Course Questions And Correct Answer with
Rational (100% verified answer) Q & A 2026 /
Instant download PDF
1. What is the first step in the NIST RMF process?
A. Authorize system
B. Categorize system
C. Monitor controls
D. Assess controls
Answer: B
Rationale: The RMF begins with system categorization based on impact levels.
2. Which document defines the RMF process?
A. NIST SP 800-53
B. NIST SP 800-37
C. FIPS 199
D. FIPS 140
Answer: B
Rationale: NIST SP 800-37 outlines the RMF lifecycle.
3. What is the purpose of FIPS 199?
,A. Control selection
B. System categorization
C. Encryption standards
D. Incident response
Answer: B
Rationale: FIPS 199 defines security categorization of systems.
4. What does RMF stand for?
A. Risk Monitoring Framework
B. Risk Management Framework
C. Resource Management Flow
D. Risk Mitigation Function
Answer: B
Rationale: RMF is Risk Management Framework.
5. Which step involves selecting security controls?
A. Categorize
B. Select
C. Monitor
D. Authorize
Answer: B
Rationale: Control selection happens after categorization.
6. What is the purpose of FIPS 200?
A. Define minimum security requirements
B. Encrypt data
C. Audit logs
D. Incident response
, Answer: A
Rationale: FIPS 200 defines minimum security requirements.
7. What is an SSP?
A. Security System Program
B. System Security Plan
C. Security Service Protocol
D. System Safety Policy
Answer: B
Rationale: SSP documents system security controls.
8. Who grants the ATO?
A. ISSO
B. Authorizing Official
C. System Admin
D. Auditor
Answer: B
Rationale: The Authorizing Official approves system operation.
9. What does ATO mean?
A. Access to Operations
B. Authorization to Operate
C. Assessment Technical Order
D. Audit Tracking Output
Answer: B
Rationale: ATO allows system operation after risk acceptance.
10. Which step evaluates security controls?