Which of the following is used in the practice of Information Assurance (IA) to define assurance requirements?
Response:

• A.Classic information security model
• B.Parkerian Hexad
• C.Communications Management Plan
• D.Five Pillars model

Comment: *

Name: *

Email: *

Verification: *

When an ATO is issued, which of the following roles authoritatively accepts residual risk on behalf of the organization?
Response:

• A.Information Owner
• B.Authorizing official
• C.AO or the AO's designated Representation
• D.CISO

Comment: *

Name: *

Email: *

Verification: *

Who is primarily responsible for the development of system-specific procedures? Response:

• A.The system administrator
• B.The system owner
• C.The information systems security officer (ISSO)
• D.The system architect

Comment: *

Name: *

Email: *

Verification: *

Failure to authorize an operational system to process demonstrates that management has not exercised due care in protecting the system in the event of a security incident. Which of the following Acts has been violated?
Response:

• A.FISMA, 2002
• B.Computer security Act of 1987
• C.FIPS 102
• D.Clinger-Cohen Act of 1996

Comment: *

Name: *

Email: *

Verification: *

Which of the following statements about Discretionary Access Control List (DACL) is true?
Response:

• A.It is a rule list containing access control entries.
• B.It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.
• C.It specifies whether an audit activity should be performed when an object attempts to access a resource.
• D.It is a unique number that identifies a user, group,and computer account.

Comment: *

Name: *

Email: *

Verification: *