Question 1

Which of the following tasks are included in the categorize step of the NIST RMF process? (Select all that apply.)

Options :

A : Defining the system-s operational context and environment

B : Identifying and documenting the system-s hardware and software components

C : Evaluating the potential impact of a system security breach

D : Selecting and implementing appropriate security controls for the system

E : Determining the system-s risk tolerance and security categorization

Answer: B,E

Question 2

Which of the following is the MOST challenging aspect of asset identification in the context of information security risk management?

Options :

A : Identifying all assets within the organization-s network

B : Determining the value of each asset in terms of its importance to the organization

C : Identifying and categorizing assets based on their criticality to the organization-s operations

D : Determining the level of risk associated with each asset

Answer: A

Question 3

Which of the following is the best example of a common control?

Options :

A : A security policy that is tailored to a specific information system

B : A system administrator who is responsible for the security of a specific information system

C : A firewall that is used to protect multiple information systems

D : A security assessment that is conducted for a specific information system

Answer: C

Question 4

A small organization has limited resources and is struggling to implement all of the necessary NIST SP 800-53 security controls. Which of the following is the BEST approach for the organization?

Options :

A : Implement only those controls that are required by regulation or policy

B : Implement only those controls that are relevant to the organization-s risk management strategy

C : Implement only those controls that are easy to implement

D : Outsource the implementation of all security controls to a third-party vendor

Answer: B

Question 5

During what phase of the SDLC does authorization reporting for new systems take place?

Options :

A : Operations/Maintenance

B : Development/Acquisition

C : Implementation/Assessment

D : Initiation (concept/requirements definition)

Answer: C

Higher Test Marks with Free Online CGRC Exam Practice

Buying Options: