Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam
Go to Exam

Exam CSSLP topic 2 question 34 discussion

Actual exam question from ISC's CSSLP
Question #: 34
Topic #: 2
[All CSSLP Questions]

In which of the following phases of the DITSCAP process does Security Test and Evaluation (ST&E) occur?

  • A. Phase 2
  • B. Phase 4
  • C. Phase 3
  • D. Phase 1
Show Suggested Answer Hide Answer
Suggested Answer: Explanation: Security Test and Evaluation (ST&E) occurs in Phase 3 of the DITSCAP C&A process. Answer: D is incorrect. The Phase 1 of DITSCAP C&A is 🗳️
known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. The Phase 1 starts with the input of the mission need. This phase comprises three process activities: obtain a fully integrated system for certification testing and accreditation. This phase takes place between the signing of the initial version of the SSAA and the formal accreditation of the system. This phase verifies security requirements during system development. The process activities of this phase are as follows:
DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in the Phase 3. The goal of this phase is to continue to operate and manage the system and to ensure that it will maintain an acceptable level of residual risk. The process activities of this phase are as follows: System operations Security operations Maintenance of the SSAA Change management Compliance validation
by 74gjd_37 at Sept. 30, 2023, 8:49 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
DiPalma184
2 months, 3 weeks ago
Selected Answer: C
In the DITSCAP (DoD Information Technology Security Certification and Accreditation Process), Phase 3 is known as the Validation Phase, where Security Test and Evaluation (ST&E) occurs. This phase involves verifying that the security controls are implemented correctly and operate as intended, and that they meet the security requirements. ST&E is a crucial activity to assess the effectiveness of the security controls in protecting the information system.
upvoted 1 times
...
74gjd_37
1 year, 1 month ago
Selected Answer: B
Security Test and Evaluation (ST&E) occurs in Phase 4 of the DITSCAP process. So, the answer is B. DITSCAP stands for "DoD Information Technology Security Certification and Accreditation Process". It is a formal process used by the United States Department of Defense (DoD) to certify and accredit information systems before they are put into operation. The DITSCAP process provides a standard methodology for evaluating the security posture of DoD information systems, ensuring that appropriate security controls are implemented, tested, and validated before an authorization to operate (ATO) is granted.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel