answered already passed
C - Pass, fail - correct answer ✔✔Test Results should be shown as "meeting standards" or "not
meeting standards"; or in short ________, _______.
A - Good, bad
B - Yes, no
C - Pass, fail
D - True, false
C - Host - correct answer ✔✔The Assessment Test plan once developed is submitted to
__________ for approval.
Choose one:
A - Team Lead
B - Guest
C - Host
D - System Owner
A - Technical - correct answer ✔✔In which type of access control do user ID and password
system come under?
Choose one:
A - Technical
B - Power
C - Physical
D - Administrative
,B-Residual risk - correct answer ✔✔A key part of the risk-based decision process is the
recognition that regardless of the risk response, There remains some risks known as:
Choose one:
A - Risk mitigation
B - Residual risk
C - Risk analysis
D - Risk tolerance level
D-The remediated controls are reassessed - correct answer ✔✔What is the MOST appropriate
action to take after weaknesses or deficiencies in controls are corrected?
Choose one:
A - The system is given an Authority to Operate (ATO)
B - The original assessment results are changed
C - The assessment report is generated
D - The remediated controls are reassessed
C-CONFIDENTIALITY, INTEGRITY and AVAILABILITY - correct answer ✔✔The FISMA defines three
security objectives for information and information systems:
Choose one:
A - AVAILABILITY, AUTHENTICITY and CONFIDENTIALITY
B - INTEGRITY, AVAILABILITY and AUTHENTICITY
C - CONFIDENTIALITY, INTEGRITY and AVAILABILITY
D - AUTHENTICITY, CONFIDENTIALITY and INTEGRITY
C - TASK 1 - correct answer ✔✔Information System and Environment Changes, determine the
security impact of proposed or actual changes to the information system and its environment of
operation; is Task _____ in RMF Step 7, monitoring of controls.
,Choose one:
A - Task 3
B - Task 2
C - Task 1
D - Task 4
C-EXAMINE - correct answer ✔✔All of the following except one are assessment objects.
Choose one:
A - Mechanisms
B - Activities and individuals
C - Examine
D - Specifications
D-NIST SP 800-37 - correct answer ✔✔Which publication primarily targets activities in Tier 3 of
Risk Management approach/pyramid?
Choose one:
A - NIST SP 800-53
B - NIST SP 800-38
C - NIST SP 800-53A
D - NIST SP 800-37
A-Common Control Provider (CCP) - correct answer ✔✔An organizational official responsible for
the development, implementation, assessment, and monitoring of security controls inherited by
information systems is called...
Choose one:
A-Common Control Provider (CCP)
B-Information System Owner (ISO)
, C-Information System Security Engineer (ISSE)
D-Chief Information Officer (CIO)
1 - System Characterization
2 - Threat identification
3 - Vulnerability Identification
4 - Control Analysis
5 - Likelihood Determination
6 - Impact Analysis
7 - Risk Determination
8 - Control Recommendation
9 - Results Documentation - correct answer ✔✔What are the nine steps of Risk Assessment
Methodology?
B-Implementation phase - correct answer ✔✔Authorization to process should occur during
what phase of the SDLC?
Choose one:
A-Threat Identification
B-Implementation phase
C-Vulnerability Identification
D-Risk Determination
B-Recommendations for control remediations - correct answer ✔✔The final Security
Assessment Report (SAR) should contain findings from the security control assessment and
which of the ensuing?
Choose one:
A-Security control assessment plan