New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CSSLP Exam - Topic 10 Question 20 Discussion

Actual exam question for ISC2's CSSLP exam
Question #: 20
Topic #: 10
[All CSSLP Questions]

Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package?

Show Suggested Answer Hide Answer
Suggested Answer: A

The various phases of NIST SP 800-37 C&A are as follows:

Phase 1: Initiation- This phase includes preparation, notification and resource identification. It performs the security plan analysis,

update, and acceptance.

Phase 2: Security Certification- The Security certification phase evaluates the controls and documentation.

Phase 3: Security Accreditation- The security accreditation phase examines the residual risk for acceptability, and prepares the final

security accreditation package.

Phase 4: Continuous Monitoring-This phase monitors the configuration management and control, ongoing security control verification,

and status reporting and documentation.


by Deonna at May 07, 2022, 01:42 PM

Limited Time Offer

25%

Off

Get Premium CSSLP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lizette
4 months ago
I agree, Security Accreditation is where they wrap it all up!
upvoted 0 times
...
Tu
4 months ago
Wait, are we sure about that? Sounds a bit off.
upvoted 0 times
...
Darci
4 months ago
Yeah, Security Accreditation makes sense for final packages.
upvoted 0 times
...
Theron
4 months ago
I thought it was Security Certification, but I guess not.
upvoted 0 times
...
Donte
5 months ago
It's definitely the Security Accreditation phase!
upvoted 0 times
...
Tawanna
5 months ago
I feel like Security Accreditation is the right answer, but I can’t recall the specifics of why it’s different from the Certification phase.
upvoted 0 times
...
Janine
5 months ago
I’m a bit confused; I thought Continuous Monitoring was more about ongoing assessments rather than finalizing anything.
upvoted 0 times
...
Mila
5 months ago
I remember practicing a question like this, and I think it was about Security Accreditation preparing the final package.
upvoted 0 times
...
Glenna
5 months ago
I think the phase that deals with residual risk is the Security Certification, but I'm not entirely sure.
upvoted 0 times
...
Shaniqua
5 months ago
I'm a bit confused by the wording of the question. Is it asking about enabling automatic tuning at the server level or the database level? The options seem to be a mix of server and database-level actions, so I'll need to double-check the requirements.
upvoted 0 times
...
Taryn
5 months ago
The question is a bit confusing with all the IP address details. I'll need to read through it carefully to make sure I understand the right command to use.
upvoted 0 times
...
Jose
5 months ago
I'm leaning towards HR managers as the best answer. They provide important support functions without being directly involved in the core operations. But I'm not 100% sure, so I'll have to double-check my notes to be certain.
upvoted 0 times
...
Francesco
5 months ago
Ah, I remember learning about this in class. Removing or adding a field with a default is considered a forward schema evolution, since it's compatible with existing data.
upvoted 0 times
...

Save Cancel