Appendix V: Answers to Review Questions

Domain 1

  1. During which Risk Management Framework (RMF) step is the system security plan initially approved?

    A. RMF Step 1 Categorize Information System

    B. RMF Step 2 Select Security Controls

    C. RMF Step 3 Implement Security Controls

    D. RMF Step 5 Authorize Information System

    Answer is B.

    The system security plan is first approved by the authorizing official or AO designated representative during execution of RMF Step 2, Task 2-4.

    Security Plan Approval. See: CAP® CBK® Chapter 2, Task 2-4: Approval Security Plan; NIST SP 800-37, Revision 1, RMF Step 2, Task 2-4: Security Plan Approval.

  2. Which organizational official is responsible for the procurement, development, integration, modification, operation, maintenance, ...

Get Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial