Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

ISC2 Exam ISSEP Topic 4 Question 4 Discussion

Actual exam question for ISC2's ISSEP exam
Question #: 4
Topic #: 4
[All ISSEP Questions]

Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls?

Show Suggested Answer Hide Answer
Suggested Answer: A

Certification and accreditation (C&A) is a set of processes that culminate in an agreement between key players that a system in its current configuration and operation provides adequate protection controls.

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is

a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a

system is in operation. The C&A process is used extensively in the U.S. Federal Government. Some

C&A processes include FISMA, NIACAP, DIACAP, and DCID 6/3.

Certification is a comprehensive assessment of the management, operational, and technical security

controls in an information system, made in support of security accreditation, to determine the

extent to which the controls are implemented correctly, operating as intended, and producing the

desired outcome with respect to meeting the security requirements for the system.

Accreditation is the official management decision given by a senior agency official to authorize

operation of an information system and to explicitly accept the risk to agency operations (including

mission, functions, image, or reputation), agency assets, or individuals, based on the implementation

of an agreed-upon set of security controls.

Answer option B is incorrect. Risk management is a set of processes that ensures a risk-based

approach is used to determine adequate, cost-effective security for a system.

Answer option D is incorrect. Information assurance (IA) is the process of organizing and monitoring

information-related risks. It ensures that only the approved users have access to the approved

information at the approved time. IA practitioners seek to protect and defend information and

information systems by ensuring confidentiality, integrity, authentication, availability, and non-

repudiation. These objectives are applicable whether the information is in storage, processing, or

transit, and whether threatened by an attack.

Answer option C is incorrect. ISSE is a set of processes and solutions used during all phases of a

system's life cycle to meet the system's information protection needs.


by Andra at May 06, 2022, 04:45 PM

Limited Time Offer

25%

Off

Get Premium ISSEP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!


Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77