26 Aug Practice Test Question-Encryption Standards

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Carla is selecting a hardware security module (HSM) for use by her organization. She is em-ployed by an agency of the U.S. federal government and must ensure that the technology she chooses meets applicable federal standards for cryptographic systems. What publication would best help her determine these requirements? A. NIST 800-53 B. NIST 800-171 C. Common Criteria D. FIPS 140-2 Correct Answer: D This is a tricky question because all of these publications may have some relevance to Carla’s work. NIST 800-53 provides general cybersecurity standards for federal agencies while NIST 800-171 applies specifically to the use of controlled unclassified information (CUI). The Common Criteria (CC) provide a certification process for hardware and software products. However, the most relevant standards is FIPS 140-2, the Security Requirements for Cryptographic Modules. This guidance is specific to the cryptographic requirements of systems such as HSMs and would have the most directly relevant guidance. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...