Which document contains the Description, Milestones and Estimated Completion for each system weakness?

What term identifies a control that is partially inherited, partially implemented by the system owner?

Which of the following roles has responsibility for establishing an organizational commitment to the actions required to effectively manage risk and protect the core missions and business functions being carried out by the organization?

What is/are NOT a part of an agency's information security program as mandated by FISMA?

What is the first step in selecting security controls for a DoD system?

Of the following roles, which has PRIMARY responsibility for reporting the security status of an information system to the authorizing official on an ongoing basis in accordance with the monitoring strategy?

Of the following roles, which has the PRIMARY responsibility for determining the security impact of proposed or actual changes to the information system or its environment of operation?

What is an example of a Tier Level Common Control?

Which of the following roles is responsible for providing overall security protections for a federal government agency?

To whom does the Federal Information Security Management Act (FISMA) 2002 apply?

Which automated tool provides a repository for artifacts?

Of the following roles, which has the PRIMARY responsibility for assembling and submitting an authorization package for an information system?

System and Services Acquisition controls are found in which family classification?

How are PIT and PIT Systems treated differently under RMF?

The term 'Type Authorization' refers to:

What is included in ACAS?

Which of the following describes the purpose of NIST SP 800-39, 'Managing Information Security Risk'?

Of the following roles, which has primary responsibility for implementing an information system disposal strategy which executes required actions when a system is removed from service?

For now, systems continue to receive Authorizations with three-year Termination Dates. This is based on earlier guidance from which of the options below?

Which of the following is a required artifact for only systems categorized as moderate or above?

What step in the RMF Lifecycle do you build the system?

Which of the following artifacts becomes very important during the decommissioning process?

Choose a situation that could change the monitoring frequency of a control.

What guidance is unique to DoD as opposed to only using NIST guidance?

Which DoD organization monitors and oversees IS security Practices (including RMF, where applicable) of DoD contractors and vendors processing classified information?

Of the following roles, which has the PRIMARY responsibility for preparing the security control assessment plan for an information system?

What is not included in the DoD Core Security Authorization Spreadsheet?

Which NIST publication provides guidance on implementing an ISCM?

A sunspot is an example of which of the following:

For a security control listed in NIST SP 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations', which of the following describes the security control enhancements in the control structure?

Maintenance controls are found in which family classification?

Which of the following statements about DoD's implementation of Information Security Continuous Monitoring (ISCM) is most accurate?

Which of these is a DoD task under the RMF step 'Categorization'?

Which RMF step aligns with the System Development Life Cycle Phase 'Operations and Support'?

Which of the following roles has responsibility for establishing an organizational commitment to information security?

For a security control listed in NIST SP 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations', which of the following describes the control statement in the control structure?

Of the following roles, which has the PRIMARY responsibility for determining the risk to organizational operations, organizational assets, individuals, other organizations, or the Nation?

For a security control listed in NIST SP 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations', which of the following describes the organizational-parameterization in the control structure?

Which of the following describes the purpose of NIST SP 800-53, Rev 4/5?

Of the following roles, which has the PRIMARY responsibility for conducting remediation actions based on the results of ongoing monitoring activities, assessment of risk, and outstanding items in the Plan of Action & Milestones?

Which fundamental security property guards against improper information modification or destruction?

What is the primary gateway for gaining access to NIST Computer Security Publications, Standards, and guidelines plus other useful security-related information?

What is true about SCAP?

Which of the following statements about the Enterprise Mission Assurance Support Service (eMASS) is most accurate?

Security Control Characteristics include all except:

Of the following roles, which has the PRIMARY responsibility for reviewing and approving the information system security plan (SP)?

What step in the RMF Lifecycle do you document the security control implementation in the security plan?

Which publication replaced the DoDD 8570.01, 'Information Assurance Training Certification and Workforce Management'?

Which of the following Documents will you use to help you follow the process of categorizing the system?

How often does FISMA mandate a review of security controls?