Actual Complete Real Exam Questions And Correct
Answers (Verified Answers) Already Graded A+ |
Guaranteed Success!! | Newest Exam | Just
Released!!
How to build and effective assurance case? - ANSWER -
Compiling and presenting evidence
Basis for determining effectiveness of controls
Product assessments
Systems Assessments
Risk Determination
What are the method of Assessment -
ANSWER -Testing
Examination
Interviewing
What assessment methods associated attributes - ANSWER -
Depth and coverage both determine the level of effort for
assessment (basic,focused and comprehensive.
What the assessment process? - ANSWER -Describe
assessment process and
testing
,Review the elements of the security
authorization package
Conduct risk
assessment
Review artifacts and
documents
Interview key
personnel
Test system components and
controls
Develop and produce
assessment report
What is SP-800 115 - ANSWER -Technical Guide to
Information Security
Testing and
Assessment
What are assessment tasks - ANSWER -Ensure the proper
polices are in place
Ensure all previous RMF steps were completed
Ensure all Common Controls are in place and implemented
Collect and evaluate system artifacts
Assessment Testing
-Vulnerbility Scanning
-Log Review
-Penetration Testing
-Configuration Checklist Review
,What does a security assessment report provides? - ANSWER -
Visibility into specific weaknesses and deficiencies in the
security control employed within or inherited by the information
system that could not reasonably be resolved during system
development.
What does RMF-5 Authorize Information System include? -
ANSWER -Plan of
action and
milestones
Security Authorization
Package
Risk
Determination
Risk
Acceptance
What is OMB 02-01? - ANSWER -Guidance for Preparing
and submitting
Security Plans of Action and
Milestones.
What are the fields in POAM - ANSWER -Type of weaknesses
Office or organization responsible for correcting weakness
Amount of money needed to correct weakness
Schedule completion date of weakness
Key milestones with completion dates
Milestone changes
Source of weaknesses
, Status (ongoing or completed)
What does a authorization package contain? - ANSWER -
System Security Plan
Security Assessment Report
Plan of Action and Milestones
What is SP 800-137 ISCM guidelines define? - ANSWER -
Maintaining ongoing
awareness of information security, vulnerabilities, and threats
Support org risk management decisions
Begin with leadership defiining a comprehensive ICSM strategy
encompassing -technology
-processes
-procedures
-operating
enviroments
-
peoplef
What are the four phases of 800-47 Security Guide for
Interconnecting IT
Systems - ANSWER -Planning
Establishing
Maintaining
Disconnecting
What are the control types and families within SP 800-53 r4 -
ANSWER -Control types