Continuous assessment is a process that monitors the initial security accreditation of an information system for tracking changes. What is this best described as?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the TESDA Computer System Servicing Test. Study with comprehensive materials, practice questions, and detailed explanations. Master the knowledge needed to excel at the exam!

Multiple Choice

Continuous assessment is a process that monitors the initial security accreditation of an information system for tracking changes. What is this best described as?

Explanation:
The idea being tested is ongoing oversight of security controls to keep a system authorized as it changes. This describes continuous assessment because it focuses on continuously monitoring the information system and its security posture to ensure it remains within the approved authorization, even as hardware, software, configurations, or operators change. It isn’t just a one-time check; it tracks changes over time to maintain authorization. The other activities are more specific tasks. Security auditing is usually a formal, periodic review of controls and records. Vulnerability scanning automatically looks for known weaknesses but doesn’t by itself maintain authorization status. Penetration testing simulates attacks to test defenses but is a targeted test, not the ongoing process of monitoring and maintaining accreditation.

The idea being tested is ongoing oversight of security controls to keep a system authorized as it changes. This describes continuous assessment because it focuses on continuously monitoring the information system and its security posture to ensure it remains within the approved authorization, even as hardware, software, configurations, or operators change. It isn’t just a one-time check; it tracks changes over time to maintain authorization.

The other activities are more specific tasks. Security auditing is usually a formal, periodic review of controls and records. Vulnerability scanning automatically looks for known weaknesses but doesn’t by itself maintain authorization status. Penetration testing simulates attacks to test defenses but is a targeted test, not the ongoing process of monitoring and maintaining accreditation.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy