FIPS 199 defines the three levels of potential impact on organizations: low, moderate, and high. Which of the following are the effects of loss of confidentiality, integrity, or availability in a high level potential impact?
The following are the effects of loss of confidentiality, integrity, or availability in a high level
potential impact:
It might cause a severe degradation in or loss of mission capability to an extent.
It might result in a major damage to organizational assets.
It might result in a major financial loss.
It might result in severe harms such as serious life threatening injuries or loss of life.
Registration Task 5 identifies the system security requirements. Which of the following elements of Registration Task 5 defines the type of data processed by the system?
Data security requirement defines the type of data processed by the system.
Answer option C is incorrect. Applicable instruction or directive defines the security instructions or
directives applicable to the system.
Answer option D is incorrect. Security concept of operation defines the following elements:
Security CONOPS
System input
System processing
Final outputs
Security controls and interactions
Connections with external systems
Answer option B is incorrect. Network connection rule is used to find the additional requirements
incurred if the system is to be connected to
any other network or system.
Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions?
Answer option A is incorrect. The Defense Technical Information Center (DTIC) is a repository of
scientific and technical documents for the United States Department of Defense. DTIC serves the
DoD community as the largest central resource for DoD and government-funded scientific, technical,
engineering, and business related information available today. DTIC's documents are available to
DoD personnel and defense contractors, with unclassified documents also available to the public.
DTIC's aim is to serve a vital link in the transfer of information among DoD personnel, DoD
contractors, and potential contractors and other U.S. Government agency personnel and their
contractors. Answer option D is incorrect. The Defense Advanced Research Projects Agency (DARPA)
is an agency of the United States Department of Defense responsible for the development of new
technology for use by the military. DARPA has been responsible for funding the development of
many technologies which have had a major effect on the world, including computer networking, as
well as NLS, which was both the first hypertext system, and an important precursor to the
contemporary ubiquitous graphical user interface. DARPA supplies technological options for the
entire Department, and is designed to be the 'technological engine' for transforming DoD. Answer
option C is incorrect. The Defense-wide Information Assurance Program (DIAP) protects and
supports DoD information, information systems, and information networks, which is important to
the Department and the armed forces throughout the day-to-day operations, and in the time of
crisis.The DIAP uses the OSD method to plan, observe, organize, and incorporate IA activities. The
role of DIAP is to act as a facilitator for program execution by the combatant commanders, Military
Services, and Defense Agencies. The DIAP staff combines functional and programmatic skills for a
comprehensive Defense-wide approach to IA. The DIAP's main objective is to ensure that the DoD's
vital information resources are secured and protected by incorporating IA activities to get a secure
net-centric GIG operation enablement and information supremacy by applying a Defense-in-Depth
methodology that integrates the capabilities of people, operations, and technology to establish a
multi-layer, multidimensional protection.
You work as a systems engineer for BlueWell Inc. You want to protect and defend information and
information systems by ensuring their availability, integrity, authentication, confidentiality, and non-
repudiation. Which of the following processes will you use to accomplish the task?
Information assurance (IA) is the process of organizing and monitoring information-related risks. It
ensures that only the approved users have
access to the approved information at the approved time. IA practitioners seek to protect and
defend information and information systems by
ensuring confidentiality, integrity, authentication, availability, and non-repudiation. These objectives
are applicable whether the information is
in storage, processing, or transit, and whether threatened by an attack.
Answer option D is incorrect. ISSE is a set of processes and solutions used during all phases of a
system's life cycle to meet the system's
information protection needs.
Answer option C is incorrect. Risk analysis is the science of risks and their probability and evaluation
in a business or a process. It is an
important factor in security enhancement and prevention in a system. Risk analysis should be
performed as part of the risk management
process for each project. The outcome of the risk analysis would be the creation or review of the risk
register to identify and quantify risk
elements to the project and their potential impact.
Answer option B is incorrect. Risk management is a set of processes that ensures a risk-based
approach is used to determine adequate, cost-
effective security for a system.
Which of the following types of cryptography defined by FIPS 185 describes a cryptographicalgorithm or a tool accepted by the National Security Agency for protecting classified information?
The types ofcryptography defined by FIPS 185 are as follows:
Type I cryptography: It describes a cryptographic algorithm or a tool accepted bythe NationalSecurity Agency for protecting classifiedinformation.
Type II cryptography: It describes a cryptographic algorithm or a tool accepted by theNationalSecurity Agency for protectingsensitive, unclassifiedinformation in the systems as stated in Section 2315 ofTitle 10, United StatesCode, or Section3502(2) ofTitle44, United States Code.
Type III cryptography: It describes a cryptographic algorithm or a tool accepted as a FederalInformation Processing Standard.
Type III (E) cryptography: It describes a Type III algorithm or a tool that is accepted for export fromthe United States.
Currently there are no comments in this discussion, be the first to comment!