The authorization decision is the explicit responsibility of which organizational Official? Response:

• A.The Accreditation Official (AO)
• B.The Information System Owner (ISO)
• C.The Chief Information Officer (CIO)
• D.The Common Control Provider (CCP)

Comment: *

Name: *

Email: *

Verification: *

The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase? Each correct answer represents a complete solution.
Choose all that apply.
Response:

• A.Certification analysis
• B.Assessment of the Analysis Results
• C.Configuring refinement of the SSAA
• D.System development
• E.Registration

Comment: *

Name: *

Email: *

Verification: *

Who is primarily responsible for the withdrawal and decommissioning of and information system?
Response:

• A.Senior Information System Security Officer
• B.Information System Owner
• C.Security Architect
• D.Information System Security Engineer

Comment: *

Name: *

Email: *

Verification: *

Normally the requirements documented in the __________ ________ document will formulate the scope of SCA testing.
Response:

• A.Remediation plan
• B.Contingency Plan
• C.Security Plan
• D.Assessment Plan

Comment: *

Name: *

Email: *

Verification: *

The RMF Step and task where a Continuous Monitoring strategy that monitors the effectiveness of the selected security controls is created.
Response:

• A.RMF Step 2, Task 2
• B.RMF Step 2, Task 3
• C.RMF Step 2, Task 1
• D.RMF Step 1, Task 3

Comment: *

Name: *

Email: *

Verification: *