New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSMP Exam - Topic 3 Question 69 Discussion

Actual exam question for ISC2's ISSMP exam
Question #: 69
Topic #: 3
[All ISSMP Questions]

Which of the following characteristics are described by the DIAP Information Readiness Assessment function? Each correct answer represents a complete solution. Choose all that apply.

Show Suggested Answer Hide Answer
Suggested Answer: B

Physical Configuration Audit (PCA) is one of the practices used in Software Configuration Management for Software Configuration Auditing. The purpose of the software PCA is to ensure that the design and reference documentation is consistent with the as-built software product. PCA checks and matches the really implemented layout with the documented layout.

Answer option D is incorrect. Functional Configuration Audit or FCA is one of the practices used in Software Configuration Management for Software Configuration Auditing. FCA occurs either at delivery or at the moment of effecting the change. A Functional Configuration Audit ensures that functional and performance attributes of a configuration item are achieved.

Answer option C is incorrect. Configuration control is a procedure of the Configuration management. Configuration control is a set of processes and approval stages required to change a configuration item's attributes and to re-baseline them. It supports the change of the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes.

Answer option A is incorrect. Configuration identification is the process of identifying the attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed.


by Jennifer at Jul 03, 2023, 10:52 PM

Limited Time Offer

25%

Off

Get Premium ISSMP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Gladys
3 months ago
Wait, it does all that? I had no idea!
upvoted 0 times
...
Francis
3 months ago
Not sure about D, seems a bit off to me.
upvoted 0 times
...
Altha
4 months ago
C is spot on, it’s all about assessing readiness.
upvoted 0 times
...
Lorrie
4 months ago
I think it also identifies IA requirements.
upvoted 0 times
...
Rupert
4 months ago
Definitely does vulnerability/threat analysis!
upvoted 0 times
...
Dominque
4 months ago
Option D seems off to me; I don't recall DIAP focusing on data storage for individual systems. It feels more about assessment than data management.
upvoted 0 times
...
Viva
4 months ago
I remember practicing a question similar to this, and I think option B is definitely related to generating IA requirements.
upvoted 0 times
...
Georgeanna
5 months ago
I'm not entirely sure about option A; I feel like vulnerability assessments are part of a broader security framework, but I can't recall if DIAP specifically does that.
upvoted 0 times
...
Elenora
5 months ago
I think option C sounds right because it mentions assessing IA readiness, which is a key part of the DIAP function.
upvoted 0 times
...
Karon
5 months ago
I think Jody's got the right idea. The trusted third party is the identity provider, and the member organizations are the relying parties that depend on that provider for authentication and authorization.
upvoted 0 times
...
Daniel
5 months ago
Okay, let's see. The CIO/CISO would likely want a high-level, comprehensive view of the organization's health, so I'm leaning towards option C - single, clear indicators of organizational health.
upvoted 0 times
...
Renea
5 months ago
Hmm, option D says 'all of the above'. That usually means the other three options are probably all correct. I'm leaning towards D.
upvoted 0 times
...
Mirta
10 months ago
I'm not sure about D, but I think A, B, and C are definitely part of the DIAP Information Readiness Assessment function.
upvoted 0 times
...
Julio
10 months ago
This is a tricky one, but I'm going to go with B, C, and D. Can't go wrong with requirements, readiness, and system data!
upvoted 0 times
Deeanna
8 months ago
User4: Yeah, A might not be necessary for the Information Readiness Assessment function.
upvoted 0 times
...
Jordan
8 months ago
User3: I'm not sure about A, but B, C, and D sound right to me.
upvoted 0 times
...
Essie
8 months ago
User2: I agree, those options cover requirements, readiness, and system data.
upvoted 0 times
...
Herman
8 months ago
User1: I think B, C, and D are the correct characteristics.
upvoted 0 times
...
Julieta
8 months ago
User 4: Yeah, A might not be necessary for the Information Readiness Assessment function.
upvoted 0 times
...
Val
8 months ago
User 3: I'm not sure about A, but B, C, and D seem right to me.
upvoted 0 times
...
Claribel
8 months ago
User 2: I agree, those options cover requirements, readiness, and system data.
upvoted 0 times
...
Sylvie
9 months ago
User 1: I think B, C, and D are correct.
upvoted 0 times
...
...
Lorriane
10 months ago
I agree with Yvonne. A, B, and C make sense because they are all related to assessing IA readiness.
upvoted 0 times
...
Yvonne
10 months ago
I think A, B, and C are described by the DIAP Information Readiness Assessment function.
upvoted 0 times
...
Erasmo
10 months ago
I'm not sure about D, but I think A, B, and C are definitely part of the characteristics described by the DIAP Information Readiness Assessment function.
upvoted 0 times
...
Yan
10 months ago
I agree with In. A, B, and C make sense because they all relate to assessing IA readiness.
upvoted 0 times
...
In
10 months ago
I think A, B, and C are described by the DIAP Information Readiness Assessment function.
upvoted 0 times
...
Lashaunda
11 months ago
Hmm, I'm leaning towards B, C, and D. Identifying IA requirements and providing data for accurate readiness assessment sounds like the key features here.
upvoted 0 times
Carrol
9 months ago
I think we can all agree that all options are important for a comprehensive Information Readiness Assessment function.
upvoted 0 times
...
Jenifer
9 months ago
I see your point, but I still believe B, C, and D are the main characteristics described by the function.
upvoted 0 times
...
Penney
10 months ago
I think A is also crucial because vulnerability/threat analysis is essential for readiness assessment.
upvoted 0 times
...
Ora
10 months ago
I agree, B, C, and D are important for the DIAP Information Readiness Assessment function.
upvoted 0 times
...
...
Walker
11 months ago
Aha! I think A and C are the way to go. Vulnerability/threat analysis and assessing IA readiness - that's the core of this function.
upvoted 0 times
...
Rochell
11 months ago
The DIAP Information Readiness Assessment function seems to cover a lot of ground. I'm pretty sure C and D are correct, but I'm not sure about A and B.
upvoted 0 times
...

Save Cancel