최신 CGRC 무료덤프 - ISC Certified in Governance Risk and Compliance

문제1

Risks with low ratings of probability and impact are included on a ____ for future monitoring.
Response:

A. Observation list

B. Risk register

C. Watchlist

D. Risk alarm

정답: C

문제2

A SCAP specification for communicating the characteristics of vulnerabilities and measuring their relative severity.
Response:

A. Disaster Recovery Plan (DRP)

B. Common Vulnerability and Exposures (CVE)

C. Common Vulnerability Scoring System (CVSS)

D. Continuity of Operations Plan (COOP)

정답: C

문제3

The change control board team at Colvine Tech has determined the security impact of proposed changes to an application, what would be the team's next action? Response:

A. Assess a selected subset of the security controls employed within and inherited by the application in accordance with the organization-defined monitoring strategy.

B. Update the SSP, SAR, and POA&Ms based on the results of the change control board's security impact analysis.

C. Prepare the POA&Ms based on the findings and recommendations of the security assessment report excluding any remediation actions taken.

D. Prepare the SAR documenting the issues, findings, and recommendations from the security control assessment.

정답: B

문제4

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?
Response:

A. NSA-IAM

B. ASSET

C. NIACAP

D. DITSCAP

정답: C

문제5

Which of the following components ensures that risks are examined for all new proposed change requests in the change control system?
Response:

A. Configuration management

B. Risk monitoring and control

C. Scope change control

D. Integrated change control

정답: D

문제6

According to the Risk Management Framework (RMF), which role has a primary responsibility to report the security status of the information system to the authorizing official (AO) and other appropriate organizational officials on an ongoing basis in accordance with the monitoring strategy? Response:

A. Independent assessor

B. Senior information assurance officer (SIAO)

C. Information system security officer (ISSO)

D. Common control provider

정답: C

문제7

Overlays can be implemented as part of control tailoring. In which step of the assessment and authorization process is control tailoring done?
Response:

A. Select step

B. Risk Assessment

C. Privacy Impact Assessment (PIA) Step

D. Security Categorization

정답: A

문제8

Another term used to refer to a Security Controls Assessment or security review; is? Response:

A. Evaluation

B. Security Test (ST)

C. Security Test & Evaluation (ST&E)

D. Security Control

정답: C

문제9

A set of specifications for a system, or Configuration Item (CI) within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. The baseline configuration is used as a basis for future builds, releases, and/or changes.
Response:

A. Configuration Management

B. System Configuration

C. Baseline Configuration

D. Software Configuration

정답: C

문제10

The Software Development Life-Cycle phase that maps to RMF Step 2 (select controls), Task 4, SP Approval?
Response:

A. Criticality/Sensitivity

B. Development/Acquisition

C. Mission/business process

D. Operation/Maintenance

정답: B

문제11

Which of the following statements correctly describes DIACAP residual risk? Response:

A. It is the remaining risk to the information system after risk palliation has occurred.

B. It is used to validate the information system.

C. It is a process of security authorization.

D. It is the technical implementation of the security design.

정답: A

문제12

Which of the following control families belongs to the management class of security controls?
Response:

A. Configuration management

B. Media Protection

C. Access Control

D. System & Service Acquisition

정답: D

문제13

What are the three classifications for security controls for information systems? Response:

A. System-Custom Controls.
Regular Controls.
Hybrid Controls.

B. System-Common Controls.
Regular Controls.
Hybrid Controls.

C. System-Specific Controls.
Common Controls.
Hybrid Controls.

D. System-Security Controls.
Common Controls.
Hybrid Controls.

정답: C

문제14

Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process?
Response:

A. Authorizing Official

B. Senior Agency Information Security Officer

C. Common Control Provider

D. Chief Information Officer

정답: C

최신 CGRC 무료덤프 - ISC Certified in Governance Risk and Compliance

우리와 연락하기

유용한 링크

최신 업데이트