Question 1

A large organization has recently implemented a new system to manage its financial transactions. The system includes several components, such as a database server, web server, and application server, which are all connected to a local network. The organization's IT team has configured the system according to best practices and security policies and has performed several security assessments to ensure its compliance. However, the organization's security team wants to implement continuous monitoring of the system configurations to enhance its security posture. What is the main benefit of implementing continuous monitoring of the system configurations in the scenario described above?

Options :

A : To identify any vulnerabilities or misconfigurations in the system that could lead to security breaches

B : To ensure that the system is operating at optimal performance and efficiency

C : To provide a comprehensive view of the organization-s security posture

D : To eliminate the need for periodic security assessments and audits

Answer: A

Question 2

What are the objectives of the Prepare step in the NIST RMF framework?

Options :

A : Facilitating better communication between senior leaders and executives at the organization and mission and business process levels and system owners

B : Facilitating organization-wide identification of common controls and the development of organizationally tailored control baselines, reducing the workload on individual system owners and the cost of system development and asset protection

C : Reducing the complexity of the information technology and operations technology infrastructure using enterprise architecture concepts and models to consolidate, optimize, and standardize organizational systems, applications, and services

D : Ensuring that the implemented security controls continue to provide the intended level of protection for the information system and its data throughout the system-s lifecycle.

E : Identifying, prioritizing, and focusing resources on the organizationâ€™s high-value assets and high impact systems that require increased levels of protection and taking steps commensurate with the risk to such assets.

Answer: A,B,C,E

Question 3

Which of the following statements about OMB Circular A-130 is true?

Options :

A : It provides guidance on cybersecurity risk management for federal information systems.

B : It requires organizations to use the RMF to manage privacy risks.

C : It is applicable only to federal agencies in the United States.

D : It does not cover the management of federal information resources.

Answer: B

Question 4

What is the main purpose of system categorization?

Options :

A : Determine if the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for the system and the organization.

B : Inform organizational risk management processes and tasks by determining the adverse impact with respect to the loss of confidentiality, integrity, and availability of systems and the information processed, stored, and transmitted by those systems

C : Carry out essential activities to help prepare all levels of the organization to manage its security and privacy risks using the RMF

D : Maintain ongoing situational awareness about the security and privacy posture of the system and organization to support risk management decisions

Answer: B

Question 5

Which of the following is the best example of a common control?

Options :

A : A security policy that is tailored to a specific information system

B : A system administrator who is responsible for the security of a specific information system

C : A firewall that is used to protect multiple information systems

D : A security assessment that is conducted for a specific information system

Answer: C

Free CGRC Mock Exam – Practice Online Confidently

Buying Options: