Security Control Characteristics include all except:

What term identifies a control that is partially inherited, partially implemented by the system owner?

Of the following roles, which has the PRIMARY responsibility for conducting remediation actions based on the results of ongoing monitoring activities, assessment of risk, and outstanding items in the Plan of Action & Milestones?

The term 'DoD Components' refers to:

Of the following roles, which has the PRIMARY responsibility for updating the security plan, security assessment report, and Plan of Actions & Milestones based on the results of the continuous Monitoring process?

The legacy terms 'Certification ' and Accreditation' correspond to which two steps of RMF?

What is/are NOT a part of an agency's information security program as mandated by FISMA?

What are the major steps of the Risk Management Framework (RMF)?

Of the following roles, which has the PRIMARY responsibility for reviewing and approving the information system security plan (SP)?

In the multi-tiered risk management process described by NIST, at which level of the process are the information systems depicted?

Which is not an Authorization Decision

In DoD, the Risk Executive Function is performed by:

Of the following roles, which has the PRIMARY responsibility for implementing security controls specified in a security plan?

A tornado is an example of which of the following?

Which of the following roles is responsible for providing overall security protections for a federal government agency?

Which publication replaced the DoDD 8570.01, 'Information Assurance Training Certification and Workforce Management'?

What step in the RMF Lifecycle do you build the system?

What is not included in the DoD Core Security Authorization Spreadsheet?

The failure of the temperature control device for a heating, Ventilation, and air conditioning (HVAC) system is an example of a which of the following:

How are PIT and PIT Systems treated differently under RMF?

Which of the following statements about DoD's implementation of Information Security Continuous Monitoring (ISCM) is most accurate?

Of the following roles, which has PRIMARY responsibility for reporting the security status of an information system to the authorizing official on an ongoing basis in accordance with the monitoring strategy?

What role did the Joint Task Force Transformation Initiative (JTFTI) play in the RMF process?

Who prepares the Security Assessment Plan?

FISMA requires agencies to report annually on the state of their information security program to which of the following organizations?

In which publication will you find the table displaying minimum DoD standards for organization-defined parameters?

Which of the following roles is unique to the DoD implementation of RMF?

System and Services Acquisition controls are found in which family classification?

To whom does the Federal Information Security Management Act (FISMA) 2002 apply?

What is the difference between DISA STIGs and DISA STIG Benchmarks?

The System Security Plan (SSP) indicates the assessment results of each security control as one of these three options:

In the multi-tiered risk management process described by NIST, at which level of the process is the organization depicted?

'Assess Selected Controls Annually' is still part of which RMF step?

Of the following roles, which has the PRIMARY responsibility for determining the risk to organizational operations, organizational assets, individuals, other organizations, or the Nation?

Of the following roles, which has the PRIMARY responsibility for assembling and submitting an authorization package for an information system?

Which guidance states that the systems will complete an initial authorization via NIST RMF prior to ongoing authorization utilizing Information System Continuous Monitoring (ISCM) strategy?

Which of these is a DoD task under the RMF step 'Categorization'?

Which of the following is a required artifact for only systems categorized as moderate or above?

According to DoDI 8510.01, Risk Management Framework for DoD Information Technology, which of the following is a required document in an authorization package?

Which fundamental security property guards against improper information modification or destruction?

Maintenance controls are found in which family classification?

Of the following roles, which has the PRIMARY responsibility for preparing the POA&M for an information system?

Which of the following statements concerning Standalone Information Systems (IS) and Platform Information Technology (PIT) is most accurate?

What is true about SCAP?

In the three-tier RMF governance structure as implemented by DoD, which of the following most accurately describes Tier 3?

Which DoD organization monitors and oversees IS security Practices (including RMF, where applicable) of DoD contractors and vendors processing classified information?

Which of the following is a required artifact for DoD systems containing Personally Identifiable Information?

A 'Type Authorization' includes which of the following requirements:

In order for a security control to be considered as 'inherited' by an information system, which of the following conditions must be met:

What step in the RMF Lifecycle do you document the security control implementation in the security plan?