NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews?
Suggested Answer:Explanation: Abbreviated interview consists of informal and ad hoc interviews. Answer: D is incorrect. Substantial interview consists of informal and structured🗳️
in NIST SP 800-53A.
The answer is C. Abbreviated.
NIST SP 800-53A is a security and privacy control assessment guideline published by NIST. According to this guideline, there are three types of interviews that may be conducted during an assessment:
1. Abbreviated Assessment – An abbreviated assessment consists of informal and ad hoc interviews with key personnel to determine whether controls are implemented.
2. Basic Assessment – A basic assessment involves structured interviews with a sample of system users, which assesses the level of compliance with policies and procedures.
3. Comprehensive Assessment – A comprehensive assessment includes structured interviews with stakeholders representing all functional areas included in the scope of testing specified in the security plan.
An abbreviated interview is informal and ad hoc where one can ask questions informally on different aspects for control implementation while assessing software applications or systems developed under software engineering principles to ensure their proper functionality and protection against possible cyber threats or attacks.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
74gjd_37
5 months, 2 weeks ago