1. Which regulation controls the export of military or defense applications and technology?
A. ITAR
B. EAR
C. OFAC
D. FDIC
E. None of these is correct.
2. What information must a federal agency include in a privacy impact assessment?
3. The information collected in a PIA and a SORN is based upon what principles?
A. NIST standards
B. OMB standards
C. Fair information privacy practices
D. ITAR regulations
E. None of these is correct.
4. Which assessment must be completed any time a federal agency collects personal information that can be retrieved via a personal identifier?
A. PIA
B. SORN
C. ACORN
D. OFAC
E. None of these is correct.
5. Which agency has primary oversight responsibilities under FISMA?
A. DoD
B. CIA
C. NIST
D. CNSS
E. None of these is correct.
6. Federal agencies must report information security incidents to ________.
7. Federal agencies must test their information security controls every 6 months.
A. True
B. False
8. What are federal information security challenges?
A. A culture of merely complying with reporting requirements
B. Lack of an enterprise approach to information security
C. Lack of coordination within the federal government
D. All of these are correct.
E. None of these is correct.
9. What is the name of the FISMA data-collection tool?
10. Which type of NIST guidance follows a formal creation process?
A. Special Publications
B. Federal Information Processing Standards
C. Guidelines for Information Security
D. Fair information practice principles
E. None of these is correct.
11. How many steps are there in the NIST risk management framework?
A. Six
B. Five
C. Four
D. Three
E. None of these is correct.
12. Which level of impact for a FIPS security category best describes significant damage to organizational assets?
A. Low
B. Moderate
C. High
D. Severe
E. None of these is correct.
13. FedCIRC is the federal information security incident center.
A. True
B. False
14. How quickly must a federal agency report an unauthorized access incident?
A. Monthly
B. Weekly
C. Daily
D. Within 2 hours of discovery
E. Within 1 hour of discovery
15. How many categories of security controls are designated in FIPS 200?
A. 20
B. 19
C. 18
D. 17
E. None of these is correct.