EMT Practice Test
1. Question Content...
Question23: Which of the following individuals makes the final accreditation decision?
Question28: What does OCTAVE stand for?
Question43: Which of the following is NOT an objective of the security program?
Question46: In which of the following DIACAP phases is residual risk analyzed?
Question56: Which of the following statements about System Access Control List (SACL) is true?
Question63: In which of the following phases does the SSAA maintenance take place?
Question75: Which of the following statements is true about the continuous monitoring process?
Question83: Which of the following is used throughout the entire C&A process?
Question86: Which of the following NIST documents includes components for penetration testing?
Question88: Which one of the following is the only output for the qualitative risk analysis process?
Question112: Which of the following is NOT a responsibility of a data owner?
Question115: Which of the following is NOT a type of penetration test?
Question119: Which of the following NIST publications defines impact?
Question120: During which of the following processes, probability and impact matrix is prepared?
Question124: Which of the following roles is also known as the accreditor?
Question126: Which of the following statements about role-based access control (RBAC) model is true?
Question144: Which of the following statements correctly describes DIACAP residual risk?
Question159: In which type of access control do user ID and password system come under?
Question160: Which of the following methods of authentication uses finger prints to identify users?
Question169: Which of the following is the acronym of RTM?
Question172: Which of the following relations correctly describes residual risk?
Question180: Which of the following RMF phases is known as risk analysis?
Question181: What does RTM stand for?
Question184: What is the objective of the Security Accreditation Decision task?
Question187: Which of the following is NOT considered an environmental threat source?
Question195: Which of the following is not a part of Identify Risks process?
Question209: Which of the following is a risk that is created by the response to another risk?
Question217: Which of the following is NOT an objective of the security program?
Question224: Which of the following RMF phases is known as risk analysis?
Question247: In which of the following DITSCAP phases is the SSAA developed?
Question257: Where can a project manager find risk-rating rules?
Question258: Which of the following relations correctly describes total risk?
Question260: Which of the following statements is true about residual risks?
Question266: Which types of project tends to have more well-understood risks?
Question275: Which of the following individuals makes the final accreditation decision?
Question278: Which of the following individuals is responsible for the final accreditation decision?
Question292: In which of the following phases does the SSAA maintenance take place?
Question294: During which of the following processes, probability and impact matrix is prepared?
Question297: Which of the following parts of BS 7799 covers risk analysis and management?
Question299: Which of the following NIST documents defines impact?
Question303: Which of the following NIST documents defines impact?
Question306: Which of the following C&A professionals plays the role of an advisor?
Question317: Which of the following is NOT an objective of the security program?
Question334: Which of the following individuals is responsible for the final accreditation decision?
Question340: In which type of access control do user ID and password system come under?
Question361: Which of the following are the types of assessment tests addressed in NIST SP 800-53A?