CGRC Question #499: Real Exam Question with Answer & Explanation

Question

The use of automation to conduct security control assessments should be maximized to do the following except one. Response:

Options

• AEnable authorizing official to have ready access to the current security state of the system and
• BIncrease the speed and overall effectiveness and efficiencies of assessments.
• CSupport ongoing monitoring of system security posture.
• DPermit increased frequency and volume of assessments consistent with the organization's

Explanation

Automation in security control assessments primarily increases the speed, efficiency, and frequency of assessments for continuous monitoring, but it does not directly enable the authorizing official to have ready access to the system's current security state. While automation aids in providing data, the AO's access is facilitated through reporting and dashboarding tools, not the automation process itself.

Common mistakes.

• B. Automation significantly increases the speed, effectiveness, and efficiency of security control assessments by automating repetitive tasks and analysis.
• C. Automated tools are crucial for supporting continuous or ongoing monitoring of a system's security posture by regularly checking controls.
• D. Automation allows organizations to perform security assessments with greater frequency and across a larger volume of systems, aligning with continuous monitoring strategies.

Concept tested. Benefits of Security Automation, Authorization Official role

Reference. https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final

No community discussion yet for this question.