According to NIST SP 800-37 Rev 2, which role has a primary responsibility to report the security status of the information system to the authorizing official (OA) and other appropriate organizational officials on an ongoing basis in accordance with the monitoring strategy?
Response:

• A.Senior information assurance officer
• B.Independent assessor
• C.Common control provider
• D.Information system security officer

Comment: *

Name: *

Email: *

Verification: *

Which of the following in an assessment plan protects the security control assessment team from liability should the security control assessment result in unforeseen damage? Response:

• A.Non-invasive testing
• B.Vulnerability scans
• C.Manual testing
• D.Rules of engagement

Comment: *

Name: *

Email: *

Verification: *

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs? Response:

• A.Continuity of Operations Plan
• B.Business continuity plan
• C.Disaster recovery plan
• D.Contingency plan

Comment: *

Name: *

Email: *

Verification: *

Governing document that provides a comprehensive, rigorous method for specifying security function and assurance requirements for products and systems.
Response:

• A.Concrete Criteria
• B.Abstract Criteria
• C.Evaluation Criteria
• D.Common Criteria

Comment: *

Name: *

Email: *

Verification: *

Which of the following components ensures that risks are examined for all new proposed change requests in the change control system?
Response:

• A.Scope change control
• B.Risk monitoring and control
• C.Integrated change control
• D.Configuration management

Comment: *

Name: *

Email: *

Verification: *