CGRC 무료 덤프문제 온라인 액세스

Organizations implement safeguards and countermeasures to protect information resources from risks. One of the following is an administrative safeguard family implemented by the management of an organization.
Response:

• A.FIPS 199 and NIST SP 800-37
• B.Certification and accreditation
• C.Ecryption and integrity checks
• D.Implementation and Assessment

The emphasis of the revised NIST SP 800-37 process is on.............
Response:

• A.Maintaining awareness of the security posture of information systems through the application of
  "enhanced monitoring processes."
• B.Building information security controls into government information systems by applying up-to-date management, operational and technical security controls.
• C.Providing senior leaders essential information to facilitate decision making with regard to risk acceptance.
• D.Creating secured environment to provide guidance to individuals involved in security information systems
• E.Developing leadership to use, analyze and manage technical security of government information systems

In which of the following phases of the DITSCAP process does Security Test and Evaluation (ST&E) occur? Response:

• A.Phase 2
• B.Phase 3
• C.Phase 4
• D.Phase 1

Interrelationships of system authorization processes.
Response:

• A.1. System Security Authorization Project Planning.
  2. System Inventory Process.
  3. Assess Sensitivity and Criticality
  4. Develop System Security Plan
  5. Coordinate Security for Interconnected Systems.
  6. Apply Minimum Security Baselines.
  7. Assess Risk
  8. Develop Security Procedures
  9. Conduct Certification Testing
  10. Plan for Remediation
  11. Create System Authorization Documentation
  12. Document the Accreditation Decision
• B.1. System Security Authorization Project Planning.
  2. System Inventory Process.
  3. Assess Sensitivity and Criticality
  4. Develop System Security Plan
  5. Create System Authorization Documentation
  6. Document the Accreditation Decision
  7. Assess Risk
  8. Apply Minimum Security Baselines.
  9. Develop Security Procedures
  10. Conduct Certification Testing
  11. Coordinate Security for Interconnected Systems.
  12. Plan for Remediation
• C.1. Coordinate Security for Interconnected Systems.
  2. Apply Minimum Security Baselines.
  3. Assess Risk
  4. Develop Security Procedures
  5. Document the Accreditation Decision
  6. System Inventory Process.
  7. Create System Authorization Documentation
  8. Develop System Security Plan
  9. Conduct Certification Testing
  10. System Security Authorization Project Planning.
• D.1. Conduct Certification Testing
  2. Plan for Remediation
  3. Create System Authorization Documentation
  4. Document the Accreditation Decision
  5. System Inventory Process.
  6. Coordinate Security for Interconnected Systems.
  7. Assess Risk
  8. Develop System Security Plan
  9. System Security Authorization Project Planning.
  10. Apply Minimum Security Baselines.

One of the main objectives of testing is to avoid ______________ of normal operations.
Response:

• A.Stand still
• B.Defend
• C.Disruption
• D.Orderliness