nerdexam
(ISC)2

CISSP-ISSEP · Question #31

Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing

The correct answer is C. Phase 4, Post Accreditation Phase. Phase 4, Post Accreditation, is correct because it is the only phase focused on maintaining a system after it has already been accredited - covering ongoing operations, configuration management, and responding to evolving threats throughout the system's life cycle. Phase 1 (Defin

Security Operations

Question

Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle?

Options

  • APhase 1, Definition
  • BPhase 3, Validation
  • CPhase 4, Post Accreditation Phase
  • DPhase 2, Verification

How the community answered

(39 responses)
  • A
    3% (1)
  • B
    5% (2)
  • C
    90% (35)
  • D
    3% (1)

Explanation

Phase 4, Post Accreditation, is correct because it is the only phase focused on maintaining a system after it has already been accredited - covering ongoing operations, configuration management, and responding to evolving threats throughout the system's life cycle.

Phase 1 (Definition) is wrong because it deals with establishing the scope, security requirements, and the C&A agreement before any real development or deployment begins. Phase 2 (Verification) is wrong because it focuses on confirming that security requirements are met during system development or modification. Phase 3 (Validation) is wrong because it validates that the fully integrated system complies with security policy just before the accreditation decision is made - it's a pre-accreditation checkpoint, not an ongoing process.

Memory tip: Think of the phases in order - Define it, Verify it's built right, Validate it's ready, then Post-accreditation Preserves it. The word "Post" literally means "after accreditation," which maps directly to ongoing operation and managing threats over time.

Topics

#DITSCAP#Certification and Accreditation#Continuous Monitoring#System Life Cycle

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice