| Question.6 Who procures, develops, integrates, or modifies an information system? (A) Program Manager (B) Chief Information Officer (C) Certification Program Manager (D) Information System Owner |
6. Click here to View Answer
Answer: D
| Question.7 Who has the responsibility to prepare the plan of action and milestones based on the findings and recommendations of the security assessment report? (A) Security Control Assessor (B) Information System Owner (C) Authorizing Official (D) Information Owner/Steward |
7. Click here to View Answer
Answer: B
| Question.8 You have just completed the Control Analysis step in the NIST SP 800-30 process. What reference would most likely be used to identify controls that are not documented in the SSP? (A) NIST SP 800-47 Rev 1 (B) NIST SP 800-39 (C) NIST SP 800-53 (D) NIST SP 800-30 |
8. Click here to View Answer
Correct Answer : C
| Question.9 In which phase of the NIST SP 800-30 process does one produce the Risk Assessment Report (RAR)? (A) Future Control Recommendations (B) Control Analysis (C) Impact Analysis (D) Results Documentation |
9. Click here to View Answer
Correct Answer : D Results Documentation
| Question.10 Which phase of the NIST SP 800-30 process would most likely use the CVE database? (A) Vulnerability Identification (B) Future Control Recommendations (C) Impact Analysis (D) Control Analysis |
10. Click here to View Answer
Correct Answer : A ,Vulnerability Identification