Question 1

Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system?

Options :

A : System Owner

B : Information Systems Security Officer (ISSO)

C : Designated Approving Authority (DAA)

D : Chief Information Security Officer (CISO)

Answer: C

Question 2

Which of the following Registration Tasks sets up the system architecture description, and describes the C&A boundary?

Options :

A : Registration Task 3

B : Registration Task 4

C : Registration Task 2

D : Registration Task 1

Answer: B

Question 3

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete solution. Choose all that apply.

Options :

A : High

B : Medium

C : Low

D : Moderate

Answer: A,B,C

Question 4

Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting sensitive, unclassified information in the systems as stated in Section 2315 of Title 10, United States Code?

Options :

A : Type I cryptography

B : Type II cryptography

C : Type III (E) cryptography

D : Type III cryptography

Answer: B

Question 5

Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task?

Options :

A : Security Certification

B : Security Accreditation

C : Initiation

D : Continuous Monitoring

Answer: D