FITSP-A Module 9 question and answers rated A+ 2023 Passed

FITSP-A Module 9 question and answers rated A+ 2023 Passed1. All of the following are considered remote access, EXCEPT: a) Dial-up b) Broadband c) VPN d) Wireless - correct answer Correct answer: c) VPN NIST SP 800-53r4, Control AC-17, Supplemental Guidance states: "Remote access methods include, for example, dial-up, broadband, and wireless. Organizations often employ encrypted virtual private networks (VPNs) to enhance confidentiality and integrity over remote connections." Incorrect answers: a), b), and d) are remote access methods as stated above. C) VPN is encrypted transmission used over remote access connections. 2. Which two of the following VPN technologies are approved for use by Federal agencies? a) TKIP b) IPSec c) TLS d) SSLv3 - correct answer Correct answer: b) IPSec and c) TLS Although the two NIST Special Publications covering VPN technology include IPSec VPNs (800-77) and SSL VPNs (800-113), an SSL VPN that uses TLS is sometimes referred to as a TLS VPN and is approved for Federal agency use. The key here is that the VPN must use FlPS-approved protocols and SSLv3 refers to SSL Version 3 protocol, which is not FIPS approved. Incorrect answers: a) is not a VPN technology; d) SSL VPN can be used, but not with SSL version 3. as it is not FIPS approved. 3. Which agency provides federal policy on record retention? a) Office of Management & Budget b) Department of Homeland Security c) National Archives d) Office of Personnel Management - correct answer Correct answer: c) National Archives NIST SP 800-53r4, Control AU-11, Supplemental Guidance states: "The National Archives and Records Administration (NARA) General Records Schedules provide federal policy on record retention." Incorrect answers: a), b), and d) do not provide record retention policy for the entire federal government. 4. SP 800-57 and SP 800-107 provide guidance for what kind of cryptographic algorithms? a) DSS/HMAC b) AES/3DES c) X.509/PKCS#1 d) CCMP/TKIP - correct answer Correct answer: a) DSS/HMAC NIST SP 800-57 Partlr3 and SP 800-107rl address key management and applications using approved hash algorithms, respectively. DSS refers to the Digital Signature Standard and HMAC to Keyed-Hash Message Authentication Codes which both address cryptographic algorithms used for hashing. Incorrect answers: The other combinations are not addressed by these publications specifically, b) are two-way encryption algorithms; c) is a certificate type and a family of encryption standards (for implementing RSA); d) are wireless protocols