O'Reilly logo

Official (ISC)2® Guide to the CAP® CBK®, Second Edition, 2nd Edition by Patrick D. Howard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix V: Answers to Review Questions

Domain 1

  1. During which Risk Management Framework (RMF) step is the system security plan initially approved?

    A. RMF Step 1 Categorize Information System

    B. RMF Step 2 Select Security Controls

    C. RMF Step 3 Implement Security Controls

    D. RMF Step 5 Authorize Information System

    Answer is B.

    The system security plan is first approved by the authorizing official or AO designated representative during execution of RMF Step 2, Task 2-4.

    Security Plan Approval. See: CAP® CBK® Chapter 2, Task 2-4: Approval Security Plan; NIST SP 800-37, Revision 1, RMF Step 2, Task 2-4: Security Plan Approval.

  2. Which organizational official is responsible for the procurement, development, integration, modification, operation, maintenance, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required