Aggregate of directives, regulations, rules, and practices that prescribes how an organization manages, protects, and distributes information.
Response:

• A.System Security Authorization
• B.National Security System
• C.Information System Owner
• D.Information Security Policy

Comment: *

Name: *

Email: *

Verification: *

All components of an information system to be authorized for operation by an authorizing official and excludes separately authorized systems, to which the information system is connected best defines:
Response:

• A.Creditation Boundary
• B.Authorization Boundary
• C.System Boundary
• D.Network Boundary

Comment: *

Name: *

Email: *

Verification: *

What type of testing is the Evaluation thru operation, movement, or adjustment under specific conditions to determine control success?
Response:

• A.Organization
• B.Demonstration
• C.Inspection
• D.Examination

Comment: *

Name: *

Email: *

Verification: *

A System Owner (SO) is implementing a new system with their existing organization Information Technology (IT) environment. What objectives are considered when determining possible impact to risk? Response:

• A.Common, Hybrid, and System-Specific
• B.Low, Moderate, and High
• C.Integrity, Confidentiality, and Availability
• D.Authentication, Authorization, and Accountability

Comment: *

Name: *

Email: *

Verification: *

A major subdivision or component of an information system consisting of information, information technology, and personnel that perform one or more specific functions.
Response:

• A.Fix system
• B.Closed system
• C.Subsystem
• D.Open system

Comment: *

Name: *

Email: *

Verification: *