Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
3 Cards in this Set
- Front
- Back
Question 1
What C&A guidance document identifies common security controls applicable to federal information systems? A NIST SP 800-30 B NIST SP 800-37 C NIST SP 800-26 D FIPS 199 |
Answer B
Rationale: SP 800-30 (option A) is the risk management guide, SP 800-26 (option C) is the security self-assessment guide, and FIPS 199 (option D) is a standard for security categorization of federal information and information systems. |
|
Question 2
What NIST document contains the recommended security controls for federal information systems? A NIST SP 800-30 B NIST SP 800-37 C NIST SP 800-53 D NIST SP 800-26 |
Answer C
Rationale SP 800-30 is the risk management guide, SP 800-37 is the C&A guide, and SP 800-26 is the security self-assessment guide. |
|
Question 1
A primary focus of the ISSE process is to ________________. A Identify the information protection needs B Educate systems engineers on availability, integrity, and confidentiality C Ensure information systems are designed and developed with functional relevance D Design information systems that will meet the certification and accreditation documentation |
Answer A
Rationale The focus of the process is to first identify the information protection needs and then to use a process-oriented approach to identify security risks and subsequently to minimize or contain those risks. |