EMT Practice Test
1. Question Content...
Question5: What does RTM stand for?
Response:
Question8: What is the purpose of the assess step?
Response:
Question11: What is the purpose of a Privacy impact assessment?
Response:
Question13: The monitoring frequency for each security control is based on which of the following?
Question16: What is the purpose of the monitor step?
Response:
Question20: The registration of the system directly follows which RMF task? Response:
Question40: A security assessment plan comprises of all of the following except one Response:
Question42: During which RMF step is the system security plan initially approved? Response:
Question44: NIST SP 800-53 describes a family of controls as:
Response:
Question57: The primary responsibility to select control assessors rests on which roles? Response:
Question62: Which NIST special publication is the guide on continuous monitoring? Response:
Question71: An effective continuous monitoring program can be used to Response:
Question82: The person primarily responsible for RMF Step 1, Categorization.
Response:
Question83: What is the four-step security categorization process?
Response:
Question91: What are the three tools necessary for managing the inventory program? Response:
Question94: The Organization Level (Tier 1) strategy addresses/requires........
Response:
Question107: The emphasis of the revised NIST SP 800-37 process is on.............
Response:
Question110: Which of the following is NOT a responsibility of a data owner? Response:
Question129: What are five primary roles associated with the system authorization program? Response:
Question132: Step 7 of the risk management framework can be described as:
Response:
Question133: In which of the following phases does the change management process start? Response:
Question157: Which of the following NIST documents defines impact?
Response:
Question163: Any deviations from the Security Assessment plan should be________? Response:
Question167: What does SC stand for regarding Information Types?
Response:
Question168: In which type of access control do user ID and password system come under? Response:
Question179: Which of the following statements is true about residual risks? Response:
Question182: What is the purpose for scoping guidance?
Response:
Question188: What does avoidance mean with respect to risk response?
Response:
Question202: To help review or design security controls, they can be classified by several criteri
Question206: What are the four business areas of BRM?
Response:
Question208: Which of the following relations correctly describes total risk? Response:
Question211: What is the objective of the Security Accreditation Decision task? Response:
Question215: What are information system?
Response:
Question223: What is Step 6?
Response:
Question232: Which of the following is NOT an objective of the security program? Response:
Question236: Where can a project manager find risk-rating rules?
Response:
Question238: During which RMF step is the system security plan (SP) approved? Response:
Question241: The authorization boundary of a system undergoing assessment comprises of:
Response:
Question245: Change management is initiated under which phase?
Response:
Question246: Step 6 of the risk management framework can be described as:
Response:
Question249: Which of the following is the acronym of RTM?
Response:
Question251: Which of the following statements correctly describes DIACAP residual risk? Response:
Question252: Which of the following is not a risk factor as stated in NIST SP 800-37? Response:
Question255: An agreement that allows two organizations to back up each other.
Response:
Question259: Interrelationships of system authorization processes.
Response:
Question263: What is FIPS 199?
Response:
Question272: Which of the following best defines a general support system? Response:
Question275: What is NIST SP 800-37 R1?
Response:
Question279: Security testing conducted from inside the organization's security perimeter.
Response:
Question285: What's another term that is synonymous with a common control? Response:
Question286: Which of the following details best define an independent assessor? Response: