INFORMATION SYSTEMS AND SECURITY, Exams of Management Information Systems

MANAGEMENT INFORMATION SYSTEMS

Typology: Exams

2024/2025

Available from 04/24/2025

mwangi-daniel-wanjohi
mwangi-daniel-wanjohi šŸ‡»šŸ‡¬

14 documents

1 / 26

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
INFORMATION SECURITY
1. Which of the following security program areas would you find practitioners who train and/
or advise Original Classification Authorities in the application of the process for making
classification determinations?
A. Information Security
B. Physical Security
C. Personnel Security
D. Industrial Security CORRECT ANSWERS A. Information Security"
2. Which of the following security program areas would you find practitioners working with a
facility's Antiterrorism Officer to deploy defensive measures designed to reduce the facility's
vulnerability from terrorist attacks?
A. Information Security
B. Physical Security
C. Personnel Security
D. Industrial Security CORRECT ANSWERS B. Physical Security"
3. Which of the following security programs areas would you find practitioners involved with
processes that monitor employees for new information that could affect their security clearance
eligibility status?
A. Foreign Disclosure
B. Information Security
C. International Security
D. Operations Security
E. Personnel Security
F. Physical Security
G. Research and Technology Protection
H. Information Assurance CORRECT ANSWERS E. Personnel Security"
1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a

Partial preview of the text

Download INFORMATION SYSTEMS AND SECURITY and more Exams Management Information Systems in PDF only on Docsity!

INFORMATION SECURITY

  1. Which of the following security program areas would you find practitioners who train and/ or advise Original Classification Authorities in the application of the process for making classification determinations? A. Information Security B. Physical Security C. Personnel Security D. Industrial Security CORRECT ANSWERS A. Information Security"
  2. Which of the following security program areas would you find practitioners working with a facility's Antiterrorism Officer to deploy defensive measures designed to reduce the facility's vulnerability from terrorist attacks? A. Information Security B. Physical Security C. Personnel Security D. Industrial Security CORRECT ANSWERS B. Physical Security"
  3. Which of the following security programs areas would you find practitioners involved with processes that monitor employees for new information that could affect their security clearance eligibility status? A. Foreign Disclosure B. Information Security C. International Security D. Operations Security E. Personnel Security F. Physical Security G. Research and Technology Protection H. Information Assurance CORRECT ANSWERS E. Personnel Security"
  1. Two security professionals - Paul and Ashley - are discussing security program areas. Paul says that Information Security practitioners train and/or advise Original Classification Authorities in the application of the process for making classification determinations. Ashley says that Physical Security practitioners work with a facility's Antiterrorism Officer to deploy defensive measures designed to reduce the facility's vulnerability from terrorist attacks. Who is correct? A. Paul is correct B. Ashley is correct C. Paul and Ashley are both correct D. Paul and Ashley are both incorrect CORRECT ANSWERS C. Paul and Ashley are both correct"
  2. Two security professionals - Paul and Ashley - are discussing security program areas. Paul says that Information Security practitioners work with a facility's Antiterrorism Officer to deploy defensive measures designed to reduce the facility's vulnerability from terrorist attacks. Ashley says that Personnel Security practitioners train and/or advise Original Classification Authorities in the application of the process for making classification determinations. Who is correct? A. Paul is correct B. Ashley is correct C. Paul and Ashley are both correct D. Paul and Ashley are both incorrect CORRECT ANSWERS D. Paul and Ashley are both incorrect"
  3. Which of the following is a true statement regarding the special handling requirements of Foreign Government Information (FGI)? a. When the classification marking on a document containing FGI is not in English, or when the foreign government marking requires a different degree of protection than the same U.S. classification designation, a U.S. marking that results in a degree of protection equivalent to that required by the foreign government shall be applied.
  1. What is included in the markings of classified information? a. Derivative classifier as the authority to make declassification determinations. b. Agencies and authorities that have previously accessed the classified information. c. Document holder as the sole authority to make transfer and dissemination determinations. d. Sources and reasons for the classification. CORRECT ANSWERS C"
  2. What is the purpose of the Controlled Access Program Coordination (CAPCO) register? a. To identify the categories, types, and levels of Special Access Programs (SAPs.) b. To define the authorities for classifying, declassifying, and regrading sensitive documents. c. To identify the official classification and control markings, and their authorized abbreviations and portion markings. d. To define the requirements, restrictions, and measures necessary to safeguard classified information from unauthorized disclosure. CORRECT ANSWERS C"
  3. When classified data spill occurs, who is responsible for ensuring that policy requirements for addressing an unauthorized disclosure are met? a. Activity Security Manager b. Information Assurance Staff c. Information Assurance Manager d. Information Assurance Officer CORRECT ANSWERS A"
  4. There are five information assurance attributes that are important to protect and defend DoD networks and information. If there was a loss in non- repudiation, what would this cause in relation to information assurance? a. Data is no longer reliable, accurate, nor trusted. b. Data may potentially be available to unauthorized users via electronic form. c. General communications are no longer trusted. d. Potential of unauthorized access to classified data. e. Data is no longer available to authorized users, and missions cannot be conducted. CORRECT ANSWERS B"
  1. Which of the following examples describes a security violation rather than a security infraction? a. On a busy day, Karen printed classified documents on the printer in her open storage/secure room. She forgot about the documents and they remained on the printer for about an hour before she retrieved them. b. Karen was late for a meeting in a different area of her building. She put a classified document in a folder she believed was marked for carrying classified materials. When handing out the materials, Karen realized that the folder was not marked for carrying classified materials, she had put the documents in the wrong folder. c. At the end of the day, Karen was leaving and taking with her unclassified documents she would review at home. When she began to review those documents that night, she realized that classified materials had slipped in between the unclassified materials. d. Karen was working a mission rela CORRECT ANSWERS C"
  2. The inability to deny you are the sender of an email would be an indication of a lapse in a. Non-Repudiation b. Confidentiality c. Integrity d. Availability CORRECT ANSWERS A. Non-repudiation"
  3. Unauthorized disclosure and loss of privacy is a lapse in a. Confidentiality b. Integrity c. Availability d. Authentication CORRECT ANSWERS A"
  4. Which of the following is the first action done to downgrade, declassify or remove classification markings? a. Through the appropriate chain of command, contact the original classification authority (OCA) to confirm that information does not have an extended classification period.
  1. Review of Tier 5 on an individual disclosed that the subject had been a member of an anarchist organization dedicated to disestablishing existing Federal laws and overthrowing the U.S. government by any means necessary, including violence. Although the subject terminated his membership with the organization upon learning he would be investigated for a clearance for his new position, he still maintains social contact with several members of the anarchist organization. Based on this information, which of the following adjudicative guidelines is most appropriate for an adjudicator to apply to the case? a. Psychological Conditions b. Foreign Preference c. Allegiance to the United States d. Criminal Activity CORRECT ANSWERS C"
  2. Which of the following is considered an element of the Personnel Security Program (PSP)? a. Risk Assessment and Analysis b. Implementation c. Classification d. Continuous Evaluation CORRECT ANSWERS D"
  3. Limited access to classified information for specific programs may be approved for non-U.S. citizens only under which of the following conditions? a. The subject is eligible to access material marked by a foreign government that is equivalent to a U.S. Top Secret classification marking. b. The subject will only have one-time access to specific material, after which the material will be appropriately destroyed or returned to the originating U.S. agency c. The subject will only have access to classified U.S. documents containing Foreign Government Information (FGI) originating from the foreign country of which the subject is a citizen. d. The prior 10 years of the subject's life can be appropriately investigated. CORRECT ANSWERS D"
  4. Which of the following is the investigative requirement for access to Single Integrated Operational Plan-Extremely Sensitive Information (SIOP- ESI)? a. Individual has a valid favorably adjudicated Tier 5 or Single Scope Background (SSBI) Investigation. b. Individual has a valid favorable adjudicated Tier 3 or National Agency Check with Local Agency Check (NACLC) investigation.

c. Individual has a valid favorably adjudicated Tier 3 or Access National Agency Check with Written Inquiries and Credit Check (ANACI) investigation. d. Individual has a valid favorably adjudicated Tier. CORRECT ANSWERS A"

  1. Which of the following is not qualifying criteria for personnel assigned to nuclear weapons personnel reliability assurance positions? a. Individual must be a U.S. Citizen b. Individual has a security clearance eligibility in accordance with the position c. Individual is subject to a periodic reinvestigation every three years d. Individual must be continuous evaluated CORRECT ANSWERS C"
  2. Which of the following is correct regarding the investigation requirement for initial assignment to a Presidential Support Activities (i.e. Yankee White) Category 2 position? a. Favorably completed Tier 5/Single Scope Background Investigation (SSBI) within 36 months preceding selection. b. Favorably completed Tier 3/National Agency Check with Local Agency Check (NACLC) within 36 months preceding selection. c. Favorably completed Tier 5/SSBI within 24 months preceding selection. d. Favorably completed Tier 3/NACLC within 24 months preceding selection. CORRECT ANSWERS A"
  3. Which of the following adjudication processes refers to a person's identifiable character traits and conduct sufficient to decide whether employment or continued employment would or would not protect the integrity or promote the efficiency of the Federal service? a. Homeland Security Presidential Directory (HSPD) 12 credentialing b. National security adjudication c. Suitability adjudication d. Continuous evaluation CORRECT ANSWERS C"
  4. All unclassified DoD information in the possession or control of non-DoD entities on non-DoD information systems, to the extent provided by the applicable grant, shall minimally be safeguarded under which of the following standards?

d. Psychological Conditions CORRECT ANSWERS A"

  1. A position designated as a DoD noncritical-sensitive civilian position may fall under any of the following criteria, EXCEPT: a. A position not requiring eligibility for access to classified information, but having the potential to cause significant or serious damage to the national security. b. A position requiring eligibility for access to Top Secret information. c. A position requiring eligibility for access to confidential information. d. A position requiring eligibility for access to secret information. CORRECT ANSWERS B"
  2. What information must a statement of reasons (SOR) include? a. SOR must state why an unfavorable national security eligibility determination is being proposed. b. SOR must explain each security concern and state the specific facts that trigger each security concern. c. The SOR must identify applicable adjudicative guideline(s) for each concern, and provide the disqualifying conditions and mitigating conditions for each guideline. d. All of the Above CORRECT ANSWERS D" "34. Which type of briefing is used to obtain confirmation that a cleared employee agrees never to disclose classified information to an unauthorized person? a. Special Briefings - Courier b. Original Classification Authority (OCA) Briefing c. Special Briefings - Non-Disclosure d. Debriefing CORRECT ANSWERS C"
  3. ___________is the security system performance goal of immediate indication of deliberate attempts, security probing and warning for inadvertent or mistaken intention is an example of which system security capability? a. Detect b. Assessment c. Deterrence d. Delay CORRECT ANSWERS C"
  1. Two security professionals - Paul and Ashley - are discussing secure rooms, containers, and vaults. Paul says weapons or sensitive items such as funds, jewels, or precious metals should not be stored in the same security container as classified information. Ashley says the General Service Administration approves security containers used to store classified information. Who is correct? a. Paul is correct b. Ashley is correct c. Paul and Ashley are both correct d. Paul and Ashley are both incorrect CORRECT ANSWERS C"
  2. Which of the following is not a distinct phase of the Intrusion Detection System? a. Detection b. Control c. Assessment d. Response CORRECT ANSWERS B"
  3. Which of the following would be considered a public safety crime? a. Theft of ammunition shipment for the purpose of criminal or gang related activity. b. Theft of sensitive, proprietary information relating to US aerospace and defense technologies. c. Deliberate destruction of DoD assets or interruption of normal operations. d. Theft of an item and use of it outside of its intended purpose or without permission. CORRECT ANSWERS A"
  4. Which of the following best describes the goal of the Physical Security Program? a. To ensure that industry safeguards the classified information in their possession, while performing work on contracts, bids, or research and development efforts on behalf of the government. b. To protect assets against compromise resulting from activities such as espionage, sabotage, terrorism, damage or loss, and criminal. c. To ensure that only loyal, trustworthy, and reliable individuals may access classified information or perform sensitive duties. d. To create uniform policies and procedures for defense acquisition by all executive agencies. CORRECT ANSWERS B"
  1. Requests for authorizing disclosure of classified information during visits must include all the following information, EXCEPT: a. The explanation of the government purpose to perform when disclosing classified information. b. The subject of the meeting, scope of classified topics and classification level c. Expected time and location of the meeting. d. The main content of the invitation to send to the participants. CORRECT ANSWERS C"
  2. Two security professionals - Paul and Ashley
  • are discussing the security procedures for visits and meetings. Paul says visits must serve a specific U.S. Government purpose. Ashley says DoD Components should, as a minimum, establish procedures that include verification of the identity, personnel security clearance, access (if appropriate), and need-to- know for all visitors. Who is correct? a. Paul is correct b. Ashley is correct c. Paul and Ashley are both correct d. Paul and Ashley are both incorrect CORRECT ANSWERS A"
  1. Executive Order 12829, signed in January 1993, mandated that which of the following entities be responsible for implementing and monitoring the National industrial Security Program (NISP)? a. Director of the Information Security Oversight Office (ISOO) b. Secretary of Defense c. National Security Council (NSC) d. Director, Defense Security Services (DSS) CORRECT ANSWERS A"
  2. What is the role of the government contracting activity (GCA), or cleared prime contractor, when a contractor that does not have a Facility Clearance (FCL) wants to bid on a Request for Proposal (RFP) that requires access to classified information? a. The GCA must issue a formal letter rejecting the contractor's bid since the contractor does not have the requisite FCL. b. The contractor must submit a sponsorship request to DSS, who will decide whether to allow the contractor to bid on the contract. c. The GCA must sponsor the contractor for a facility security clearance by submitting a sponsorship request to DSS, which initiates the facility clearance process.

d. The GCA must ensure that the all owners and senior management of the uncleared contractor are U.S. citizens and are eligible to be processed for a personnel security clearance. CORRECT ANSWERS C"

  1. What is the purpose of the Federal Acquisition Regulations (FAR)? a. To codify and publish uniform policies and procedures for acquisition by all executive agencies. b. To manage DoD funds and prioritize the development of vital research and technology. c. To provide small businesses and minority owned companies an opportunity to compete in the government acquisition process. d. To promote uniform standards and best practices of technology acquisition across U.S. industry. CORRECT ANSWERS A"
  2. What is the role of the security professional during the "Award Contract" step of the contracting process? a. To ensure the appropriate classification level for the bid, and to define unique security requirements associated with the product. b. To interface with the Cognizant Security Organization (CSO) to ensure oversight is performed and review results of and previous assessments on behalf of component. c. To ensure that the contractor follows proper safeguarding and disposition guidance. d. To review and define the specific security requirements with the contracting officer - specifically, block 13 of DD Form 254. CORRECT ANSWERS D"
  3. What is the purpose of DD Form 254? a. To convey security classification guidance and to advise contractors on the handling procedures for classified material. b. To document the formal agreement between the US government and a cleared contractor in which the contactor agrees to maintain a security program in compliance with the NISPOM and the government agrees to security guidance and program oversight. c. To validate details regarding the foreign ownership, control or influence affecting that cleared contractor facility. d. It replaces the actual contract document for any contract requiring access to classified information. CORRECT ANSWERS A"
  1. Which type of briefing is used to reinforce the information provided during the initial security briefing and to keep cleared employees informed of appropriate changes in security regulations? a. Annual Refresher Briefings b. Indoctrination Briefings c. Attestation Briefings d. Courier Briefings CORRECT ANSWERS A"
  2. Which step of the Operations Security (OPSEC) process would be applied when conducting exercises, red teaming and analyzing operations? a. Conduct a Risk Assessment b. Apply OPSEC Countermeasures c. Conduct a Threat Analysis d. Conduct a Vulnerability Analysis CORRECT ANSWERS B"
  3. Which step of the Operations Security (OPSEC) process would be applied when identifying potential adversaries and the associated capabilities and intentions to collect, analyze, and exploit critical information and indicators? a. Conduct a Vulnerability Analysis b. Conduct a Threat Analysis c. Conduct a Risk Assessment d. Apply OPSEC Countermeasures CORRECT ANSWERS B"
  4. Please determine which of the following is an element of an Operations Security (OPSEC) Assessment. a. Small in scale and focused on evaluating the effectiveness of the OPSEC program. b. Conducted on an annual basis. c. Uses external resources collectively to conduct with or without the use of indigenous resources. d. Determines the likelihood that critical information can be protected based on procedures that are currently in place. CORRECT ANSWERS C"
  5. To provide access to Social Media sites, the DoD agency must provide all of the following, EXCEPT:

a. Protection against malware and advance threats. b. Blocked access to prohibited sites and content. c. Individual compliance with Joint Ethics Regulations and guidelines. d. Constant monitoring to deter inappropriate site access. CORRECT ANSWERS D"

  1. Whose responsibility is it during the categorize steps to identify a potential impact (low, moderate, or high) due to loss of confidentiality, integrity, and availability if a security breach occurs?** a. Information System Owner (ISO) b. Information Owner (IO) c. Information System Security Manager (ISSM) d. Authorizing Official (AO) CORRECT ANSWERS B"
  2. Please determine which of the following is an example of reportable foreign intelligence contacts, activities, indicators, and behaviors. a. Authorizing others to acquire unauthorized access to classified or sensitive information systems. b. Unauthorized downloads or uploads of sensitive data. c. Network spillage incidents or information compromise. d. Use of DoD account credentials by unauthorized parties. CORRECT ANSWERS A"
  3. Limiting nonsecure computer e-mail messages to nonmilitary activities and not providing operational information in nonsecure e-mail messages are functions of which OPSEC measure? a. Operational and Logistic Measures b. Technical Measures c. Administrative Measures d. Operations Security and Military Deception CORRECT ANSWERS B"
  4. Which of the following is NOT a category of Information Technology (IT)?** a. Platform Information Technology (PIT) b. Information Technology Services c. Information Technology Products
  1. What family of controls does Security Functionality Verification belong to?** a. System and Communications Protection b. Maintenance c. System and Information Integrity d. Audit and Accountability CORRECT ANSWERS C"
  2. What does "AO" stand for? CORRECT ANSWERS Authorizing Official" "What is a SAR as related to cyber security? CORRECT ANSWERS System Assessment Report"
  3. What activities occur when authorizing the system? (select all that apply) a. Implement decommissioning strategy b. Develop, review, and approve Security Assessment Plan c. Prepare the Plan of Action and Milestones (POA&M) d. Submit security authorization package CORRECT ANSWERS C & D"
  4. What activities occur when assessing security controls? (Select all that apply) A. prepare the plan of action and milestones (POA&M) B. conduct final risk determination C. Develop, plan, and approve Security Assessment Plan D. Prepare Security Assessment Report CORRECT ANSWERS C & D"
  5. What activities occur when monitoring security controls? (Select all that apply) A. Prepare the Plan of Action and Milestones (POA&M) B. Develop, review, and approve Security Assessment Plan C. Implement decommissioning strategy D. Determine impact of changes CORRECT ANSWERS C & D"
  6. What are the cybersecurity attributes? Select all that apply. A Confidentiality

B Integrity C Availability D Authentication E Non-repudiation CORRECT ANSWERS All of the above"

  1. Why do you need to be aware of cybersecurity? A. To uphold all elements of the National Industrial Security Program Operating Manual B. To appropriately manage risk by mitigating threats and vulnerabilities C. To examine your own actions and activities to uphold personal accountability D. To ensure all appropriate measures are taken to protect a place and ensure only people with permission enter and leave it CORRECT ANSWERS B"
  2. What are the cybersecurity drivers? A. NIST 800-30 Rev 1 Guide for Conducting Risk Assessments B. DoD 8530.01 Cybersecurity Activities Support to DoD Information Network Operations C. DoD 8510.01 Risk Management Framework D. DoD 8500. E. DoD Security Policy CORRECT ANSWERS All of the above"
  3. Which skills do security personnel need? A. Protect information systems. B. Identify all cybersecurity concepts. C. Identify fundamental cybersecurity concepts that are related to the protection of classified and controlled unclassified information. D. Examine their role in protecting DoD's information systems and the information they process, transmit, and store. CORRECT ANSWERS D"
  4. What is the primary responsibility of security personnel? A. Monitor, evaluate, and provide advice to the Secretary of Defense B. Protect classified information and controlled unclassified information