1. Name the reporting tool, which automates Agency FISMA reporting directly to the DHS.
a) FISMA
b) DHS Reporting Metrics
c) Cyberscope
d) Cyberstat - ANSWER Correct answer: c) CyberScope.
In OMB M-10-15, CyberScope was designated as the reporting tool for FISMA reporting.
Incorrect ans...
FITSP-A Module 7
QUESTIONS &
ANSWERS(2024 LATEST
UPDATE)
1. Name the reporting tool, which automates Agency FISMA reporting directly to the DHS.
a) FISMA
b) DHS Reporting Metrics
c) Cyberscope
d) Cyberstat - ANSWER Correct answer: c) CyberScope.
In OMB M-10-15, CyberScope was designated as the reporting tool for FISMA reporting.
Incorrect answers: a) FISMA requires the reports; b) DHS Reporting Metrics indicate what must be
reported; d) CyberStat refers to OMB's reviews
2. Which family of security controls is considered Tier 2?
a) Access Control
b) Management Family
, c) Operational Controls
d) Program Management - ANSWER Correct answer: d) Program Management
NIST SP 800-137, Paragraph 2.1.2 states: "Controls in the Program Management (PM) family are an
example of Tier 2 security controls."
Incorrect answers: a) Access controls are Tier 3; b) Management a class, not a family; c) Operational
controls are a class, not a family.
NIST SP 800-137, Paragraph D.3.2 states: "The NVD is the U.S. government repository of standards-based
vulnerability management data represented using the SCAP specifications."
Incorrect answers: a) ICAT is the former name of NVD; c) OVAL is an information security community
effort to standardize how to assess and report upon the machine state of computer systems; d) SCAP is a
suite of specifications that standardizes the format and nomenclature by which security software
products communicate security flaw and security configuration information
6. Who publishes the annual CIO Reporting Metrics for Continuous Monitoring?
a) NIST
b) DHS
c) OMB
d) Commerce Department - ANSWER Correct answer: b) DHS
OMB M-10-28, Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the
President and the Department of Homeland Security (DHS), delineated the responsibilities of
cybersecurity reporting with respect to OMB and DHS. Although it does not specifically mention metrics,
after its publication DHS began to publish the annual metrics reporting requirements to fulfill assigned
responsibilities.
Incorrect answers: Per OMB M-10-28, this is now the responsibility of DHS, not the other choices.
7. Information Security Continuous Monitoring (ISCM) is a carryover from the old Certification and
Accreditation (C&A) Process. True or False?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller shantelleG. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.