1.NIST SP 800-53 covers a vast number and type of security controls throughout the management, operational and ___________ domains. (Fill in the blank).
2. By definition an assessment is the testing/evaluation and the extent of: (Choose 3).
Group of answer choicesSecurity Controls
Confidentiality
Correctly implementing
Producing the desired outcome
Infrastructure
3. The purpose of the risk assessment component is to identify what? (Choose 3).
Group of answer choicesVulnerabilities
Likelihood of harm
Rules
Threats
Strategy
4. What law that was passed requires all federal agencies to conduct reviews and accreditations for their information systems?
Group of answer choicesFederal Info System Management Act
Sarbanes-Oxley Act
USA Patriot Act
FIPS-197
5. Who approves Federal Information Processing Standards (FIPS)?
Group of answer choicesSecretary of Commerce
Department of Defense
Public Law
Committee on National Security Systems
CERT
6. Which FIPS addresses the task to develop standards for categorization?
Group of answer choicesFIPS 199
FIPS 202
FIPS 200
Federal Agencies
7. Plans of Action and Milestones (POAMS) contain Weaknesses, Resources, Completion Date, Changes, Current Status, and _______________. (Fill in the blank).
8. The ICD 503 has many focus points but for Vulnerability Assessment the initial evaluation analysis steps conclude with a vulnerability assessment to identify the?
Group of answer choicesResidual Risk
Test
Access
System
9. FedRAMP developed risk management program focused on security for ______-based systems. (Fill in the blank).
10. In the Risk Management Framework, the step after Authorization is?
Group of answer choicesMonitoring
Preparation
Assessing
Categorization
11. In the RMF’s Preparation Phase, what requires increased levels of protection in an organization?
Group of answer choicesHigh Value Assets
Cybersecurity Initiatives
Authorization
Networks
12. In the RMF’s Categorization Phase, choose the documents needed to help complete the goal of Categorization. (Choose 3)
Group of answer choicesBudgets
System Security Plans
Potential Impacts from a security compromise
Notes
Interviews
13. When conducting an Assessment, the questions that are answered for controls are: Implemented Correctly, __________________, and Producing the Desired Outcome.
14. The 3 documents included in the Authorization Package are the System Security Plan, Security Assessment Report and the?
Group of answer choicesPOAM
Continuous Diagnostic and Mitigation Plan
Maintenance Plan
Personnel Security Plan
15. If you had conflicting guidance by NIST and Congress/OMB authorities, which should you follow?
Group of answer choicesCongress/OMB
NIST
No answer text provided.
No answer text provided.
16.Give your description of risk management without quoting NIST 800-37’s definition.
17. From the book, Security Controls Evaluation, Testing and Assessment Handbook, 2nd Edition, name 3 statutory or regulatory laws and tell a short summary about each one.