← All answer keys
IT CertificationsAnswer Key

Rmf Step 1

21 community-sourced questions and answers. Free — no login.

Community-sourced. Answers may be wrong or out of date. Always verify with your official training portal before submitting. Not affiliated with any branch, agency, or vendor. Details.
QUESTION 1

Risk Management Framework (RMF) is the unified information security framework for the entire federal government that is replacing the legacy DIACAP (DoD Information Assurance Certification and Accreditation Process) processes within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC).

ANSWER

What is RMF?

QUESTION 2

DIACAP is the certification and accreditation (C&A) process that was implemented in 2006 replacing DITSCAP. DIACAP has now been replaced by the RMF process.

ANSWER

What is DIACAP?

QUESTION 3

Step 1 - CATEGORIZE System Step 2 - SELECT Security Controls Step 3 - IMPLEMENT Security Controls Step 4 - ASSESS Security Controls Step 5 - AUTHORIZE Systems Step 6 - MONITOR Security Controls

ANSWER

What are the steps in the RMF process?

QUESTION 4

Security categorization is determining and assigning the appropriate values to information or an information system based on protection needs.

ANSWER

What is Security Categorization?

QUESTION 5

Low, Moderate or High reflecting the potential impact should a security breach occur, such as a loss of confidentiality, integrity or availability.

ANSWER

The Security Categorization method uses three impact values: ___________, __________________ and ___________.

QUESTION 6

Information Type

ANSWER

A ________ ________ is considered any specific category of information defined by an organization or, in some instances, by a public law, executive order, directive, policy, or regulation.

QUESTION 7

Information Types

ANSWER

Privacy Information or PII, Medical, Proprietary and Financial are all examples of _____________________ _____________________.

QUESTION 8

commensurate

ANSWER

System information such as network routing tables, password files, cryptographic key management information, must be protected at a level __________________________ with the most critical or sensitive user information being processed.

QUESTION 9

NIST SP 800-60

ANSWER

Please refer to NIST SP _______ Volume I from August 2008 for more information related to information type and mapping types of information in information systems to security categories,.

QUESTION 10

1. Categorize Information System 2. Describe the Info System 3. Register System

ANSWER

What are the three tasks that comprise Step 1 of the RMF?

QUESTION 11

Information System Owner

ANSWER

The ____________________ ____________________ ____________________________has primary responsibility for all three tasks that comprise Step 1 of RMF.

QUESTION 12

Information Types, Impact values and Rationale for Decisions.

ANSWER

Information to be documented in the security plan: _________________________ , ______________________ and _____________________.

QUESTION 13

supporting

ANSWER

The Risk Executive, the Authorizing Official, the CIO, the SISO and the ISSO have __________________ roles in the RMF process.

QUESTION 14

Authorizing Official

ANSWER

The Designated Accrediting Authority, or DAA under DIACAP is now known as the ________________ _________________ under RMF.

QUESTION 15

TRUE

ANSWER

Security Categorization is the process of determining and assigning appropriate values to information or an information system based on protection needs. (True or False)

QUESTION 16

Select security controls

ANSWER

Which of the following is NOT one of the tasks that are part of the first step of the RMF Process? - Register the information system - Select security controls - describe the information system - Categorize the information system

QUESTION 17

FALSE

ANSWER

Confidentiality is guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. (True or False)

QUESTION 18

Information Systems

ANSWER

What must be categorized first in the security categorization process? - Security controls - Information Systems - Impact Values - User Roles

QUESTION 19

Categorize the system

ANSWER

The first step in the RMF process is to: - Monitor Security Controls - Categorize the system - Assess security controls - select security controls

QUESTION 20

Moderate

ANSWER

The potential impact is ____________ if the loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States. - Low - Moderate - High - None of the Above

QUESTION 21

Identify common controls

ANSWER

All but ONE of the following is important to categorizing the system. - Identify common controls - define system boundary - identify roles and responsibilities - explain how to assign impact values

Looking for a different version?

CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").

Search all study materials