New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSEP Exam - Topic 4 Question 57 Discussion

Actual exam question for ISC2's ISSEP exam
Question #: 57
Topic #: 4
[All ISSEP Questions]

Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for

acceptability, and prepares the final security accreditation package?

Show Suggested Answer Hide Answer
Suggested Answer: D

The various phases of NIST SP 800-37 C&A are as follows:

Phase 1: Initiation- This phase includes preparation, notification and resource identification. It

performs the security plan analysis,

update, and acceptance.

Phase 2: Security Certification- The Security certification phase evaluates the controls and

documentation.

Phase 3: Security Accreditation- The security accreditation phase examines the residual risk for

acceptability, and prepares the final

security accreditation package.

Phase 4: Continuous Monitoring-This phase monitors the configuration management and control,

ongoing security control verification,

and status reporting and documentation.


by Louvenia at Sep 19, 2022, 09:19 AM

Limited Time Offer

25%

Off

Get Premium ISSEP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Elliot
4 months ago
Residual risk is key in Security Accreditation, no doubt!
upvoted 0 times
...
Sophia
4 months ago
Wait, are we sure about that? Seems a bit off.
upvoted 0 times
...
Fallon
4 months ago
Totally agree, it's all about that final package.
upvoted 0 times
...
Edelmira
4 months ago
I thought it was Security Certification!
upvoted 0 times
...
Lawanda
4 months ago
It's definitely the Security Accreditation phase.
upvoted 0 times
...
Vashti
5 months ago
I'm leaning towards Security Accreditation too, but I could see how someone might confuse it with the Security Certification phase.
upvoted 0 times
...
Stevie
5 months ago
Continuous Monitoring seems like it would be involved, but I don't recall it being the one that prepares the final accreditation package.
upvoted 0 times
...
Asuncion
5 months ago
I remember practicing a question similar to this, and I think Security Certification is more about the actual testing, not the final package.
upvoted 0 times
...
Wayne
5 months ago
I think the phase that deals with residual risk is Security Accreditation, but I'm not entirely sure.
upvoted 0 times
...
Rutha
5 months ago
Okay, I know the chmod command is used to change file permissions, and the numbers represent the permissions. I think I can figure this out.
upvoted 0 times
...
Laurel
5 months ago
This one seems pretty straightforward. I'm pretty confident the answer is C - Java bytecode can run on any platform that has the Java Runtime Environment.
upvoted 0 times
...

Save Cancel