Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation? Each correct answer represents a complete solution. Choose two.

• A.Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• B.Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• C.Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
• D.Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Comment: *

Name: *

Email: *

Verification: *

Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment?

• A.Phase 2
• B.Phase 4
• C.Phase 1
• D.Phase 3

Comment: *

Name: *

Email: *

Verification: *

Which of the following classification levels defines the information that, if disclosed to the unauthorized parties, could be reasonably expected to cause exceptionally grave damage to the national security?

• A.Secret information
• B.Unclassified information
• C.Confidential information
• D.Top Secret information

Comment: *

Name: *

Email: *

Verification: *

Which of the following governance bodies provides management, operational and technical controls to satisfy security requirements?

• A.Senior Management
• B.Business Unit Manager
• C.Information Security Steering Committee
• D.Chief Information Security Officer

Correct Answer: A

Senior management provides management, operational and technical controls to satisfy security requirements. The governance roles and responsibilities are mentioned below in the table:

Comment: *

Name: *

Email: *

Verification: *

Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

• A.Single Loss Expectancy (SLE)
• B.Annualized Rate of Occurrence (ARO)
• C.Safeguard
• D.Exposure Factor (EF)

Comment: *

Name: *

Email: *

Verification: *