New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CSSLP Exam - Topic 6 Question 58 Discussion

Actual exam question for ISC2's CSSLP exam
Question #: 58
Topic #: 6
[All CSSLP Questions]

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives?

Show Suggested Answer Hide Answer
Suggested Answer: B

NIST SP 800-26 (Security Self-Assessment Guide for Information Technology Systems) provides a guideline on questionnaires and checklists

through which systems can be evaluated for compliance against specific control objectives.

Answer A, E, C, D, and F are incorrect. NIST has developed a suite of documents for conducting Certification & Accreditation (C&A).

These documents are as follows:

NIST Special Publication 800-37: This document is a guide for the security certification and accreditation of Federal Information

Systems.

NIST Special Publication 800-53: This document provides a guideline for security controls for Federal Information Systems.

NIST Special Publication 800-53A. This document consists of techniques and procedures for verifying the effectiveness of security

controls in Federal Information System.

NIST Special Publication 800-59: This document is a guideline for identifying an information system as a National Security System.

NIST Special Publication 800-60: This document is a guide for mapping types of information and information systems to security

objectives and risk levels.


by Jerry at Oct 15, 2022, 09:32 AM

Limited Time Offer

25%

Off

Get Premium CSSLP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Billy
4 months ago
800-26 is also a good guess, but I lean towards 53A.
upvoted 0 times
...
Noel
4 months ago
Wait, are we sure about 800-53A? Sounds too specific.
upvoted 0 times
...
Jaclyn
4 months ago
I agree, 800-53A is the right one!
upvoted 0 times
...
Nettie
4 months ago
Definitely not 800-37, that's for risk management!
upvoted 0 times
...
Zena
4 months ago
I think it's NIST SP 800-53A.
upvoted 0 times
...
Glory
5 months ago
I thought NIST SP 800-53 was more about the controls themselves rather than evaluation methods, so I'm leaning towards SP 800-53A.
upvoted 0 times
...
Ernie
5 months ago
NIST SP 800-53A sounds familiar for checklists, but I also feel like SP 800-37 was mentioned in a similar context during our practice sessions.
upvoted 0 times
...
Johana
5 months ago
I remember studying NIST SP 800-26 for compliance, but I can't recall if it specifically covers questionnaires.
upvoted 0 times
...
Margret
5 months ago
I think NIST SP 800-53A might be the right one since it focuses on assessment and evaluation, but I'm not entirely sure.
upvoted 0 times
...
Olive
5 months ago
I'm a bit confused by this question. Is it talking about the user's login time, or the time before the computer locks the screen? I'm going to have to read it over again and see if I can figure out the right answer.
upvoted 0 times
...
Hector
5 months ago
I'm a bit confused by the options here. I'll need to carefully review my notes on this topic to determine the best answer.
upvoted 0 times
...
Milly
5 months ago
I'm a bit confused by this question. I'll need to review my notes on WildFire to see if I can figure out the right answer.
upvoted 0 times
...
Marshall
5 months ago
Maintenance could be the final step, since you'd need to keep the plan updated and ready to go in case it needs to be used.
upvoted 0 times
...
Leatha
5 months ago
Okay, let me see here. The question is asking about what happens when a controller fails, and the APs become orphaned. I think the key is to understand how the mobility group handles that scenario.
upvoted 0 times
...

Save Cancel