PrepAway - Latest Free Exam Questions & Answers

which of the following activities can be involved in the Continuous Monitoring process?

Continuous Monitoring is the fourth phase of the Security Certification and Accreditation process, which of the following activities can be involved in the Continuous Monitoring process?

Each correct answer represents a complete solution. Choose three.

PrepAway - Latest Free Exam Questions & Answers

A.
Security control monitoring

B.
Status reporting and documentation

C.
Configuration Management and Control

D.
Network impact analysis

Explanation:
Continuous monitoring in any system takes place after initial system security accreditation. It involves tracking changes to the information system that occur during its lifetime, and then determines the impact of those changes on the system security. Due to the necessary changes in hardware, software, and firmware during the lifetime of an information system, an evaluation ofthe results of these modifications has to be conducted to determine whether corresponding changes necessarily have to be made to security controls, to bring the system to the desired security state.

Continuous Monitoring is the fourth phase of the Security Certification and Accreditation process.

The Continuous Monitoring process involves the following three activities:

1. Configuration Management and Control
2. Security control monitoring and impact analysis of changes to the information system.
3. Status reporting and documentation

1. Configuration management and control: This activity involves the following functions:
o Documentation of information system changes
o Security impact analysis

2. Security control monitoring: This activity involves the following functions:
o Security control selection
o Selected security control assessment

3. Status reporting and documentation: This activity involves the following functions:
o System security plan update
o Plan of action and milestones update
o Status reporting

The objective of these tasks is to observe and evaluate the information system security controls during the system life cycle. These tasks determine whether the changes that have occurred will negatively impact the system security.

Answer option D is incorrect. It is not a valid activity.


Leave a Reply