| Question.46 Assessment procedures can be tailored by: (A) Working with the System Engineer to determine the system requirement and selecting the most cost-effective controls prior to each security control assessment (B) Configuring the security controls within the limitations of the optimum operational system configuration (C) Selecting the assessment methods and objects needed to most cost-effectively make appropriate determinations and to satisfy assessment objectives (D) Focusing the tests by limiting the tests to areas where the System Owner indicates that risk is either extreme or unknown |
46. Click here to View Answer
Correct Answer : (D) Focusing the tests by limiting the tests to areas where the System Owner indicates that risk is either extreme or unknown
| Question.47 The 800-37 process begins control testing in which phase? (A) Initiation (B) Verification (C) Validation (D) Certification |
47. Click here to View Answer
Correct Answer : (A) Initiation
| Question.48 NIST SP 800-30 provides several ways to mitigate risk. Which of the following most closely represents the concept of “Risk Acceptance”? (A) System Authorization (B) Avoidance of risky behaviors (C) System Certification (D) Control monitoring and assessment |
48. Click here to View Answer
Correct Answer : (A) System Authorization
| Question.49 Which of the following is NOT a phase of NIST SP 800-37? (A) Authorization (B) Maintenance (C) Certification (D) Continuous Monitoring |
49. Click here to View Answer
Correct Answer : (C) Certification
| Question.50 What term does FIPS 199 and NIST SP 800-60 use to describe a threat that has a HIGH impact? (A) Serious (B) Limited (C) Moderate (D) Severe |
50. Click here to View Answer
Correct Answer : (D) Severe