Exam CISSP topic 1 question 339 discussion

Agree with D.

Vote for D

The report which contains the results of performing a risk assessment or the formal output from the process of assessing risk." https://csrc.nist.gov/glossary/term/risk_assessment_repor

D. Information Security Continuous Monitoring (ISCM) Information Security Continuous Monitoring (ISCM) is a comprehensive process that involves the collection of security-related data and information to assess, analyze, and continuously monitor an organization's security posture. It uses pre-established metrics and leverages information available through implemented security controls to provide ongoing visibility into the effectiveness of an organization's security measures.

D. Information Security Continuous Monitoring (ISCM).

information security continuous monitoring (ISCM): "A program established to collect information in accordance with pre-established metrics, utilizing information readily available in part through implemented security controls." https://csrc.nist.gov/glossary/term/information_security_continuous_monitoring_program

It says it word for word on nist's official site. https://csrc.nist.gov/glossary/term/information_security_continuous_monitoring_program

Answer is C "The report which contains the results of performing a risk assessment or the formal output from the process of assessing risk." https://csrc.nist.gov/glossary/term/risk_assessment_report

Agree with D

C is correct, according to "available in part through implemented security controls"

D is the correct answer accorhttps://csrc.nist.gov/glossary/term/information_security_continuous_monitoring_program#:~:text=Definition(s)%3A,part%20through%20implemented%20security%20controls.ding to nist