Which of the following life cycle modeling activities establishes service relationships and message exchange paths?
Answer(s): A
The service-oriented logical design modeling establishes service relationships and message exchange paths. It also addresses service visibility and crafts service logical compositions.
You have a storage media with some data and you make efforts to remove this data. After performing this, you analyze that the data remains present on the media. Which of the following refers to the above mentioned condition?
Answer(s): D
Data remanence refers to the data that remains even after the efforts have been made for removing or erasing the data. This event occurs because of data being left intact by an insignificant file deletion operation, by storage media reformatting, or through physical properties of the storage medium. Data remanence can make unintentional disclosure of sensitive information possible. So, it is required that the storage media is released into an uncontrolled environment. Answers C and B are incorrect. These are the made-up disasters. Answer A is incorrect. Object reuse refers to reassigning some other object of a storage media that has one or more objects.
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation? Each correct answer represents a complete solution. Choose two.
Answer(s): A,C
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. The C&A process is used extensively in the U.S. Federal Government. Some C&A processes include FISMA, NIACAP, DIACAP, and DCID 6/3. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.
The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply.
Answer(s): A,B,C
The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. The Phase 1 starts with the input of the mission need. This phase comprises three process activities: Document mission need Registration Negotiation Answer D is incorrect. Initial Certification Analysis is a Phase 2 activity.
Which of the following NIST Special Publication documents provides a guideline on network security testing?
NIST SP 800-42 provides a guideline on network security testing. Answers E, D, B, F, and C are incorrect. NIST has developed a suite of documents for conducting Certification & Accreditation (C&A). These documents are as follows: NIST Special Publication 800-37: This document is a guide for the security certification and accreditation of Federal Information Systems. NIST Special Publication 800-53: This document provides a guideline for security controls for Federal Information Systems. NIST Special Publication 800-53A. This document consists of techniques and procedures for verifying the effectiveness of security controls in Federal Information System. NIST Special Publication 800-59: This document is a guideline for identifying an information system as a National Security System. NIST Special Publication 800-60: This document is a guide for mapping types of information and information systems to security objectives and risk levels.
Share your comments for ISC2 CSSLP exam with other users:
easy questions
could you please upload ad0-127 dumps
good content
understanding about joins
please upload oracle cloud infrastructure 2023 foundations associate exam braindumps. thank you.
questions made studying easy and enjoyable, passed on the first try!
has anyone recently attended safe 6.0 exam? did you see any questions from here?
question 13 should be dhcp option 43, right?
the buy 1 get 1 is a great deal. so far i have only gone over exam. it looks promissing. i report back once i write my exam.
is this dump good
good ................
passed
yes going good
good questions for practice
need dump and sap notes for c_s4cpr_2308 - sap certified application associate - sap s/4hana cloud, public edition - sourcing and procurement
question 11: d i personally feel some answers are wrong.
nice questions
looking for c1000-158: ibm cloud technical advocate v4 questions
can you share the pdf
admin ii is real technical stuff
could you post the link
hello send me dumps
it is very nice
i gave the amazon dva-c02 tests today and passed. very helpful.
there is an incorrect word in the problem statement. for example, in question 1, there is the word "speci c". this is "specific. in the other question, there is the word "noti cation". this is "notification. these mistakes make this site difficult for me to use.
passed my az-120 certification exam today with 90% marks. studied using the dumps highly recommended to all.
i need it, plz make it available
q47: intrusion prevention system is the correct answer, not patch management. by definition, there are no patches available for a zero-day vulnerability. the way to prevent an attacker from exploiting a zero-day vulnerability is to use an ips.
this is simple but tiugh as well
questão 4, segundo meu compilador local e o site https://www.jdoodle.com/online-java-compiler/, a resposta correta é "c" !
its very useful
i mastered my skills and aced the comptia 220-1102 exam with a score of 920/1000. i give the credit to for my success.
real questions
very helpful assessments