Suggested Answer:The Answer: "acceptance phase". Note the question asks about an "evaluation report" - which details how the system evaluated, and an "accreditation statement"🗳️
which describes the level the system is allowed to operate at. Because those two activities are a part of testing and testing is a part of the acceptance phase, the only answer above that can be correct is "acceptance phase". The other answers are not correct because: The "project initiation and planning phase" is just the idea phase. Nothing has been developed yet to be evaluated, tested, accredited, etc. The "system design specification phase" is essentially where the initiation and planning phase is fleshed out. For example, in the initiation and planning phase, we might decide we want the system to have authentication. In the design specification phase, we decide that that authentication will be accomplished via username/ password. But there is still nothing actually developed at this point to evaluate or accredit. The "development & documentation phase" is where the system is created and documented. Part of the documentation includes specific evaluation and accreditation criteria. That is the criteria that will be used to evaluate and accredit the system during the "acceptance phase". In other words - you cannot evaluate or accredit a system that has not been created yet. Of the four answers listed, only the acceptance phase is dealing with an existing system. The others deal with planning and creating the system, but the actual system isn't there yet. Reference: Official ISC2 Guide Page: 558 - 559 All in One Third Edition page: 832 - 833 (recommended reading)
Once your solution has been reviewed by stakeholders and peers, all engineering docs have been verified and tested good to go, it will move to the accreditation phase. Once you pass this phase, your solution will be granted Accreditation and from there, your solution is stamped with an acceptance by all stakeholders.
The security evaluation report and accreditation statement are typically produced in the:
D. Acceptance phase.
During the acceptance phase of the system development life cycle (SDLC), the system is evaluated thoroughly to ensure that it meets all the specified requirements, including security standards and protocols. This phase involves testing, validation, and verification of the system's functionality, performance, and security. The security evaluation report and accreditation statement are crucial documents generated during this phase to confirm that the system has met the required security standards and is ready for deployment or implementation.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
o0cscore0o
8 months, 1 week agonanson
1 year ago