CISSP-ISSEP · Question #198
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete soluti
The correct answer is A. High B. Medium C. Low. FIPS 199 defines three potential impact levels for federal information and information systems: Low, Moderate, and High - which maps to choices A and C being correct. However, this question contains a notable error: choice B ("Medium") is marked correct while D ("Moderate") is ma
Question
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete solution. Choose all that apply.
Options
- AHigh
- BMedium
- CLow
- DModerate
How the community answered
(49 responses)- A94% (46)
- D6% (3)
Explanation
FIPS 199 defines three potential impact levels for federal information and information systems: Low, Moderate, and High - which maps to choices A and C being correct. However, this question contains a notable error: choice B ("Medium") is marked correct while D ("Moderate") is marked wrong, which is the opposite of actual FIPS 199 terminology. The standard explicitly uses the term "Moderate" - not "Medium" - as the middle tier. If you encounter this question on a real exam, be aware that the answer key as presented here is factually incorrect; the real FIPS 199 triad is Low, Moderate, High (choices A, C, D).
Memory tip: Think of traffic lights - Low (green), Moderate (yellow), High (red) - three levels, and the middle one is "Moderate," not "Medium." If your exam uses "Medium," it's a poorly written question; the authoritative NIST/FIPS terminology always uses "Moderate."
Topics
Community Discussion
No community discussion yet for this question.