CAS-003 Question #71: Real Exam Question with Answer & Explanation

The correct answer is D: Ongoing authorization. Ongoing assessment and authorization is often referred to as continuous monitoring. It is a process that determines whether the set of deployed security controls in an information system continue to be effective with regards to planned and unplanned changes that occur in the syst

Question

An assessor identifies automated methods for identifying security control compliance through validating sensors at the endpoint and at Tier 2. Which of the following practices satisfy continuous monitoring of authorized information systems?

Options

AIndependent verification and validation
BSecurity test and evaluation
CRisk assessment
DOngoing authorization

Explanation

Ongoing assessment and authorization is often referred to as continuous monitoring. It is a process that determines whether the set of deployed security controls in an information system continue to be effective with regards to planned and unplanned changes that occur in the system and its environment over time. Continuous monitoring allows organizations to evaluate the operating effectiveness of controls on or near a real-time basis. Continuous monitoring enables the enterprise to detect control failures quickly because it transpires immediately or closely after events in which the key controls are

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice