HCISPP · Question #33
Which of the following BEST describes the purpose of performing security certification?
The correct answer is B. To formalize the confirmation of compliance to security policies and standards. Security certification is the formal process of confirming that a system meets defined security policies, standards, and requirements - making B the correct answer. It's about documented, official compliance confirmation, not about discovering new risks or threats. Why the distra
Question
Which of the following BEST describes the purpose of performing security certification?
Options
- ATo identify system threats, vulnerabilities, and acceptable level of risk
- BTo formalize the confirmation of compliance to security policies and standards
- CTo formalize the confirmation of completed risk mitigation and risk analysis
- DTo verify that system architecture and interconnections with other systems are effectively
How the community answered
(45 responses)- A7% (3)
- B73% (33)
- C4% (2)
- D16% (7)
Explanation
Security certification is the formal process of confirming that a system meets defined security policies, standards, and requirements - making B the correct answer. It's about documented, official compliance confirmation, not about discovering new risks or threats.
Why the distractors are wrong:
- A describes risk assessment (threat modeling and vulnerability analysis), which is a precursor to certification, not certification itself.
- C describes accreditation more closely - the sign-off after risk mitigation is complete; certification validates compliance, not that risk has been fully mitigated.
- D is incomplete and describes architecture review or system integration testing, which is a technical verification activity, not a formal compliance confirmation.
Memory tip: Think of certification like a diploma - it formally certifies you met the curriculum (policies/standards). You don't get a diploma by finding threats (A), finishing remediation (C), or drawing a network diagram (D).
Topics
Community Discussion
No community discussion yet for this question.