Question 1

Who is responsible for the protection of information when it is shared with or provided to other organizations?

Options :

A : Systems owner

B : Authorizing Official (AO)

C : Information owner

D : Security officer

Answer: C

Question 2

Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?

Options :

A : Make changes following principle and design guidelines.

B : Stop the application until the vulnerability is fixed.

C : Report the vulnerability to product owner.

D : Monitor the application and review code.

Answer: C

Question 3

employee training, risk management, and data handling procedures and policies could be characterized as which type of security measure?

Options :

A : Non-essential

B : Management

C : Preventative

D : Administrative

Answer: D

Question 4

Activity to baseline, tailor, and scope security controls tikes place dring which National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) step?

Options :

A : Authorize IS.

B : Assess security controls.

C : Categorize Information system (IS).

D : Select security controls.

Answer: D

Question 5

Data remanence refers to which of the following?

Options :

A : The remaining photons left in a fiber optic cable after a secure transmission.

B : The retention period required by law or regulation.

C : The magnetic flux created when removing the network connection from a server or personal computer.

D : The residual information left on magnetic storage media after a deletion or erasure.

Answer: D

Higher Test Marks with Free Online CISSP Exam Practice

Buying Options: