nerdexam
(ISC)2

CAP · Question #193

In which of the following Risk Management Framework (RMF) phases is a risk profile created for threats?

The correct answer is C. Phase 2. In the RMF phasing model referenced by this exam, Phase 2 is the risk assessment phase where threats and vulnerabilities are analyzed and a risk profile is constructed for the organization or system. Phase 0 typically covers pre-RMF preparation (scoping and initiation), Phase 1 c

Selection and Approval of Framework, Security, and Privacy Controls

Question

In which of the following Risk Management Framework (RMF) phases is a risk profile created for threats?

Options

  • APhase 3
  • BPhase 1
  • CPhase 2
  • DPhase 0

How the community answered

(23 responses)
  • B
    4% (1)
  • C
    96% (22)

Explanation

In the RMF phasing model referenced by this exam, Phase 2 is the risk assessment phase where threats and vulnerabilities are analyzed and a risk profile is constructed for the organization or system. Phase 0 typically covers pre-RMF preparation (scoping and initiation), Phase 1 covers system categorization and initial security planning, and Phase 3 covers ongoing authorization and monitoring activities. The risk profile - which maps identified threats to their likelihood and potential impact - is a Phase 2 deliverable that informs control selection decisions.

Topics

#RMF Phases#Risk Profile#Threat Identification#Control Selection

Community Discussion

No community discussion yet for this question.

Full CAP Practice