CAP · Question #193
In which of the following Risk Management Framework (RMF) phases is a risk profile created for threats?
The correct answer is C. Phase 2. In the RMF phasing model referenced by this exam, Phase 2 is the risk assessment phase where threats and vulnerabilities are analyzed and a risk profile is constructed for the organization or system. Phase 0 typically covers pre-RMF preparation (scoping and initiation), Phase 1 c
Question
In which of the following Risk Management Framework (RMF) phases is a risk profile created for threats?
Options
- APhase 3
- BPhase 1
- CPhase 2
- DPhase 0
How the community answered
(23 responses)- B4% (1)
- C96% (22)
Explanation
In the RMF phasing model referenced by this exam, Phase 2 is the risk assessment phase where threats and vulnerabilities are analyzed and a risk profile is constructed for the organization or system. Phase 0 typically covers pre-RMF preparation (scoping and initiation), Phase 1 covers system categorization and initial security planning, and Phase 3 covers ongoing authorization and monitoring activities. The risk profile - which maps identified threats to their likelihood and potential impact - is a Phase 2 deliverable that informs control selection decisions.
Topics
Community Discussion
No community discussion yet for this question.