CSSLP · Question #26
CSSLP Question #26: Real Exam Question with Answer & Explanation
The correct answer is C: Certification and accreditation (C&A). Certification and Accreditation (C&A) is the process that culminates in an agreement between key players that a system provides adequate protection controls in its current configuration and operation.
Question
Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls?
Options
- AInformation Assurance (IA)
- BInformation systems security engineering (ISSE)
- CCertification and accreditation (C&A)
- DRisk Management
Explanation
Certification and Accreditation (C&A) is the process that culminates in an agreement between key players that a system provides adequate protection controls in its current configuration and operation.
Common mistakes.
- A. Information Assurance (IA) is a broader concept encompassing the measures taken to protect and defend information and information systems, rather than a specific process culminating in system approval.
- B. Information systems security engineering (ISSE) is the process of integrating security into the system development lifecycle, focusing on design and implementation throughout the engineering phases.
- D. Risk Management is the overall process of identifying, assessing, and mitigating risks to an organization's assets, which is a continuous activity and a fundamental component of C&A, but not the final agreement itself.
Concept tested. System security Certification and Accreditation (C&A)
Reference. https://csrc.nist.gov/glossary/term/certification_and_accreditation
Topics
Community Discussion
No community discussion yet for this question.