| Question.36 What does NIST SP 800-39 provide as the two factors affecting trustworthiness of an information system? (A) Security functionality and security assurance (B) Security functionality and user awareness training (C) Risk management and user awareness training (D) Risk analysis and security assurance |
36. Click here to View Answer
Correct Answer : (A) Security functionality and security assurance
| Question.38 Which of the following should be the MAIN consideration when establishing a trust relationship between two information systems? (A) System Security Plan (B) Security Assessment Report (C) Plan of Action and Milestones (D) Business/Mission needs |
38. Click here to View Answer
Correct Answer : (D) Business/Mission needs
| Question.39 Who provides an independent assessment of the system security plan? (A) Risk Analyst (B) Authorization Advocate (C) Security Control Assessor (D) Certification Program Manager |
39. Click here to View Answer
Correct Answer : (C) Security Control Assessor
| Question.40 Who is responsible for identifying mission and operational requirements? (A) Authorizing Official (B) Authorization Advocate (C) Information System Owner (D) Security Control Assessor |
40. Click here to View Answer
Correct Answer : (A) Authorizing Official