CAP Security Controls and Authorization

Question 1

What are the three security control baselines defined in NIST SP 800-53B?

Accepted Answer

Low, Moderate, High

Answer

NIST SP 800-53B defines Low, Moderate, and High baselines corresponding to the FIPS 199 impact categories.

Question 2

Which security control family in NIST SP 800-53 addresses access control?

Accepted Answer

AC

Answer

The AC (Access Control) family contains controls governing who can access systems, data, and functions.

Question 3

Control tailoring in NIST SP 800-53 allows organizations to do which of the following?

Accepted Answer

Adjust baseline controls to meet specific operational needs

Answer

Tailoring lets organizations add, remove, or modify baseline controls to fit their unique environment and risk tolerance.

Question 4

Which NIST SP 800-53 control family specifically addresses audit and accountability?

Accepted Answer

AU

Answer

The AU (Audit and Accountability) family includes controls for logging, audit record retention, and review of audit logs.

Question 5

What is a compensating security control?

Accepted Answer

An alternative control providing equivalent protection when the primary control cannot be implemented

Answer

A compensating control provides an equivalent level of protection when the baseline control is not feasible to implement as specified.

CAP - Certified Accreditation Professional Practice Test