ExpertHard1 markMultiple Choice
CPA · Question 35 · Area II: Security
In the context of NIST SP 800-53, what does the term 'Control Baseline' refer to?
In the context of NIST SP 800-53, what does the term 'Control Baseline' refer to?
Answer options:
A.
The current state of controls before any improvements.
B.
A set of minimum security controls defined for a low, moderate, or high impact information system.
C.
The maximum budget allowed for security.
D.
A list of all possible controls in the catalog.
How to approach this question
NIST SP 800-53 uses 'Baselines' (Low, Mod, High) to tell agencies which controls to pick.
Full Answer
B.A set of minimum security controls defined for a low, moderate, or high impact information system.✓ Correct
NIST SP 800-53 provides three security control baselines (Low, Moderate, High). These are pre-defined sets of controls intended to protect systems based on their impact level.
Common mistakes
Confusing baseline with the full catalog.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard