Question 1

DEF Corporation is considering the implementation of a new software application. What is the role of security requirements in the SDLC?

Options :

A : To ensure that the software application is reliable and performs as intended

B : To identify and mitigate security risks associated with the software application

C : To design the software application and its features

D : To test the software application for defects and errors

Answer: B

Question 2

True or False: Risk response is the final step in the NIST Risk Management Framework and involves implementing security controls to address identified risks.

Options :

A : TRUE

B : FALSE

Answer: B

Question 3

During the security controls assessment phase, the security control assessor at Ratio Corp is responsible for testing the effectiveness of the security controls. Which of the following is the most important consideration when conducting security control testing?

Options :

A : The number of security controls implemented

B : The potential risks to the information system

C : The availability of skilled personnel to conduct the testing

D : The number of positive reviews of the implemented controls

Answer: B

Question 4

Security controls are assessed for a number of reasons. Which of the following are reasons for assessing security controls? Select all that apply.

Options :

A : To ensure that the security and privacy controls for managing risk are in place and producing the desired outcomes

B : To satisfy legal and regulatory requirements and avoid paying a fine.

C : To provide a good source of KPIs to senior management.

D : To provide the authorizing official with the information needed to make an authorization decision

E : To maintain ongoing situational awareness about the security and privacy posture of the system and organization to support risk management decisions

Answer: A,D

Question 5

What are the objectives of the Prepare step in the NIST RMF framework?

Options :

A : Facilitating better communication between senior leaders and executives at the organization and mission and business process levels and system owners

B : Facilitating organization-wide identification of common controls and the development of organizationally tailored control baselines, reducing the workload on individual system owners and the cost of system development and asset protection

C : Reducing the complexity of the information technology and operations technology infrastructure using enterprise architecture concepts and models to consolidate, optimize, and standardize organizational systems, applications, and services

D : Ensuring that the implemented security controls continue to provide the intended level of protection for the information system and its data throughout the system-s lifecycle.

E : Identifying, prioritizing, and focusing resources on the organizationâ€™s high-value assets and high impact systems that require increased levels of protection and taking steps commensurate with the risk to such assets.

Answer: A,B,C,E

Confidently Practice Online with Free CGRC Exam Cram

Buying Options: