Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

FedVTE CAP Exam Questions and Answers, Exams of Nursing

The College of New Jersey (TCNJ)Nursing

A set of multiple-choice questions and answers related to the fedvte cap exam. It covers topics such as asset loss through inappropriate computer use, fisma regulations, security control monitoring, discretionary access control lists (dacl), fips publication 199 impact levels, information system security monitoring, configuration management, system authorization processes, and security breach response techniques. Useful for individuals preparing for the fedvte cap exam.

Typology: Exams

2024/2025

Available from 02/07/2025

smart-scores
smart-scores 🇺🇸

5

(2)

7.1K documents

1 / 27

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ
⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ
⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ
⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ
⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ
FedVTE CAP exam with correct answers
εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ⪛⪴⪴⪷⪱⪘⪞⪴⪸ ⪛⪴⪴⪷⪱⪘⪞⪴⪸
εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ⪛⪴⪴⪷⪱⪘⪞⪴⪸ ⪛⪴⪴⪷⪱⪘⪞⪴⪸
εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ⪛⪴⪴⪷⪱⪘⪞⪴⪸ ⪛⪴⪴⪷⪱⪘⪞⪴⪸
Which of the following groups represents the most likely source of an asset loss
through the inappropriate use of computers?
A. Employees
B. Hackers
C. Visitors
D. Customers - correct answer A. Employees
FISMA charges which one of the following agencies with the responsibility of
overseeing the security policies and practices of all agencies of the executive
branch of the Federal government?
A. Office of Management and Budget (OMB)
B. National Institute of Standards and Technology (NIST)
C. National Security Agency (NSA)
D. Department of Justice - correct answer A. Office of Management and
Budget (OMB)
⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ
⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ
⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ
⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ
⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b

Partial preview of the text

Download FedVTE CAP Exam Questions and Answers and more Exams Nursing in PDF only on Docsity!

FedVTE CAP exam with correct answers

⪛⪴⪴⪷⪱⪘⪞⪴⪸ εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ ⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ ⪛⪴⪴⪷⪱⪘⪞⪴⪸ εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ ⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ ⪛⪴⪴⪷⪱⪘⪞⪴⪸ εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ ⪛⪴⪴⪷⪱⪘⪞⪴⪸εΘΙΙμλΜιΙππππ ιΤΜΜτλμτΧ

Which of the following groups represents the most likely source of an asset loss

through the inappropriate use of computers?

A. Employees

B. Hackers

C. Visitors

D. Customers - correct answer ✔A. Employees

FISMA charges which one of the following agencies with the responsibility of

overseeing the security policies and practices of all agencies of the executive

branch of the Federal government?

A. Office of Management and Budget (OMB)

B. National Institute of Standards and Technology (NIST)

C. National Security Agency (NSA)

D. Department of Justice - correct answer ✔A. Office of Management and

Budget (OMB)

Which one of the following publications provides details of the monitoring

security control?

A. NIST SP 800 53

B. NIST SP 800 42

C. NIST SP 800 37

D. NIST SP 800 41 - correct answer ✔C. NIST SP 800 37

Which of the following statements about Discretionary Access Control List

(DACL) is true?

A. It is a list containing user accounts, groups, and computers that are allowed

(or denied) access to the object.

B. It specifies whether an audit activity should be performed when an object

attempts to access a resource.

C. It is a unique number that identifies a user, group, and computer account.

D. It is a rule list containing access control entries. - correct answer ✔A. It is a

list containing user accounts, groups, and computers that are allowed (or

denied) access to the object.

A. Senior Agency Information Security Officer

B. Authorizing Official

C. Common Control Provider

D. Chief Information Officer - correct answer ✔C. Common Control Provider

Which of the following is not a standard phase in the System Authorization

Process?

A. Pre certification

B. Post authorization

C. Post certification

D. Certification - correct answer ✔C. Post certification

What is the potential impact if the loss of confidentiality, integrity, or

availability could be expected to have a limited adverse effect on organizational

operations, organizational assets, individuals, other organizations, or the

national security interests of the United States?

A. Low

B. Moderate

C. High

D. Limited - correct answer ✔A. Low

An assessment procedure consists of a set of which things, each with an

associated set of potential assessment methods and assessment objects?

A. Assessment objectives

B. Security controls

C. Operational requirements

D. Assessment objects - correct answer ✔A. Assessment objectives

This process is used to determine if the security controls in the information

system continue to be effective over time in light of the inevitable changes that

occur in the system as well as the environment in which the system operates

between authorization decisions.

A. Continuous monitoring

B. Configuration management

D. NIST SP 800 37 - correct answer ✔A. NIST SP 800 59

Subsequent to a security breach, which of the following techniques are used

with the intention to limit the extent of damage caused by the incident?

