Question 1 (1 point) NIST SP 800-37 does not address which of the following: Que

Question

Question 1 (1 point)

NIST SP 800-37 does not address which of the following:

Question 1 options:

Accreditation

Validation

Initiation

Certification

Save

Question 2 (1 point)

Which of the following is not a requirement of OMB A-130?

Question 2 options:

Planning for security

Ensure officials are assigned security responsibilities

Review security controls

FISMA reporting

Save

Question 3 (1 point)

Which statement most accurately defines residual risk?

Question 3 options:

The risk remaining after the implementation of new or enhanced controls

The risk remaining after common controls are implemented

The risk remaining after the risk assessment process

The risk remaining after baseline controls are implemented

Save

Question 4 (1 point)

A collection of information objects that share the same security policy for access is

Question 4 options:

Information domain

Information profile

User domain

User profile

Save

Question 5 (1 point)

FISMA was created by what organization?

Question 5 options:

DISA

Congress

Department of Defense

White House

Save

Question 6 (1 point)

What is necessary in order to determine the appropriate security category?

Question 6 options:

Acceptable loss

Potential impact

Threat vulnerability pair

Cost and benefit of control

Save

Question 7 (1 point)

What is the level of impact if the information label is LOW?

Question 7 options:

No adverse impact on the organization

Severe adverse impact on the organization

Limited adverse impact on the organization

Serious adverse impact on the organization

Save

Question 8 (1 point)

FIPS Pub 199 uses what term when referring to a HIGH impact?

Question 8 options:

Grave

Serious

Critical

Severe

Save

Question 9 (1 point)

Which is not a primary task included in the Information Management Plan (IMP)?

Question 9 options:

Define the Information Protection Policy (IPP)

Define the mission need

Assess effectiveness of system

Define the Information Management Model (IMM)

Save

Question 10 (1 point)

A Target of Evaluation could be described as:

Question 10 options:

The product under evaluation

The protection profile

The security target

The product evaluation method

Save

Question 11 (1 point)

The Information Management Plan (IMP) helps determine

Question 11 options:

System Security Requirements

Information Protection Needs

Information Management Model

Roles and Responsibilities

Save

Question 12 (1 point)

Which of the following identifies the different function a system will need to perform in order to meet the documented business need?

Question 12 options:

Test scenario

Testing requirements

Functional scenario

Functional requirements

Save

Question 13 (1 point)

Which step is not addressed during the NIST SP 800-60 analysis?

Question 13 options:

Loss of Confidentiality

Loss of Integrity

Loss of Repudiation

Loss of Availability

Save

Question 14 (1 point)

When should the System Design Review (SDR) take place?

Question 14 options:

At the end of the certification phase

At the end of the testing phase

At the end of the design phase

At the end of the architecture phase

Save

Question 15 (1 point)

Which philosophy is established by NSTISSI 7003 Protected Distribution Systems (PDS)?

Question 15 options:

Prevent penetration

Penetration mitigation

Penetration response

Detect penetration

Save

Question 16 (1 point)

DOD Information Systems should only be interconnected under the following circumstances

Question 16 options:

Compelling operational requirements

Demonstrable operational requirements

Approved authorization of interconnected systems

Approved certification of interconnected systems

Save

Question 17 (1 point)

_____ defines the hardware, software, and interfaces used to develop a system.

Question 17 options:

Technical requirements

Functional diagram

System architecture

System baseline

Save

Question 18 (1 point)

Who provides and independent assessment of the security plan?

Question 18 options:

Security Officer

Program Manager

Certification Agent

Security Manager

Save

Question 19 (1 point)

The IATF has three primary elements for defense in depth. Which of the below is not one of these elements?

Question 19 options:

Technology

Policy

People

Operations

Save

Question 20 (1 point)

Which requirement does NIST SP 800-59 tell us is required in order to be defined as a National Security System?

Question 20 options:

Critical to the support of the strategic goals of the United States

Critical to the direct fulfillment of military or intelligence missions

Critical to the support functions of military operations

Critical to national security operations

Save

Question 21 (1 point)

How does FIPS 199 define LOW impact items?

Question 21 options:

Limited

Minor

Moderate

Low

Save

Question 22 (1 point)

The Waterfall design methodology is best described as:

Question 22 options:

Flexibility and rapid development

Better interaction with customers

Most closely matches the IATF

Rigid and clearly defined structure

Save

Question 23 (1 point)

What aspects are taken into account when defining a Mission Assurance Category (MAC)

Question 23 options:

availability and integrity

sensitivity and importance

confidentiality and availability

confidentiality and integrity

A)

Accreditation

B)

Validation

C)

Initiation

D)

Certification

Explanation / Answer

1c

2b

3b

4a

5d

6a

7b

8a

9c

10c

11a

12b

13d

14d

15d

16c

17d

18a

19d

20c

21c

22b

23d

Related Questions

Navigate

• Browse (All)
• Browse Q
• Subjects

---