structure?

The term 'DoD Components' refers to:

Which fundamental security property guards against improper information modification or destruction?

Of the following roles, which has the PRIMARY responsibility for determining the risk to organizational operations, organizational assets, individuals, other organizations, or the Nation?

Which of the following best describes the RMF Knowledge Service (KS)?

Which of the following is part of the Joint Continuous Working Group (JCMWG) CONOPS Phase 1 for implementation of ISCM?

In accordance with the FISMA (Update 2014), which agency has been given a more active role in providing operational and technical assistance to other federal Executive Branch civilian agencies?

In which publication will you find the table displaying minimum DoD standards for organization-defined parameters?

Of the following roles, which has the PRIMARY responsibility for reviewing the reported security status of the information system on an ongoing basis in accordance with the monitoring strategy to determine whether the risk to organizational operations, organizational assets, individuals, other organizations, or the Nation remains acceptable?

Which of the following roles is responsible for providing overall security protections for a federal government agency?

Which of these is a DoD task under the RMF step 'Categorization'?

SCAP Stands for?

What is an example of a Tier Level Common Control?

A system of Records Notices (SORN) is a control in which family?

System and Services Acquisition controls are found in which family classification?