Which of the following phases of NIST SP 800-37 C&A methodology will define the above task
Della works as a security engineer for BlueWell Inc. She wants to establish configuration
management and control procedures that will document proposed or actual changes to the
information system. Which of the following phases of NIST SP 800-37 C&A methodology will
define the above task
Which of the following types of CNSS issuances establishes or describes policy and programs, provides authorit
Which of the following types of CNSS issuances establishes or describes policy and programs,
provides authority, or assigns responsibilities
Which of the following individuals is an upper-level manager who has the power and capability to evaluate the
Which of the following individuals is an upper-level manager who has the power and capability to
evaluate the mission, business case, and budgetary needs of the system while also considering
the security risks
Which of the following rated systems of the Orange book has mandatory protection of the TCB
Which of the following rated systems of the Orange book has mandatory protection of the TCB
Which of the following categories of system specification describes the technical requirements that cover a se
Which of the following categories of system specification describes the technical requirements that
cover a service, which is performed on a component of the system
Which of the following DITSCAPNIACAP model phases is used to show the required evidence to support the DAA in
Which of the following DITSCAPNIACAP model phases is used to show the required evidence to
support the DAA in accreditation process and conclude in an Approval To Operate (ATO)
Which of the following is a 1996 United States federal law, designed to improve the way the federal government
Which of the following is a 1996 United States federal law, designed to improve the way the
federal government acquires, uses, and disposes information technology
Choose all that apply
An Authorizing Official plays the role of an approver. What are the responsibilities of an
Authorizing Official Each correct answer represents a complete solution. Choose all that apply.
Which of the following areas of information system, as separated by Information Assurance Framework…
Which of the following areas of information system, as separated by Information Assurance
Framework, is a collection of local computing devices, regardless of physical location, that are
interconnected via local area networks (LANs) and governed by a single security policy
Which of the following individuals informs all C&A participants about life cycle actions, security require
Which of the following individuals informs all C&A participants about life cycle actions, security
requirements, and documented user needs