CISSP-ISSEP · Question #32
Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques and measures selected
The correct answer is A. Security Control Assessment Task 3. Security Control Assessment Task 3 is the execution phase where the assessor actually performs the evaluation - testing operational (people/procedures), technical (hardware/software), and management (policy/planning) controls using the techniques and measures (interviews, examina
Question
Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques and measures selected or developed?
Options
- ASecurity Control Assessment Task 3
- BSecurity Control Assessment Task 1
- CSecurity Control Assessment Task 4
- DSecurity Control Assessment Task 2
How the community answered
(21 responses)- A95% (20)
- D5% (1)
Explanation
Security Control Assessment Task 3 is the execution phase where the assessor actually performs the evaluation - testing operational (people/procedures), technical (hardware/software), and management (policy/planning) controls using the techniques and measures (interviews, examinations, tests) identified in the assessment plan. Tasks 1 and 2 are preparatory: Task 1 covers getting ready for the assessment (reviewing documentation, understanding the system), while Task 2 involves developing the Security Assessment Plan - selecting which techniques to use, but not yet applying them. Task 4 comes after the evaluation, focused on documenting findings and producing the assessment report.
Memory tip: Think of the tasks in sequence - Plan, Plan more, Execute, Document (1=Prep, 2=Plan, 3=Execute, 4=Report). Task 3 is the "doing" step, making it the only one where controls are actively evaluated.
Topics
Community Discussion
No community discussion yet for this question.