ISC2 Exam CSSLP Topic 10 Question 20 Discussion

Actual exam question for ISC2's Certified Secure Software Lifecycle Professional exam

Question #: 20
Topic #: 10

[All Certified Secure Software Lifecycle Professional Questions]

Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package?

ASecurity Accreditation

BInitiation

CContinuous Monitoring

DSecurity Certification

Show Suggested Answer

Suggested Answer: A

The various phases of NIST SP 800-37 C&A are as follows:

Phase 1: Initiation- This phase includes preparation, notification and resource identification. It performs the security plan analysis,

update, and acceptance.

Phase 2: Security Certification- The Security certification phase evaluates the controls and documentation.

Phase 3: Security Accreditation- The security accreditation phase examines the residual risk for acceptability, and prepares the final

security accreditation package.

Phase 4: Continuous Monitoring-This phase monitors the configuration management and control, ongoing security control verification,

and status reporting and documentation.

by Deonna at May 07, 2022, 01:42 PM

Limited Time Offer

25%

Off

Get Premium CSSLP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!