nerdexam
(ISC)2

CISSP-ISSEP · Question #198

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete soluti

The correct answer is A. High B. Medium C. Low. FIPS 199 defines three potential impact levels for federal information and information systems: Low, Moderate, and High - which maps to choices A and C being correct. However, this question contains a notable error: choice B ("Medium") is marked correct while D ("Moderate") is ma

Risk Management

Question

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AHigh
  • BMedium
  • CLow
  • DModerate

How the community answered

(49 responses)
  • A
    94% (46)
  • D
    6% (3)

Explanation

FIPS 199 defines three potential impact levels for federal information and information systems: Low, Moderate, and High - which maps to choices A and C being correct. However, this question contains a notable error: choice B ("Medium") is marked correct while D ("Moderate") is marked wrong, which is the opposite of actual FIPS 199 terminology. The standard explicitly uses the term "Moderate" - not "Medium" - as the middle tier. If you encounter this question on a real exam, be aware that the answer key as presented here is factually incorrect; the real FIPS 199 triad is Low, Moderate, High (choices A, C, D).

Memory tip: Think of traffic lights - Low (green), Moderate (yellow), High (red) - three levels, and the middle one is "Moderate," not "Medium." If your exam uses "Medium," it's a poorly written question; the authoritative NIST/FIPS terminology always uses "Moderate."

Topics

#FIPS 199#Impact levels#Security categorization#C&A

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice