[2024年08月]更新のCGRC問題集で時間限定!無料アクセスせよ! [Q22-Q42]

Share

[2024年08月]更新のCGRC問題集で時間限定!無料アクセスせよ!

CGRC問題集で2024年最新のISC CGRC試験問題

質問 # 22
NIST guidance classifies security controls as
Response:

  • A. Production, development, and test.
  • B. Technical, Operational, Management.
  • C. People, process, and technology
  • D. System specific, common, and hybrid.

正解:B


質問 # 23
Which NIST SP series document is concerned with continuous monitoring for federal information systems and organizations?
Response:

  • A. SP 800-144
  • B. SP 800-64
  • C. SP 800-26
  • D. SP 800-137

正解:D


質問 # 24
Which NIST SP describes various sensitivity rankings for federal systems; Guide for Developing Security Plans for Federal Info Systems?
Response:

  • A. NIST SP 800-19
  • B. NIST SP 800-20
  • C. NIST SP 800-18
  • D. NIST SP 800-15

正解:C


質問 # 25
Which of the following is NOT an objective of the security program? Response:

  • A. Security plan
  • B. Information classification
  • C. Security education
  • D. Security organization

正解:A


質問 # 26
Which of the following are the common roles with regard to data in an information classification program?
Each correct answer represents a complete solution. Choose all that apply.
Response:

  • A. Security auditor
  • B. User
  • C. Owner
  • D. Editor
  • E. Custodian

正解:A、B、C、E


質問 # 27
An effective continuous monitoring program can be used to meet the ___________ publication's requirements for security risk assessment Response:

  • A. FIPS PUB 299
  • B. FIPS PUB 300
  • C. FIPS PUB 150
  • D. FIPS PUB 200

正解:C


質問 # 28
Colvine Tech implemented security cameras, door locks, and light bulbs to protect its systems from threats. What is the function of security cameras?
Response:

  • A. deterrent control
  • B. detective control
  • C. preventive control
  • D. corrective control

正解:B


質問 # 29
Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media? Response:

  • A. DAA
  • B. RTM
  • C. ATM
  • D. CRO

正解:B


質問 # 30
A security assessment plan comprises of all of the following except one Response:

  • A. Rules of engagement
  • B. Scope
  • C. Recommendations for remediation
  • D. Methodology

正解:C


質問 # 31
What is the first SDLC phase; which maps to the first two RMF steps (Categorization, Select Controls)? Response:

  • A. Disposition
  • B. Initiation
  • C. Implementation
  • D. Categorization

正解:B


質問 # 32
"The authorization for the system or the common control is approved or denied" is an an outcome of which of the ensuing tasks?
Response:

  • A. Authorization package
  • B. Authorization decision
  • C. Risk response
  • D. Authorization reporting

正解:B


質問 # 33
In what step of the RMF process would you create the SSP? Response:

  • A. Step 2 (Recommendations)
  • B. Step 1 (Categorization)
  • C. Step 4 (Determination)
  • D. Step 3 (Mitigation)

正解:B


質問 # 34
What is verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.
Response:

  • A. Verification
  • B. Categorization
  • C. Organizational
  • D. Authentication

正解:D


質問 # 35
Which of the following RMF phases is known as risk analysis? Response:

  • A. Phase 0
  • B. Phase 2
  • C. Phase 1
  • D. Phase 3

正解:B


質問 # 36
Security controls that can support multiple information systems efficiently and effectively as a common capability.
Their implementation results in a security capability that is inheritable by multiple information systems; such as Network boundary defense, management constraints, personnel security, security of physical structures, etc..
Response:

  • A. Security Controls
  • B. Common Controls Provider
  • C. Inherited Control
  • D. Common Controls

正解:D


質問 # 37
Which of the following individuals is responsible for ensuring the security posture of the organization's information system?
Response:

  • A. Authorizing Official
  • B. Chief Information Officer
  • C. Security Control Assessor
  • D. Common Control Provider

正解:A


質問 # 38
What is FIPS 199?
Response:

  • A. Data for Security definition for Federal Information and Information Systems
  • B. Standards for Security Categorization of Federal Information and Information Systems
  • C. Terminology for Security Categorization for Federal Information and Information Systems
  • D. Law for Security Categorization of Federal Information and Information Systems

正解:B


質問 # 39
Which if the following is an example of the test assessment method? Response:

  • A. Conducting a vulnerability scan on web applications
  • B. Reviewing the most recent scan reports
  • C. Asking administrators about the scanning process
  • D. Reading vulnerability scan policies and procedures

正解:A


質問 # 40
Which of the following BEST defines the purpose of security assessment? Response:

  • A. To perform oversight and monitor the security controls in the information system (IS)
  • B. To determine if the remaining known vulnerability pose an acceptable level of risk
  • C. To determine the extent to which the security controls are implemented correctly and operating as intended
  • D. To perform initial risk estimate and security categorization of the information system (IS)

正解:C


質問 # 41
Site-specific controls are typically implemented by an organization as what type of controls?
Response:

  • A. System specific controls
  • B. Hybrid controls
  • C. Common controls
  • D. Technical controls

正解:C


質問 # 42
......

ISC CGRC試験実践テスト問題:https://jp.fast2test.com/CGRC-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어