FITSP - Manager Questions Newest 2026-2027 Actual Exam

pg. 1

FITSP - Manager Questions Newest 2026-2027 Actual Exam With Complete Questions And Correct Detailed Answers (Verified Answers) |Already Graded A+

What is designed to force implementation of HSPD-12 Personal Identity Verification criteria along with M05-24,M06-06,M-06-18,M08-01 and M11-11. - ANSWER-M-04-04 E-Authentication Guidance for Federal Agencies

What does M-06-15 Safeguarding PII require? - ANSWER-Requires privacy policies for each agency and the public release of these policies

What does M-06-19 PII Reporting require? - ANSWER-Requires reporting of potential PII data-breach events to Federal CERT within on hour of their discovery.

What does M-07-16 Privacy and Privacy Reporting cover? - ANSWER- Safeguarding PII Breach Notification Policy SAOP Reporting Metrics -Information security systems (w/PII) -PIA and SORNs -Privacy Training 1 / 4

pg. 2

-PIA and web privacy policies and processes -Written privacy complaints -SAOP advice and guidance -Agency use of web management and customization technologies (e.g.cookies) Requires an agency-based incident handling policy.

Why was M-09-32 Trusted Internet Connections initiated? - ANSWER- OMB started the TIC initiative to consolidate the number of external access points, including internet connections, and to ensure that all external connections are routed thru an OMB-approved TIC

What does OMB Memorandum 10-28, "Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and the Department of Homeland Security cover? - ANSWER-Set OMB as Reporting agency and DHS and gathering agency for Cybersecurity data and events.

What reporting instructions have changed for OMB M11-33/M11-

02/M12-02? - ANSWER-Cyberscope:

What is the purpose of the US Government Configuration Baseline (USGCB)? - ANSWER-The USGCB initiative is to create a security configuration baseline for IT product widely deployed across Federal agencies 2 / 4

pg. 3

As for Reporting Instructions, must the DOD and ODNI follow OMB policy and NIST guideline? Yes or No - ANSWER-Yes

As for Reporting Instructions, is reauth required every three years? Yes or No - ANSWER-No

What are the Phases of the SDLC - ANSWER-Initiation Development/Acquisition Implementation Operation/Maintenance Disposal

What are the 3 tier in Organizational Wide Risk Management? - ANSWER-Tier 1 - Organization (Governance) Tier 2 - Misson/Bussiness Process (Information and Infomation Flow) Tier 3 - Information System (Enviroment of Operation)

What does Tier 1 Risk cover? - ANSWER-Governance Methodologies Techniques and Procedures Mitigation Methods Risk Tolerance 3 / 4

pg. 4

Ongoing Monitoring

What does Tier 2 address? - ANSWER-Tier 2 addresses risk from a mission and business process prespective and is guided by the risk decisions in Tier 1

What does Tier 3 address? - ANSWER-Tier 3 addresses risk from an information system perspective and is guided by the risk decisions at Tiers 1 and Tier 2

What NIST SPs cover Security Architeture - ANSWER-SP-800-14, SP- 800-27 and SP-800-160

What are the four component of RMF - ANSWER-Frame (risk) Assess (risk) Respond (to risk one determied) Monitor (risk on an ongoing basis)

Which two NIST SP provide management overview and risk assessment guidance on risk management? - ANSWER-SP-800-37R1 - Guide to Applying the Risk Management Framework to Federal Information Systems SP-800-39 - Managing Information Security Risk (superseded SP-800- 30

• / 4