IS3350 CHAPTER 8

Question 1

A federal government official who independently evaluates the performance of federal agencies. These are independent officials and called ___?

Answer 1

INSPECTOR GENERAL

Question 2

Information technology systems that hold military, defense, and intelligence information is called ___?

Answer 2

NATIONAL SECURITY SYSTEMS

Question 3

A review of how a federal agency’s IT systems process personal information. The E-Government Act of 2002 requires Federal agencies to conduct these assessments and is called ___?

Answer 3

PRIVACY IMPACT ASSESSMENT (PIA)

Question 4

Any information about a person that a federal agency maintains. This term is also defined by the Privacy Act of 1974 and is called a ___?

Answer 4

RECORD

Question 5

A federal agency’s notice about agency record-keeping systems that can retrieve records through the use of a personal identifies. The Privacy Act of 1974 requires federal agencies to provide these notices. This is called ___?

Answer 5

SYSTEM OF RECORDS NOTICE (SORN)

Question 6

1. Which regulation controls the export of military or defense applications and technology?
2. ITAR
3. EAR
4. OFAC
5. FDIC
6. none of the above

Answer 6

ITAR

Question 7

2. What information must a federal agency include in a privacy impact assessment?

Answer 7

State what information is to be collected;
Why the information is being collected;
The intended use of the information;
How the agency will share the information;
Whether people have the opportunity to consent to specific uses of the info;
How the information will be secured;
Whether the info collected will be a system of records as defined by the Privacy Act of 1974

Question 8

3. The information collected in a PIA and a SORN is based upon what principles?
4. NIST standards
5. OMB standards
6. Fair information privacy practices
7. OTAR regulations
8. None of the above

Answer 8

Fair information privacy practices

Question 9

4. Which assessment must be completed any time a federal agency collects personal information that can be retrieved via a personal identifier?
5. PIA
6. SORN
7. ACORN
8. OFAC
9. None of the above

Answer 9

SORN

Question 10

5. Which agency has primary oversight responsibilities under FISMA?
6. DoD
7. CIA
8. NIST
9. CNSS
10. None of the above

Answer 10

None of the above

Question 11

6. Federal agencies must report information security incidents to ____?

Answer 11

US-CERT

Question 12

7. Federal agencies must test their information security controls every six months.
   TRUE OR FALSE

Answer 12

FALSE

Question 13

8. What are federal information security challenges?
9. A culture of merely complying with reporting requirement
10. Lack of an enterprise approach
11. Lack of coordination within the federal government
12. All the above
13. None of the above

Answer 13

1. A culture of merely complying with reporting requirement
2. Lack of an enterprise approach
3. Lack of coordination within the federal government

ALL THE ABOVE

Question 14

9. What is the name of the FISMA data-collection tool?

Answer 14

CyberScope

Question 15

10. Which type of NIST guidance follows a formal creation process?
11. Special Publications
12. Federal Information Processing Standards
13. Guidelines for Information Security
14. Fair information practice principles
15. None of the above

Answer 15

Federal Information Processing Standards

Question 16

11. How many steps are there in the NIST Risk Management Framework?
12. Six
13. Five
14. Four
15. Three
16. None of the above

Answer 16

Six

Question 17

12. Which level of impact for a FIPS security category best describes significant damage to organizational assets?
13. Low
14. Moderate
15. High
16. Severe
17. None of the above

Answer 17

Moderate

Question 18

13. FedCIRC is the federal information security incident center.
    TRUE OR FALSE

Answer 18

FALSE

Question 19

14. How quickly must a federal agency report an unauthorized access incident?
15. Monthly
16. Weekly
17. Daily
18. Within two hours of discovery
19. Within one hour of discovery

Answer 19

Within one hour of discovery

Question 20

15. How many categories of security controls are designated in FIPS 200?
16. 20
17. 19
18. 18
19. 17
20. None of the above

Answer 20

17

Question 21

16. The following info is defined as ___?
    * State what information is to be collected;
    * Why the information is being collected;
    * The intended use of the information;
    * How the agency will share the information;
    * Whether people have the opportunity to consent to specific uses of the info;
    * How the information will be secured;
    * Whether the info collected will be a system of records as defined by the Privacy Act of 1974

Answer 21

What information a federal agency must include in a privacy impact assessment.