
[2024年08月]更新のCGRC問題集で時間限定!無料アクセスせよ!
CGRC問題集で2024年最新のISC CGRC試験問題
質問 # 22
NIST guidance classifies security controls as
Response:
- A. Production, development, and test.
- B. Technical, Operational, Management.
- C. People, process, and technology
- D. System specific, common, and hybrid.
正解:B
質問 # 23
Which NIST SP series document is concerned with continuous monitoring for federal information systems and organizations?
Response:
- A. SP 800-144
- B. SP 800-64
- C. SP 800-26
- D. SP 800-137
正解:D
質問 # 24
Which NIST SP describes various sensitivity rankings for federal systems; Guide for Developing Security Plans for Federal Info Systems?
Response:
- A. NIST SP 800-19
- B. NIST SP 800-20
- C. NIST SP 800-18
- D. NIST SP 800-15
正解:C
質問 # 25
Which of the following is NOT an objective of the security program? Response:
- A. Security plan
- B. Information classification
- C. Security education
- D. Security organization
正解:A
質問 # 26
Which of the following are the common roles with regard to data in an information classification program?
Each correct answer represents a complete solution. Choose all that apply.
Response:
- A. Security auditor
- B. User
- C. Owner
- D. Editor
- E. Custodian
正解:A、B、C、E
質問 # 27
An effective continuous monitoring program can be used to meet the ___________ publication's requirements for security risk assessment Response:
- A. FIPS PUB 299
- B. FIPS PUB 300
- C. FIPS PUB 150
- D. FIPS PUB 200
正解:C
質問 # 28
Colvine Tech implemented security cameras, door locks, and light bulbs to protect its systems from threats. What is the function of security cameras?
Response:
- A. deterrent control
- B. detective control
- C. preventive control
- D. corrective control
正解:B
質問 # 29
Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media? Response:
- A. DAA
- B. RTM
- C. ATM
- D. CRO
正解:B
質問 # 30
A security assessment plan comprises of all of the following except one Response:
- A. Rules of engagement
- B. Scope
- C. Recommendations for remediation
- D. Methodology
正解:C
質問 # 31
What is the first SDLC phase; which maps to the first two RMF steps (Categorization, Select Controls)? Response:
- A. Disposition
- B. Initiation
- C. Implementation
- D. Categorization
正解:B
質問 # 32
"The authorization for the system or the common control is approved or denied" is an an outcome of which of the ensuing tasks?
Response:
- A. Authorization package
- B. Authorization decision
- C. Risk response
- D. Authorization reporting
正解:B
質問 # 33
In what step of the RMF process would you create the SSP? Response:
- A. Step 2 (Recommendations)
- B. Step 1 (Categorization)
- C. Step 4 (Determination)
- D. Step 3 (Mitigation)
正解:B
質問 # 34
What is verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.
Response:
- A. Verification
- B. Categorization
- C. Organizational
- D. Authentication
正解:D
質問 # 35
Which of the following RMF phases is known as risk analysis? Response:
- A. Phase 0
- B. Phase 2
- C. Phase 1
- D. Phase 3
正解:B
質問 # 36
Security controls that can support multiple information systems efficiently and effectively as a common capability.
Their implementation results in a security capability that is inheritable by multiple information systems; such as Network boundary defense, management constraints, personnel security, security of physical structures, etc..
Response:
- A. Security Controls
- B. Common Controls Provider
- C. Inherited Control
- D. Common Controls
正解:D
質問 # 37
Which of the following individuals is responsible for ensuring the security posture of the organization's information system?
Response:
- A. Authorizing Official
- B. Chief Information Officer
- C. Security Control Assessor
- D. Common Control Provider
正解:A
質問 # 38
What is FIPS 199?
Response:
- A. Data for Security definition for Federal Information and Information Systems
- B. Standards for Security Categorization of Federal Information and Information Systems
- C. Terminology for Security Categorization for Federal Information and Information Systems
- D. Law for Security Categorization of Federal Information and Information Systems
正解:B
質問 # 39
Which if the following is an example of the test assessment method? Response:
- A. Conducting a vulnerability scan on web applications
- B. Reviewing the most recent scan reports
- C. Asking administrators about the scanning process
- D. Reading vulnerability scan policies and procedures
正解:A
質問 # 40
Which of the following BEST defines the purpose of security assessment? Response:
- A. To perform oversight and monitor the security controls in the information system (IS)
- B. To determine if the remaining known vulnerability pose an acceptable level of risk
- C. To determine the extent to which the security controls are implemented correctly and operating as intended
- D. To perform initial risk estimate and security categorization of the information system (IS)
正解:C
質問 # 41
Site-specific controls are typically implemented by an organization as what type of controls?
Response:
- A. System specific controls
- B. Hybrid controls
- C. Common controls
- D. Technical controls
正解:C
質問 # 42
......
ISC CGRC試験実践テスト問題:https://jp.fast2test.com/CGRC-premium-file.html