CSSLP · Question #273
CSSLP Question #273: Real Exam Question with Answer & Explanation
The correct answer is A: Assessment, monitoring, and assurance. In the LeGrand Vulnerability-Oriented Risk Management method, the 'Assessment, monitoring, and assurance' step is responsible for evaluating the compliance of risk management practices and continuously assessing current risk levels to ensure ongoing security.
Question
Which of the following steps of the LeGrand Vulnerability-Oriented Risk Management method determines the necessary compliance offered by risk management practices and assessment of risk levels?
Options
- AAssessment, monitoring, and assurance
- BVulnerability management
- CRisk assessment
- DAdherence to security standards and policies for development and deployment
Explanation
In the LeGrand Vulnerability-Oriented Risk Management method, the 'Assessment, monitoring, and assurance' step is responsible for evaluating the compliance of risk management practices and continuously assessing current risk levels to ensure ongoing security.
Common mistakes.
- B. Vulnerability management focuses specifically on identifying, prioritizing, and remediating vulnerabilities, which is a sub-component of risk management, but not the overall determination of compliance and assurance.
- C. Risk assessment is the process of identifying and analyzing risks, which is part of determining risk levels, but does not encompass the broader compliance and ongoing assurance aspects mentioned in the question.
- D. Adherence to security standards and policies is an objective or a desired state to be achieved, rather than a step that performs the actual determination of compliance and assessment of risk levels itself.
Concept tested. LeGrand Vulnerability-Oriented Risk Management steps
Topics
Community Discussion
No community discussion yet for this question.