Exam CSSLP topic 2 question 40 discussion

Actual exam question from ISC's CSSLP

Question #: 40
Topic #: 2

You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A methodology, which is based on four well defined phases. In which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occur?

A. Security Accreditation
B. Security Certification
C. Continuous Monitoring
D. Initiation

Show Suggested Answer

Suggested Answer: D 🗳️
The various phases of NIST SP 800-37 C&A are as follows: Phase 1: Initiation- This phase includes preparation, notification and resource identification. It performs the security plan analysis, update, and acceptance. Phase 2: Security Certification- The Security certification phase evaluates the controls and documentation. Phase 3: Security Accreditation- The security accreditation phase examines the residual risk for acceptability, and prepares the final security accreditation package. Phase 4: Continuous Monitoring-This phase monitors the configuration management and control, ongoing security control verification, and status reporting and documentation.

by 74gjd_37 at Sept. 30, 2023, 9:02 p.m.

Comments

Submit Cancel

74gjd_37

5 months, 2 weeks ago

Selected Answer: D

The answer is D. Initiation. The security categorization occurs in the initiation phase of NIST SP 800-37 C&A methodology. During this phase, an organization identifies its information system and assigns each system a security category based on the potential impact resulting from the loss of confidentiality, integrity, or availability of information processed, stored, or transmitted by that system.

upvoted 1 times

...

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam

Exam CSSLP topic 2 question 40 discussion

Comments

74gjd_37

SY0-701