New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSAP Exam - Topic 5 Question 5 Discussion

Actual exam question for ISC2's ISSAP exam
Question #: 5
Topic #: 5
[All ISSAP Questions]

Which of the following are the phases of the Certification and Accreditation (C&A) process?

Each correct answer represents a complete solution. Choose two.

Show Suggested Answer Hide Answer
Suggested Answer: B, C

1.Initiation

2.Security Certification

3.Security Accreditation

4.Continuous Monitoring

The C&A activities can be applied to an information system at appropriate phases in the system development life cycle by selectively tailoring

the various tasks and subtasks.

Answer options D and A are incorrect. Auditing and detection are not phases of the Certification and Accreditation process.


by Tawna at May 03, 2022, 08:49 AM

Limited Time Offer

25%

Off

Get Premium ISSAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ellsworth
4 months ago
Yeah, I agree with Initiation and Continuous Monitoring!
upvoted 0 times
...
Rory
4 months ago
Wait, are you guys sure about Continuous Monitoring?
upvoted 0 times
...
Bette
4 months ago
Initiation is a phase, for sure!
upvoted 0 times
...
Gerald
4 months ago
I thought Auditing was part of it too?
upvoted 0 times
...
Gilma
5 months ago
Continuous Monitoring is definitely one of them.
upvoted 0 times
...
Julene
5 months ago
I’m leaning towards Continuous Monitoring and Initiation, but I have a nagging feeling about Auditing being important too.
upvoted 0 times
...
Arletta
5 months ago
I practiced a similar question, and I think Detection was mentioned there, but it feels like it could be a trick option.
upvoted 0 times
...
Beatriz
5 months ago
I remember studying the C&A process, and I feel like Auditing might be related, but I can't recall if it's an actual phase.
upvoted 0 times
...
Karol
5 months ago
I think Continuous Monitoring is definitely one of the phases, but I'm not sure about the second one. Maybe Initiation?
upvoted 0 times
...
Merlyn
5 months ago
Okay, I think I've got this. Implementing ARP ACLs and enabling ARP inspection on the end-user VLAN should be the minimum steps to mitigate the invalid MAC address issue.
upvoted 0 times
...
Carman
5 months ago
This looks straightforward to me. I'm pretty confident I can identify the product and project risks based on the descriptions provided.
upvoted 0 times
...
Sherell
5 months ago
If I recall correctly, Citrix Virtual Apps and Desktops could be tied into ADM implementation, but I really can't remember the details.
upvoted 0 times
...
Jamie
5 months ago
There was a practice question similar to this, and I think the bank needs to have a comprehensive risk assessment for all transactions, not just new ones.
upvoted 0 times
...

Save Cancel