Q1
The authorization decision document conveys the final security authorization decision from the
authorizing official to the information system owner. The authorization decision document
contains all of the following information except? Authorization decision Terms and conditions for
the authorization Approving revisions to the SSAA Authorization termination date
Answer: Authorization decision
Q2
Security categorization of an National Security System must consider the security categories of
all information types resident on it. True False True
Answer: True
Q3
NIST SP 800 53A defines three types of interview depending on the level of assessment
conducted. Which of the following NIST SP 800 53A interviews consists of informal and ad hoc
interviews? Substantial Abbreviated Comprehensive Significant Abbreviated
Answer: Substantial
Q4
How many steps are defined in the RMF process? Three Four Six Five Six
Answer: Three
Q5
In which type of access control do user ID and password system come under?
Answer: Physical
Q6
Why would the authorization decision issue a determination of Not Authorized?
Answer: If the system is not authorized (NA) to process classified
, Q7
What assessment procedure is designed to work with and complement the assessment
procedures to contribute to the grounds for confidence in the
Answer: complement the assessment
Q8
When does monitoring security controls take place? Before the initial system certification After
the initial system security authorization Before and after the initial system security
accreditation During the system design phase After the initial system security authorization
Answer: Before the initial system certification
Q9
Which of the following professionals plays the role of a monitor and takes part in the
organizations configuration management process? Senior Agency Information Security Officer
Authorizing Official Common Control Provider Chief Information Officer
Answer: configuration management process?
Q10
What is the potential impact if the loss of confidentiality, integrity, or availability could be
expected to have a severe or catastrophic adverse effect on organizational operations,
organizational assets, individuals, other organizations, or the national security interests of the
United States? Low Moderate Severe High
Answer: Low
Q11
Identify risks associated to location. Create an RTM.
Answer: Collect agency information and security metrics specific to the system.
Q12
Which of the following governance bodies directs and coordinates implementations of the
information security program?
Answer: Chief Information Security Officer