exam questions

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam

Exam CSSLP topic 1 question 53 discussion

Actual exam question from ISC's CSSLP
Question #: 53
Topic #: 1
[All CSSLP Questions]

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation? Each correct answer represents a complete solution. Choose two.

  • A. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
  • B. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
  • C. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
  • D. Certification is the official management decision given by a senior agency official to authorize operation of an information system.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. The C&A process is used extensively in the U.S. Federal Government. Some
C&A processes include FISMA, NIACAP, DIACAP, and DCID 6/3. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations
(including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
74gjd_37
5 months, 2 weeks ago
Selected Answer: AC
A. Certification is a process that assesses the technical and non-technical security controls of an information system. It evaluates whether these controls are implemented correctly, operating as intended, and producing the desired outcomes. C. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system based on its certification status and residual risk. Accreditation confirms that the system meets security requirements, and it provides authorization to operate for a specific period, subject to ongoing periodic assessments.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago