ISC2 Exam ISSEP Topic 3 Question 26 Discussion

Actual exam question for ISC2's Information Systems Security Engineering Professional exam

Question #: 26
Topic #: 3

The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning.

Which of the following processes take place in phase 3? Each correct answer represents a complete

solution. Choose all that apply.

AAgree on a strategy to mitigate risks.

BEvaluate mitigation progress and plan next assessment.

CIdentify threats, vulnerabilities, and controls that will be evaluated.

DDocument and implement a mitigation plan.

Show Suggested Answer

Suggested Answer: A, B, D

The phase 3 of Risk Management Framework (RMF) process is known as mitigation planning. The

goal of this phase is to determine which risks will be addressed in the final mitigation strategy by

using the risk statements created in phase 2. The following processes take place in this

phase:

Process 1: Agree on a strategy to mitigate risks.

Process 2: Document and implement mitigation plan.

Process 3: Evaluate mitigation progress and plan next assessment.

Answer option C is incorrect. This process takes place in phase 0.

by Gearldine at May 06, 2022, 12:14 PM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!