問題1
The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on behalf of the performing organization. Which one of the following is NOT an example of the transference risk response?
The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on behalf of the performing organization. Which one of the following is NOT an example of the transference risk response?
正確答案: D
問題2
Which of the following types of CNSS issuances describes how to implement the policy or prescribes the manner of a policy?
Which of the following types of CNSS issuances describes how to implement the policy or prescribes the manner of a policy?
正確答案: D
問題3
You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report.
Which of the following tests will help you to perform the above task?
You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report.
Which of the following tests will help you to perform the above task?
正確答案: D
問題4
During a fingerprint verification process, which of the following is used to verify identity and authentication?
During a fingerprint verification process, which of the following is used to verify identity and authentication?
正確答案: D
問題5
Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy?
Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy?
正確答案: B
問題6
Which of the following configuration management system processes defines which items will be configuration managed, how they are to be identified, and how they are to be documented?
Which of the following configuration management system processes defines which items will be configuration managed, how they are to be identified, and how they are to be documented?
正確答案: A
問題7
Certification and Accreditation (C&A or CnA) is a process for implementing information security.
Which of the following is the correct order of C&A phases in a DITSCAP assessment?
Certification and Accreditation (C&A or CnA) is a process for implementing information security.
Which of the following is the correct order of C&A phases in a DITSCAP assessment?
正確答案: D
問題8
Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?
Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?
正確答案: B
問題9
Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls?
Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls?
正確答案: A
問題10
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment? Each correct answer represents a part of the solution. Choose all that apply.
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment? Each correct answer represents a part of the solution. Choose all that apply.
正確答案: A,B,C,D
問題11
Which of the following Net-Centric Data Strategy goals are required to increase enterprise and community data over private user and system data? Each correct answer represents a complete solution. Choose all that apply.
Which of the following Net-Centric Data Strategy goals are required to increase enterprise and community data over private user and system data? Each correct answer represents a complete solution. Choose all that apply.
正確答案: C,D
問題12
Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life?
Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life?
正確答案: C