| Question.31 NIST SP 800-18 Rev 1, Guide for Developing Security Plans describes the purpose of a security plan is to provide an overview of the system requirements, and: (A) The controls in place (B) Security operations to ensure it passes certification (C) How configuration from phase three of the System Authorization process will be maintained (D) The ongoing assessment of system security operations |
31. Click here to View Answer
Correct Answer : (A) The controls in place
| Question.32 The goals of NIST SP 800-39 include all the following EXCEPT? (A) Foster an organizational climate where the risk from information systems is automatically considered on a system by system basis (B) Encourage senior leaders to recognize the importance of engaging in the management of risk (C) Help individuals with information system implementation and operational responsibilities understand how the information security issues associated with their systems translate into organizational security concerns (D) Encourage senior leaders to understand the role of information security in managing overall organization risk |
32. Click here to View Answer
Correct Answer : (A) Foster an organizational climate where the risk from information systems is automatically considered on a system by system basis
| Question.33 Which phase of the System Security Development Lifecycle follows the Development / Acquisition phase? (A) Operation/Maintenance (B) Initiation/Disposal (C) Implement / Assessment (D) Customer Acceptance |
33. Click here to View Answer
Correct Answer : (A) Operation/Maintenance
| Question.34 Title Ill of the E-Government Act, known as the Federal Information Security Management Act (FISMA), states that effective information security programs include: (A) Periodic assessment of risk (B) Users, Rules, and Responsibilities that ensure all compliance requirements are met (C) An Information Protection Policy (IPP) (D) Security awareness training to inform personnel (except contractors) of the information security risks associated with their activities and their responsibilities in complying with organizations policies and procedures |
34. Click here to View Answer
Correct Answer : (A) Periodic assessment of risk
| Question.35 In accordance with NIST SP 800-39, what follows the Implement Security Controls step? (A) Select Security Controls (B) Authorize Information Systems (C) System Risk Assessment (D) Assess Security Controls |
35. Click here to View Answer
Correct Answer : (D) Assess Security Controls