A countermeasure or safeguard that is implemented in an informational system in part as a common control and in part as a system-specific control Response:

• A.System Specific control
• B.Common control
• C.Logical control
• D.Hybrid control

Comment: *

Name: *

Email: *

Verification: *

One of the inputs to the risk determination task is the employment of risk assessments to provide information that may influence the risk analysis and risk determination. What publication provides guidance on conducting risk assessments?
Response:

• A.NIST SP 800-37
• B.NIST SP 800-30
• C.NIST SP 800-59
• D.NIST SP 800-39

Comment: *

Name: *

Email: *

Verification: *

What is the purpose for scoping guidance?
Response:

• A.To establish the high water mark as part of FIPS 199 analysis
• B.To establish which controls will not be part of the baseline
• C.To allow senior management to establish and express their guidance on tailoring the security control baseline
• D.To establish the organizationally defined security parameters

Comment: *

Name: *

Email: *

Verification: *

Which of the following is principally used to verify that Information Systems (IS) are meeting their stated security goals and objectives?
Response:

• A.System Plan (SP)
• B.Risk Assessment (RA)
• C.Requirements Traceability Matrix (RTM)
• D.Security Control Assessor

Comment: *

Name: *

Email: *

Verification: *

What does SC stand for regarding Information Types?
Response:

• A.Standards Categorization
• B.Simple Categorization
• C.Security Categorization
• D.System Categorization

Comment: *

Name: *

Email: *

Verification: *