nerdexam
ExamsCGRCQuestions#116
(ISC)2(ISC)2

CGRC · Question #116

CGRC Question #116: Real Exam Question with Answer & Explanation

The correct answer is C: FIPS PUB 150. The question asks which FIPS publication relates to security risk assessment requirements that an effective continuous monitoring program can help meet.

Compliance Maintenance

Question

An effective continuous monitoring program can be used to meet the ___________ publication's requirements for security risk assessment Response:

Options

  • AFIPS PUB 200
  • BFIPS PUB 300
  • CFIPS PUB 150
  • DFIPS PUB 299

Explanation

The question asks which FIPS publication relates to security risk assessment requirements that an effective continuous monitoring program can help meet.

Common mistakes.

  • A. FIPS PUB 200 establishes minimum security requirements, not specific risk assessment requirements in the way the question implies.
  • B. FIPS PUB 300 does not exist as a NIST publication.
  • D. FIPS PUB 299 does not exist as a NIST publication.

Concept tested. Understanding relevant FIPS publications for continuous monitoring and risk assessment

Topics

#Continuous Monitoring#Security Risk Assessment#FIPS Publications#Compliance Requirements

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CGRC PracticeBrowse All CGRC Questions