A. Corrective controls

B. Preventive controls

C. Change controls

D. Incident controls - correct answer ✔A. Corrective controls

What process should be initiated when changes to the information system

negatively impact the security of the system or when a period of time has

elapsed as specified by agency or federal policy?

A. IS audit

B. Systems acquisition

C. Reauthorization

D. Reclassification of data - correct answer ✔C. Reauthorization

Which of the following documents can be best aid in selecting controls to be

monitored?

A. NIST SP 800 37

B. FISMA

C. FIPS 199

D. NIST SP 800 18 - correct answer ✔C. FIPS 199

Applying the first three steps in the RMF to legacy systems can be viewed in

what way to determine if the necessary and sufficient security controls have

been appropriately selected and allocated?

A. Sequential

B. Level of effort

C. Gap analysis

D. Common control - correct answer ✔C. Gap analysis

In which type of access control do user ID and password system come under?

What assessment procedure is designed to work with and complement the

assessment procedures to contribute to the grounds for confidence in the

effectiveness of the security controls employed in the information system?

A. Extended

B. Subordinate

C. Based

D. Cross control - correct answer ✔A. Extended

Why would the authorization decision issue a determination of Not Authorized?

A. If the system is not authorized (NA) to process classified information.

B. If it is deemed that the agency level risk is unacceptably high.

C. If the system is mission critical and requires an interim authority to operate.

D. The information system is always accredited without any restrictions or

limitations on its operation. - correct answer ✔B. If it is deemed that the agency

level risk is unacceptably high.

Which of the following persons is responsible for testing and verifying whether

the security policy is properly implemented and the derived security solutions

are adequate or not?

A. Data owner

B. Data custodian

C. User

D. Auditor - correct answer ✔D. Auditor

FITSAF stands for Federal Information Technology Security Assessment

Framework. It is a methodology for assessing the security of information

systems. Which of the following FITSAF levels shows that the procedures and

controls have been implemented?

A. Level 2

A. Substantial

B. Abbreviated

C. Comprehensive

D. Significant - correct answer ✔B. Abbreviated

The British Standard BS7799 was the basis for which of the following standards?

A. ISO/IEC 154508

B. ISO/IEC 17799

C. ICO/ICE 17799

D. Executive Order (E.O.) 13231 - correct answer ✔B. ISO/IEC 17799

If an organization shares financial and personal details of a client to other

companies without prior consent of the individuals that organization is violating

what following Internet law?

A. Security law

B. Copyright law

C. Privacy law

D. Trademark law - correct answer ✔C. Privacy law

Which of the following NIST Special Publication documents provides a guideline

on network security testing?

A. NIST SP 800 53A

B. NIST SP 800 53

C. NIST SP 800 42

D. NIST SP 800 37 - correct answer ✔C. NIST SP 800 42

How many steps are defined in the RMF process?

Which of the following classification levels defines the information that, if

disclosed to the unauthorized parties, could be reasonably expected to cause

exceptionally grave damage to the national security?

A. Top Secret information

B. Secret information

C. Confidential information

D. Unclassified information - correct answer ✔A. Top Secret information

Which of the following statements best describes the difference between the

role of a data owner and the role of a data custodian?

A. The data owner implements the information classification scheme after the

initial assignment by the custodian.

B. The custodian implements the information classification scheme after the

initial assignment by the operations manager.

C. The data custodian implements the information classification scheme after

the initial assignment by the data owner.

D. The custodian makes the initial information classification assignments and

the operations manager implements the scheme. - correct answer ✔C. The data

custodian implements the information classification scheme after the initial

assignment by the data owner.

FIPS 200 provides how many minimum security requirements for federal

information and information systems? The requirements represent a broad

based, balanced information security program that addresses the management,

operational, and technical aspects of protecting the CIA of federal information

and information systems.

A. 5

B. 17

C. 21

D. 10 - correct answer ✔B. 17

This stakeholders involvement is required to determine acceptable residual risk

and also advises the development team if the risks associated with eventual

operation of the system appear to be unacceptable.

A. Plan of action and milestones

B. System security plan

C. System discrepancy plan

D. System deficiency plan - correct answer ✔A. Plan of action and milestones

Which of the following governance bodies directs and coordinates

implementations of the information security program?

A. Chief Information Security Officer

B. Information Security Steering Committee

C. Senior Management

D. Business Unit Manager - correct answer ✔A. Chief Information Security

Officer

The authorization decision document conveys the final security authorization

decision from the authorizing official to the information system owner. The

authorization decision document contains all of the following information

except?

A. Authorization decision

B. Terms and conditions for the authorization

C. Approving revisions to the SSAA

D. Authorization termination date - correct answer ✔C. Approving revisions to

the SSAA

Which of the following acts is used to recognize the importance of information

security to the economic and national security interests of the United States?

A. FISMA

B. Computer Fraud and Abuse Act

C. Lanham Act

D. Computer Misuse Act - correct answer ✔A. FISMA