Secure Software Lifecycle Professional – CSSLP – Question137
In which of the following DIACAP phases is residual risk analyzed? A. Phase 1 B. Phase 5 C. Phase 2 D. Phase 4 E. Phase 3
Correct Answer: D
Explanation:
Explanation: The Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) is a process defined by the United States Department of Defense (DoD) for managing risk. The Certification Determination and Accreditation phase is the third phase in the DIACAP process. Its subordinate tasks are as follows: Analyze residual risk. Issue certification determination. Make accreditation decision. Answer: A is incorrect. Phase 1 is known as Initiate and Plan IA C&A. Answer: C is incorrect. Phase 2 is used to implement and validate assigned IA controls. Answer: E is incorrect. Phase 3 is used to make certification determination and accreditation decisions. Answer: B is incorrect. Phase 5 is known as decommission system and is used to conduct activities related to the disposition of the system data and objects.
Please disable your adblocker or whitelist this site!