nerdexam
(ISC)2

CISSP-ISSEP · Question #1

Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system?

The correct answer is C. Security Control Assessment Task 1. Security Control Assessment Task 1 is the preparation phase, where assessors gather all documentation and supporting materials - such as system security plans, previous assessment results, authorization packages, and other artifacts - needed before the actual assessment begins. T

Risk Management

Question

Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system?

Options

  • ASecurity Control Assessment Task 4
  • BSecurity Control Assessment Task 3
  • CSecurity Control Assessment Task 1
  • DSecurity Control Assessment Task 2

How the community answered

(50 responses)
  • A
    6% (3)
  • B
    2% (1)
  • C
    90% (45)
  • D
    2% (1)

Explanation

Security Control Assessment Task 1 is the preparation phase, where assessors gather all documentation and supporting materials - such as system security plans, previous assessment results, authorization packages, and other artifacts - needed before the actual assessment begins. This foundational step ensures assessors have the information required to understand the system and plan their work.

Why the distractors are wrong:

  • Task 2 (D) focuses on developing the security assessment plan itself - defining scope, methods, and procedures - not gathering initial documentation.
  • Task 3 (B) is where the actual assessment of security controls takes place, using the plan and materials already collected.
  • Task 4 (A) involves documenting and reporting the assessment findings and results.

Memory tip: Think of the tasks in logical order - "Gather, Plan, Assess, Report" (Tasks 1→2→3→4). Task 1 always comes first because you can't plan or assess anything without first gathering what you need to know about the system.

Topics

#Security control assessment#Assessment planning#Documentation#NIST frameworks

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice