Question 1

The purpose of the asset identification task is to identify assets that require protection. Which of the following is not a potential input for this task?

Options :

A : Internal stakeholders

B : System information

C : System security plan

D : Business impact analysis

Answer: C

Question 2

In the prepare step of the NIST RMF, which of the following should be established to ensure an effective risk management process?

Options :

A : A communication process for risk-related information

B : A continuous monitoring strategy

C : A system security plan

D : An incident response plan

Answer: A

Question 3

Which of the following is NOT typically included in the system registration process in the NIST RMF?

Options :

A : System identification information, such as the system name and owner

B : The security categorization of the system

C : Organizational policy on system registration

D : The selection and implementation of security controls for the system

Answer: D

Question 4

During what phase of the SDLC does authorization reporting for new systems take place?

Options :

A : Operations/Maintenance

B : Development/Acquisition

C : Implementation/Assessment

D : Initiation (concept/requirements definition)

Answer: C

Question 5

Ratio Corp is in the process of selecting security controls for a new information system. Which of the following is NOT a valid control selection method according to NIST guidelines?

Options :

A : Using a risk-based approach to determine the appropriate controls

B : Selecting controls based solely on cost-effectiveness

C : Implementing controls that are required by law, regulation, or policy

D : Adopting controls that are consistent with industry standards and best practices

Answer: B

Free CGRC Mock Exam – Practice Online Confidently

Buying Options: