nerdexam
(ISC)2

CISSP-ISSEP · Question #32

Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques and measures selected

The correct answer is A. Security Control Assessment Task 3. Security Control Assessment Task 3 is the execution phase where the assessor actually performs the evaluation - testing operational (people/procedures), technical (hardware/software), and management (policy/planning) controls using the techniques and measures (interviews, examina

Risk Management

Question

Which of the following Security Control Assessment Tasks evaluates the operational, technical, and the management security controls of the information system using the techniques and measures selected or developed?

Options

  • ASecurity Control Assessment Task 3
  • BSecurity Control Assessment Task 1
  • CSecurity Control Assessment Task 4
  • DSecurity Control Assessment Task 2

How the community answered

(21 responses)
  • A
    95% (20)
  • D
    5% (1)

Explanation

Security Control Assessment Task 3 is the execution phase where the assessor actually performs the evaluation - testing operational (people/procedures), technical (hardware/software), and management (policy/planning) controls using the techniques and measures (interviews, examinations, tests) identified in the assessment plan. Tasks 1 and 2 are preparatory: Task 1 covers getting ready for the assessment (reviewing documentation, understanding the system), while Task 2 involves developing the Security Assessment Plan - selecting which techniques to use, but not yet applying them. Task 4 comes after the evaluation, focused on documenting findings and producing the assessment report.

Memory tip: Think of the tasks in sequence - Plan, Plan more, Execute, Document (1=Prep, 2=Plan, 3=Execute, 4=Report). Task 3 is the "doing" step, making it the only one where controls are actively evaluated.

Topics

#Security Control Assessment#NIST RMF#Control Evaluation#Assessment Tasks

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice