nerdexam
ExamsCSSLPQuestions#43
(ISC)2(ISC)2

CSSLP · Question #43

CSSLP Question #43: Real Exam Question with Answer & Explanation

The correct answer is B: Low. FIPS 199 defines impact levels for information systems, and a "Low" impact level signifies limited adverse effects on organizational operations, assets, or individuals. This classification helps in determining appropriate security controls.

Secure Software Concepts

Question

FIPS 199 defines the three levels of potential impact on organizations. Which of the following potential impact levels shows limited adverse effects on organizational operations, organizational assets, or individuals?

Options

  • AModerate
  • BLow
  • CMedium
  • DHigh

Explanation

FIPS 199 defines impact levels for information systems, and a "Low" impact level signifies limited adverse effects on organizational operations, assets, or individuals. This classification helps in determining appropriate security controls.

Common mistakes.

  • A. Moderate impact indicates serious adverse effects, not limited.
  • C. Medium is not a standard FIPS 199 impact level; FIPS 199 uses Low, Moderate, and High.
  • D. High impact indicates severe or catastrophic adverse effects, far beyond limited.

Concept tested. FIPS 199 impact levels

Reference. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf

Topics

#FIPS 199#Impact Levels#Risk Assessment#Security Categorization

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CSSLP PracticeBrowse All CSSLP Questions