Which of the following system security policies is used to address specific issues of concern to the organization?
Response:

• A.Issue-specific policy
• B.System-specific policy
• C.Informative policy
• D.Program policy

Comment: *

Name: *

Email: *

Verification: *

You are the Risk Analyst for Colvine Tech consulting. A new system user just asked you when risk assessments should be conducted in the system development life cycle. What will be the best answer? Response:

• A.Throughout the system development life cycle
• B.In the initiation phase
• C.Implementation/Assessment phase
• D.In the operations and maintenance phase

Comment: *

Name: *

Email: *

Verification: *

Which of the following NIST Special Publication documents provides a guideline on network security testing?
Response:

• A.NIST SP 800 53
• B.NIST SP 800 37
• C.NIST SP 800 42
• D.NIST SP 800 53A

Comment: *

Name: *

Email: *

Verification: *

Which of the following objectives are defined by integrity in the C.I.A triad of information security systems? Each correct answer represents a part of the solution. Choose three.
Response:

• A.It preserves the internal and external consistency of information.
• B.It prevents the unauthorized or unintentional modification of information by the authorized users.
• C.It prevents the intentional or unintentional unauthorized disclosure of a message's contents .
• D.It prevents the modification of information by the unauthorized users.

Comment: *

Name: *

Email: *

Verification: *

Updating the security plan, security assessment report, and POAM based on results of the continuous monitoring process is what task in RMF Step 6, Monitor.
Response:

• A.Task 3, key updates
• B.Task 2, key updates
• C.Task 4, key updates
• D.Task 1, key updates

Comment: *

Name: *

Email: *

Verification: *