CISSP PRACTICE QUESTIONS – 20220107

Effective CISSP Questions

Which of the following should be identified or determined first when implementing the NIST Risk Management Framework? (Wentz QOTD)
A. The system-specific risks
B. The assessor or assessment team
C. The impact of the information system in question
D. The high watermark of the impact of Information types

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. The system-specific risks.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

When implementing the RMF, the first step is to “prepare” to execute the RMF from an organization- and a system-level perspective by establishing a context and priorities for managing security and privacy risk.

  • The task, A system-level risk assessment is completed or an existing risk assessment is updated, is one at the system-level that should be done in the “prepare” step.
  • The determination of the high watermark of the impact of Information types and the impact of the information system in question is done in the “Categorize System” step.
  • The assessor or assessment team is determined in the “Assess Controls” step.

Reference


在實施 NIST 風險管理框架(RMF)時,應首先確定以下哪一項? (Wentz QOTD)
A. 系統特定風險
B. 評估員或評估團隊
C. 有關信息系統的影響
D. 信息類型影響的最高水位



1 thought on “CISSP PRACTICE QUESTIONS – 20220107

Leave a Reply