nerdexam
ExamsCSSLPQuestions#134
(ISC)2(ISC)2

CSSLP · Question #134

CSSLP Question #134: Real Exam Question with Answer & Explanation

The correct answer is C: Phase 3. In the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP), Security Test and Evaluation (ST&E) is conducted during Phase 3, known as the Certification phase. This phase assesses the system's security controls and validates thei

Secure Software Testing

Question

In which of the following phases of the DITSCAP process does Security Test and Evaluation (ST&E) occur?

Options

  • APhase 2
  • BPhase 4
  • CPhase 3
  • DPhase 1

Explanation

In the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP), Security Test and Evaluation (ST&E) is conducted during Phase 3, known as the Certification phase. This phase assesses the system's security controls and validates their implementation.

Common mistakes.

  • A. Phase 2 (Definition) focuses on defining the system security requirements and architecture, not on performing the ST&E.
  • B. Phase 4 (Post Accreditation) involves continuous monitoring and managing changes after the system has received its accreditation, not the initial ST&E.
  • D. Phase 1 (Initiation) involves identifying system boundaries and initiating the C&A process, which precedes the detailed testing.

Concept tested. DITSCAP phases - Certification

Topics

#DITSCAP#Security Test and Evaluation#Certification and Accreditation#Security Assessment

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CSSLP PracticeBrowse All CSSLP Questions