Question 1

Which of the following best describes the benefits of using automation to support control assessments in the context of an information security program?

Options :

A : Automation completely eliminates the need for manual control assessments and human intervention

B : Automation reduces the time and effort required for control assessments by providing continuous monitoring and real-time reporting

C : Automation ensures that all security controls are implemented flawlessly, with no room for error

D : Automation guarantees that all assessed security controls will receive the highest possible effectiveness rating

Answer: B

Question 2

What are the types of authorization decisions that can be given by an authorizing official? Select all that apply.

Options :

A : Authorization to operate

B : Interim authorization to operate

C : Common control authorization

D : Authorization to use

E : Denial of authorization

Answer: A,C,D,E

Question 3

During what phase of the SDLC does authorization reporting for new systems take place?

Options :

A : Operations/Maintenance

B : Development/Acquisition

C : Implementation/Assessment

D : Initiation (concept/requirements definition)

Answer: C

Question 4

True or False: During control selection, all controls may be specialized with tailoring.

Options :

A : TRUE

B : FALSE

Answer: B

Question 5

What NIST special publication provides guidance on continuous monitoring?

Options :

A : NIST SP 800-53

B : NIST SP 800-37

C : NIST SP 800-137

D : NIST SP 800-160

Answer: C