| Question.21 Security Control Assessment tries to determine if the controls are (A) Selected from NIST SP 800-53 (B) In compliance with NIST SP 800-37 Rev 1 (C) Producing the desired results (D) Meeting the requirements from the Information Management Model (IMM) |
21. Click here to View Answer
Correct Answer : (C) Producing the desired results
| Question.22 Which of the following terms are used in NIST SP 800-60 to describe information that would have a serious impact on the operation of the organization if confidentiality were breached? (A) Moderate because it concerns Confidentiality (B) High because it concerns Personally Identifiable Information (Pll) (C) Moderate because it concerns data sensitivity (D) High because it concerns Confidentiality |
22. Click here to View Answer
Correct Answer : (A) Moderate because it concerns Confidentiality
| Question.23 What is the minimum frequency periodic testing and evaluation of the effectiveness of policies should be done? (A) Quarterly in accordance with (IAW) FISMA (B) Every three years IAW OMB A-130 (C) Whenever the System Authorization process is ongoing (D) Annually |
23. Click here to View Answer
Correct Answer : (D) Annually
| Question.24 Which of the following is NOT required to be part of the System Security Plan (SSP) as described in NIST SP 800-37 Rev 1? (A) Incident Response Plan (B) SCP/Continuity of Operations Plan (C) Security Awareness Plan (D) Privacy Impact Assessment |
24. Click here to View Answer
Correct Answer : (C) Security Awareness Plan
| Question.25 NIST SP 800-53A describes assessment objects as specific items to be assessed and includes all the following EXCEPT? (A) Mechanisms (B) Activities (C) Individuals (D) Requirements |
25. Click here to View Answer
Correct Answer : (D) Requirements