{"id":1031,"date":"2023-02-12T20:28:08","date_gmt":"2023-02-12T20:28:08","guid":{"rendered":"https:\/\/www.goodacademic.com\/blog\/questions\/security-assessment-testing\/"},"modified":"2023-02-12T20:28:08","modified_gmt":"2023-02-12T20:28:08","slug":"security-assessment-testing","status":"publish","type":"questions","link":"https:\/\/www.goodacademic.com\/blog\/questions\/security-assessment-testing\/","title":{"rendered":"SECURITY ASSESSMENT &#038; TESTING"},"content":{"rendered":"<p>1.NIST SP 800-53 covers a vast number and type of security controls throughout the management, operational and ___________ domains. (Fill in the blank).<\/p>\n<p>2. By definition an assessment is the testing\/evaluation and the extent of: (Choose 3).&nbsp;<\/p>\n<p>Group of answer choicesSecurity Controls<br \/>\nConfidentiality<br \/>\nCorrectly implementing<br \/>\nProducing the desired outcome<br \/>\nInfrastructure<\/p>\n<p>3. The purpose of the risk assessment component is to identify what? (Choose 3).&nbsp;<\/p>\n<p>Group of answer choicesVulnerabilities<br \/>\nLikelihood of harm<br \/>\nRules<br \/>\nThreats<br \/>\nStrategy<\/p>\n<p>4. What law that was passed requires all federal agencies to conduct reviews and accreditations for their information systems?&nbsp;<\/p>\n<p>Group of answer choicesFederal Info System Management Act<br \/>\nSarbanes-Oxley Act<br \/>\nUSA Patriot Act<br \/>\nFIPS-197<\/p>\n<p>5. Who approves Federal Information Processing Standards (FIPS)?&nbsp;<br \/>\nGroup of answer choicesSecretary of Commerce<br \/>\nDepartment of Defense<br \/>\nPublic Law<br \/>\nCommittee on National Security Systems<br \/>\nCERT\n<\/p>\n<p>6. Which FIPS addresses the task to develop standards for categorization?&nbsp;<\/p>\n<p>Group of answer choicesFIPS 199<br \/>\nFIPS 202<br \/>\nFIPS 200<br \/>\nFederal Agencies<\/p>\n<p>7. Plans of Action and Milestones (POAMS) contain Weaknesses, Resources, Completion Date, Changes, Current Status, and _______________. (Fill in the blank).<\/p>\n<p>8. The ICD 503 has many focus points but for Vulnerability Assessment the initial evaluation analysis steps conclude with a vulnerability assessment to identify the?&nbsp;<\/p>\n<p>Group of answer choicesResidual Risk<br \/>\nTest<br \/>\nAccess<br \/>\nSystem<\/p>\n<p>9. FedRAMP developed risk management program focused on security for ______-based systems. (Fill in the blank).<\/p>\n<p>10. In the Risk Management Framework, the step after Authorization is?<\/p>\n<p>Group of answer choicesMonitoring<br \/>\nPreparation<br \/>\nAssessing<br \/>\nCategorization<\/p>\n<p>11. In the RMF\u2019s Preparation Phase, what requires increased levels of protection in an organization?<\/p>\n<p>Group of answer choicesHigh Value Assets<br \/>\nCybersecurity Initiatives<br \/>\nAuthorization<br \/>\nNetworks<\/p>\n<p>12. In the RMF\u2019s Categorization Phase, choose the documents needed to help complete the goal of Categorization. (Choose 3)<\/p>\n<p>Group of answer choicesBudgets<br \/>\nSystem Security Plans<br \/>\nPotential Impacts from a security compromise<br \/>\nNotes<br \/>\nInterviews<\/p>\n<p>13. When conducting an Assessment, the questions that are answered for controls are: Implemented Correctly, __________________, and Producing the Desired Outcome.&nbsp;<\/p>\n<p>14. The 3 documents included in the Authorization Package are the System Security Plan, Security Assessment Report and the?&nbsp;<\/p>\n<p>Group of answer choicesPOAM<br \/>\nContinuous Diagnostic and Mitigation Plan<br \/>\nMaintenance Plan<br \/>\nPersonnel Security Plan<\/p>\n<p>15. If you had conflicting guidance by NIST and Congress\/OMB authorities, which should you follow?<\/p>\n<p>Group of answer choicesCongress\/OMB<br \/>\nNIST<br \/>\nNo answer text provided.<br \/>\nNo answer text provided.<\/p>\n<p>16.Give your description of risk management without quoting NIST 800-37\u2019s definition.<\/p>\n<p>17. From the book, Security Controls Evaluation, Testing and Assessment Handbook, 2nd Edition, name 3 statutory or regulatory laws and tell a short summary about each one.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>1.NIST SP 800-53 covers a vast number and type of security controls throughout the management, operational and ___________ domains. (Fill in the blank). 2. By definition an assessment is the testing\/evaluation and the extent of: (Choose 3).&nbsp; Group of answer choicesSecurity Controls Confidentiality Correctly implementing Producing the desired outcome Infrastructure 3. The purpose of the [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":[],"disciplines":[211],"paper_types":[],"tagged":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/questions\/1031"}],"collection":[{"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/questions"}],"about":[{"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/types\/questions"}],"author":[{"embeddable":true,"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/comments?post=1031"}],"version-history":[{"count":0,"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/questions\/1031\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/media?parent=1031"}],"wp:term":[{"taxonomy":"disciplines","embeddable":true,"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/disciplines?post=1031"},{"taxonomy":"paper_types","embeddable":true,"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/paper_types?post=1031"},{"taxonomy":"tagged","embeddable":true,"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/tagged?post=1031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}