ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam
Go to Exam

Exam CSSLP topic 1 question 79 discussion

Actual exam question from ISC's CSSLP
Question #: 79
Topic #: 1
[All CSSLP Questions]

Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task?

  • A. Initiation
  • B. Security Certification
  • C. Continuous Monitoring
  • D. Security Accreditation
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
The various phases of NIST SP 800-37 C&A are as follows:
Phase 1: Initiation- This phase includes preparation, notification and resource identification. It performs the security plan analysis, update, and acceptance. Phase
2: Security Certification- The Security certification phase evaluates the controls and documentation. Phase 3: Security Accreditation- The security accreditation phase examines the residual risk for acceptability, and prepares the final security accreditation package. Phase 4: Continuous Monitoring-This phase monitors the configuration management and control, ongoing security control verification, and status reporting and documentation.
by 74gjd_37 at Sept. 30, 2023, 3:54 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
74gjd_37
5 months, 2 weeks ago
Selected Answer: C
C. The phase of NIST SP 800-37 C&A methodology that defines the task mentioned is Continuous Monitoring. In this phase, configuration management and control procedures are established to document proposed or actual changes to the information system on an ongoing basis through assessments, audits, and reviews. This ensures that security controls remain effective over time and any changes made do not introduce new vulnerabilities or weaken existing safeguards.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago