STUDENTS SUCCESS
Revision Examination Tests
“Come all for this Greatness”
... 100% Correct Ans ...
CISSP OFFICIAL ISC2 PRACTICE TESTS - DOMAIN 8 2024-2025 ACTUAL EXAM
COMPLETE -
QUESTIONS AND CORRECT DETAILED ANSWERS
Quiz 101. Who procures, develops, integrates, or modifies an information system?
a. Program Manager
b. Chief Information Officer
c. Certification Program Manager
d. Information System Owner
Ans: Information System Owner
Quiz 102. Who has the responsibility to prepare the plan of action and milestones
based on the findings and recommendations of the security assessment report?
a. Security Control Assessor
b. Information System Owner
c. Authorizing Official
d. Information Owner/Steward
Ans: Information System Owner
Quiz 103. You have just completed the Control Analysis step in the NIST SP 800-30
process. What reference would most likely be used to identify controls that are not
documented in the SSP?
a. NIST SP 800-47 Rev 1
b. NIST SP 800-39
c. NIST SP 800-53
d. NIST SP 800-30
Ans: NIST SP 800-53
Quiz 104. In which phase of the NIST SP 800-30 process does one produce the Risk
Assessment Report (RAR)?
a. Future Control Recommendations
b. Control Analysis
c. Impact Analysis
d. Results Documentation
, Ans: Results Documentation
Quiz 105. Which phase of the NIST SP 800-30 process would most likely use the
CVE database?
a. Vulnerability Identification
b. Future Control Recommendations
c. Impact Analysis
d. Control Analysis
Ans: Vulnerability Identification
Quiz 106. Ultimately, organizations should view assessment as an information
gathering activity, not as a security producing activity. In accordance with NIST SP
800-53A, which of the following is not produced during security control
assessments?
a. Identify potential problems or shortfalls in the organization's implementation of the
NIST Risk Management Framework
b. Support budgetary decisions and the capital investment process
c. Correct identified weaknesses and deficiencies
d. Support information system authorization decisions
Ans: Support budgetary decisions and the capital investment process
Quiz 107. Which of the following is an objective of the System Characterization step
under SP 800-30?
a. Establish Data and Information Sensitivity Level
b. Establish Threat and Vulnerability Matrix
c. Establish System Control Framework
d. Establish System Testing Procedures
Ans: Establish Data and Information Sensitivity Level
Quiz 108. In accordance with NIST SP 800-53A, during which phase of the NIST SP
800-64 System Development Lifecycle are security assessments used to increase
confidence or assurance that the security controls are working correctly for a
system?
a. Operation/Maintenance
b. Validation/Assessment
c. Implementation/Assessment
d. Development/Acquisition
Ans: Development/Acquisition
Quiz 109. Which of these are valid ways to mitigate risk?
a. Research and Acknowledgement
b. Conduct Risk Assessment
c. Evaluation and Assurance
d. Proper FISMA reporting
Revision Examination Tests
“Come all for this Greatness”
... 100% Correct Ans ...
CISSP OFFICIAL ISC2 PRACTICE TESTS - DOMAIN 8 2024-2025 ACTUAL EXAM
COMPLETE -
QUESTIONS AND CORRECT DETAILED ANSWERS
Quiz 101. Who procures, develops, integrates, or modifies an information system?
a. Program Manager
b. Chief Information Officer
c. Certification Program Manager
d. Information System Owner
Ans: Information System Owner
Quiz 102. Who has the responsibility to prepare the plan of action and milestones
based on the findings and recommendations of the security assessment report?
a. Security Control Assessor
b. Information System Owner
c. Authorizing Official
d. Information Owner/Steward
Ans: Information System Owner
Quiz 103. You have just completed the Control Analysis step in the NIST SP 800-30
process. What reference would most likely be used to identify controls that are not
documented in the SSP?
a. NIST SP 800-47 Rev 1
b. NIST SP 800-39
c. NIST SP 800-53
d. NIST SP 800-30
Ans: NIST SP 800-53
Quiz 104. In which phase of the NIST SP 800-30 process does one produce the Risk
Assessment Report (RAR)?
a. Future Control Recommendations
b. Control Analysis
c. Impact Analysis
d. Results Documentation
, Ans: Results Documentation
Quiz 105. Which phase of the NIST SP 800-30 process would most likely use the
CVE database?
a. Vulnerability Identification
b. Future Control Recommendations
c. Impact Analysis
d. Control Analysis
Ans: Vulnerability Identification
Quiz 106. Ultimately, organizations should view assessment as an information
gathering activity, not as a security producing activity. In accordance with NIST SP
800-53A, which of the following is not produced during security control
assessments?
a. Identify potential problems or shortfalls in the organization's implementation of the
NIST Risk Management Framework
b. Support budgetary decisions and the capital investment process
c. Correct identified weaknesses and deficiencies
d. Support information system authorization decisions
Ans: Support budgetary decisions and the capital investment process
Quiz 107. Which of the following is an objective of the System Characterization step
under SP 800-30?
a. Establish Data and Information Sensitivity Level
b. Establish Threat and Vulnerability Matrix
c. Establish System Control Framework
d. Establish System Testing Procedures
Ans: Establish Data and Information Sensitivity Level
Quiz 108. In accordance with NIST SP 800-53A, during which phase of the NIST SP
800-64 System Development Lifecycle are security assessments used to increase
confidence or assurance that the security controls are working correctly for a
system?
a. Operation/Maintenance
b. Validation/Assessment
c. Implementation/Assessment
d. Development/Acquisition
Ans: Development/Acquisition
Quiz 109. Which of these are valid ways to mitigate risk?
a. Research and Acknowledgement
b. Conduct Risk Assessment
c. Evaluation and Assurance
d. Proper FISMA reporting
