PMT 252 252 Module 8 Exam | Defense Acquisition University

Contains 16 Questions (Attempt=1/3) Module 8 Exam 1) Which of the following Test and Evaluation (T&E) phases occurs the latest? Adversarial Assessment Cooperative Vulnerability Identification Cooperative Vulnerabili ...

Contains 16 Questions (Attempt=1/3) Module 8 Exam 1) Which of the following Test and Evaluation (T&E) phases occurs the latest? Adversarial Assessment Cooperative Vulnerability Identification Cooperative Vulnerability and Penetration Assessment Adversarial Cybersecurity Developmental Test and Evaluation (DT&E) 2) Which of the five pillars of cybersecurity is described as guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity? Non-repudiation Authentication Confidentiality Integrity 3) Which of the following is an invalid guideline for securing telework computers and laptops, per the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-114? Ensuring that updates are regularly applied to the operating system and primary applications, such as Web browsers, email clients, instant messaging clients, and security software Restricting who can use the personal computer (PC) by having a separate standard user account for each person, assigning a password to each user account, using the standard user accounts for daily use, and protecting user sessions from unauthorized physical access Disabling networking capabilities, such as Bluetooth Using a combination of security software such as antivirus and antispyware software, 1 10162720 1 10162693 1 10162699 1 personal firewalls, spam and Web content filtering, and popup blocking to stop most attacks, particularly malware 4) Which answer best reflects Department of Defense Instruction 5200.39's explanation of the role of the Program Protection Plan (PPP)? The PPP is a risk-based, comprehensive, living plan to protect Critical Program Information (CPI) that is associated with a Research, Development, and Acquisition (RD&A) Program. The PPP is used in conjunction with the Risk Register to manage program risks. The PPP is an analytical list of program threats and vulnerabilities. The PPP is used in conjunction with CPI to manage program risks. 5) Which one of the following is a correct statement? Cybersecurity and IA are equally involved in prevention. Cybersecurity is more involved in prevention than information assurance (IA). IA is more involved in prevention than cybersecurity. Cybersecurity and IA are synonymous. 6) Which two of the seven steps in the process to establish a Program Protection Plan (PPP) should occur sequentially, but for efficiency may be sequenced to occur concurrently? Step 3: Identify threats to Critical Program Information (CPI) and critical information and communications technology (ICT) components (CC), and Step 4: Identify CPI and CC vulnerabilities Step 4: Identify CPI and CC vulnerabilities, and Step 5: Identify risks to CPI and CC Step 2: Identify CPI and critical ICT CC, and Step 3: Identify threats to CPI and CC Step 5: Identify risks to CPI and CC, and Step 6: Build and coordinate PPP 7) Which of the following is a valid safeguard for protecting technology that supports a program? 10162681 1 10162695 1 10162683 1 10162700 1 Firewalls Cloud Computing Network Intrusion Phishing 8) Which of the following inclusions to the Cybersecurity Approach section of the Cybersecurity Strategy (CS) is false? Technical Approach Cybersecurity Implementation Management Approach Proposed Solutions and Mitigations 9) What is the primary method by which mission critical functions and components are identified and prioritized? Vulnerability Analysis (VA) Critical Program Information (CPI) Criticality Analysis (CA) Threat Analysis (TA) 10) The system categorization as defined in the Risk Management Framework (RMF) is one driver of cybersecurity requirements and requires which participants to determine the potential impact to the mission due to loss or degradation of Confidentiality, Integrity, and Availability (C-I-A)? Mission Owners and Information Owners Information Owners Program Management Office (PMO), Mission Owners, and Information Owners 10162710 1 10162689 1 10162716 1 Mission Owners 11) Which of the following is an inaccurate description of a program manager (PM)'s cybersecurity responsibilities, per the Department of Defense Instruction (DoDI) 8510.01? Ensure each program acquiring an IS or PIT system has an assigned IS security engineer and that they are fully integrated into the systems engineering process. Implement the Risk Management Framework (RMF) for assigned IS and PIT systems. Appoint an Information System Security Manager (ISSM) for each assigned IS or PIT system with the support, authority, and resources to satisfy the responsibilities established in this instruction. Authorize hosted or interconnected Information System (IS) and Platform Information Technology (PIT) systems. 12) Based on your understanding of the relationship between prevention countermeasures and detection-and-response countermeasures, which measures would you evaluate if your goal was to make an attack look more risky to a potential attacker? Measures to detect and respond to a risk Measures to prevent or deter a risk Measures to respond to and detect a risk Measures to deter or prevent a risk 13) Reduction of supply-chain security risk requires controlling ways in which security risks can be introduced into the product or service. Which of the following Acquisition Life Cycle components need to be monitored as such? End Capability, Technology Security, Management Logistics, Operational System Control Stakeholder Capability, Engineering Security, Logistics, and Organizational Product Control Supplier Capability, Product Security, Product Logistics, Operational Product Control User Capability, Development Security, Transportation Logistics, Organizational Product 10162707 1 10175137 1 10162712 1 Control 14) Which role of cybersecurity ensure the Confidentiality, Integrity, and Availability (CI-A) of system information? Ensure Program Protection Software Assurance Enable Warfighting Operations Integrate into Acquisition 15) Which of the following process steps for doing horizontal protection during Program Protection Plan (PPP) creation, update, or review occurs the earliest? Use the search capabilities in the Acquisition Security Database (ASDB) to identify other programs with potentially similar Critical Program Information (CPI); consider threat and vulnerability differences between programs. Compare planned countermeasure protection against the similar CPI and consider threat and vulnerability differences between programs. If there are perceived discrepancies or concerns, adjudicate the differences at the lowest organizational level. Create a record and fill out appropriate fields. 16) Which of the following statements concerning documentation during the Risk Management Framework (RMF) process is false? The Security Plan is critical to the RMF process. The Security Assessment Report (SAR) is critical to the RMF process. The Plan of Actions and Milestones (POA&M) is critical to the RMF process. The Security Authorization Design and Development Document (SADD) is critical to the 10162703 1 10175149 1 10162726 1 RMF process. Contains 2 Questions (Attempt=2/3) Module 8 Exam 1) Which of the following is the most accurate list of the Test and Evaluation (T&E) roles the program manager (PM) is responsible for identifying? The program test team, the Chief Developmental Tester, and the lead T&E organizations The program test team and the Chief Developmental Tester The program test team and the lead T&E organizations The Chief Development Tester 2) Which one of the following is a correct statement? IA is involved in all phases of the acquisition and IT life cycles. Cybersecurity is involved in all phases of the Acquisition Life Cycle but not the information technology (IT) life cycle. Cybersecurity is involved in all phases of the acquisition and Information Technology (IT) life cycle. 1 10162718 1 10162696 1 Cybersecurity is involved in all phases of the IT life cycle but not the Acquisition Life Cycle.