Question 1

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply

Options :

A : Post-certification

B : Post-Authorization

C : Authorization

D : Pre-certification

E : Certification

Answer: A,B,C,D

Question 2

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production? Each correct answer represents a part of the solution. Choose all that apply.

Options :

A : NIST

B : Office of Management and Budget (OMB)

C : FIPS

D : FISMA

Answer: B,D

Question 3

Threat modeling is a process used to identify and document what? (Choose all that apply.)

Options :

A : The relationships in the system

B : The threats to a system

C : The mitigating actions that resolve the exposure

D : The system interfaces

Answer: B,C

Question 4

Key process metrics need to be established to enable management to do what? (Choose all that apply.)

Options :

A : Make correct assessments about conditions

B : Determine when to retire the system

C : Assess the outcomes of key activities and actions

D : Analyze the performance of the system

Answer: A,C,D

Question 5

What are the security advantages of virtualization, as described in the NIST Information Security and Privacy Advisory Board (ISPAB) paper "Perspectives on Cloud Computing and Standards"? Each correct answer represents a complete solution. Choose three

Options :

A : It increases capabilities for fault tolerant computing

B : It adds a layer of security for defense-in-depth

C : It decreases exposure of weak software

D : It decreases configuration effort

Answer: A,B,C

Free CSSLP Mock Exam – Practice Online Confidently

Buying Options: