SFPC Risk Management Framework 2

Question 1

What is the primary purpose of the NIST Risk Management Framework (RMF)?

Accepted Answer

To provide a structured process for integrating security and privacy risk management into the system development lifecycle

Answer

To manage financial investment risk

Answer

To certify software products

Answer

To train cybersecurity professionals

Question 2

What is 'system categorization' in the NIST RMF?

Accepted Answer

Determining the impact level of a system based on the sensitivity of the information it processes and the potential impact of a security breach

Answer

Organizing computer systems by make and model

Answer

Classifying systems by their operating system type

Answer

Identifying systems that need software updates

Question 3

What is an 'authorization boundary' in the context of the NIST RMF?

Accepted Answer

The defined scope of what is included in a system for security authorization purposes

Answer

A physical fence around a data center

Answer

A type of network firewall

Answer

The limit on the number of authorized users

Question 4

What is a 'Plan of Action and Milestones' (POA&M) in the RMF context?

Accepted Answer

A document identifying security weaknesses in a system with planned remediation actions and target completion dates

Answer

A project management timeline

Answer

A security authorization document

Answer

A system inventory document

Question 5

What is the 'continuous monitoring' step in the NIST RMF designed to accomplish?

Accepted Answer

Maintaining ongoing awareness of the security posture of a system to support risk management decisions

Answer

Continuously monitoring employee productivity

Answer

Monitoring system performance metrics only

Answer

Conducting annual security assessments

Question 6

What is an 'Authority to Operate' (ATO) in the RMF process?

Accepted Answer

An official management decision granting permission to operate an information system at an acceptable level of risk

Answer

A general employee authorization form

Answer

A certificate of system functionality

Answer

A type of software license