Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 712-50 All Questions

View all questions & answers for the 712-50 exam
Go to Exam

Exam 712-50 topic 1 question 418 discussion

Actual exam question from ECCouncil's 712-50
Question #: 418
Topic #: 1
[All 712-50 Questions]

You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation.
Which of the following is NOT documented in the SSP?

  • A. The controls in place to secure the system
  • B. Name of the connected system
  • C. The results of a third-party audits and recommendations
  • D. Type of information used in the system
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Reference:
https://www.govinfo.gov/content/pkg/GOVPUB-C13-63e84ab7af43b36228f10e4f0b5f8c38/pdf/GOVPUB-C13-
63e84ab7af43b36228f10e4f0b5f8c38.pdf
(65)
by arifbhatkar at July 6, 2023, 2:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
johndoe69
4 months, 1 week ago
Selected Answer: C
Reference: NIST Special Publication 800-18 Revision 1: Guide for Developing Security Plans for Federal Information Systems "The SSP should include the system name and identifier, system owner, system operational status, general description/purpose, and the system's security requirements, among other things. However, detailed results of third-party audits and specific audit recommendations are typically documented separately."
upvoted 1 times
...
skaf
1 year, 1 month ago
Selected Answer: D
Usually it's not included in this kind of document
upvoted 1 times
...
chockalingam
1 year, 2 months ago
The system security plan describes the system components that are included within the system, the environment in which the system operates, how the security requirements are implemented, and the relationships with or connections to other systems. https://csrc.nist.gov/glossary/term/information_system_security_plan#:~:text=The%20system%20security%20plan%20describes,or%20connections%20to%20other%20systems.
upvoted 1 times
...
arifbhatkar
1 year, 4 months ago
Selected Answer: B
Option B, "Name of the connected system," is NOT typically documented in the System Security Plan (SSP). The SSP focuses on providing a comprehensive overview of the security controls and measures implemented for the specific system. It includes information such as the security controls in place, the type of information used in the system, the results of third-party audits and recommendations, and other details relevant to the security of the system.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel