During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory?
A. Calculate the value of assets being accredited.
B. Create a list to include in the Security Assessment and Authorization package.
C. Identify obsolete hardware and software.
D. Define the boundaries of the information system.
Agreed D
Comprehensive Assessment
========================
A complete Security Assessment and Authorization (SA&A) effort in support of FISMA compliance includes several core deliverables, any of which can prove very challenging for a large organization:
Information System Inventory. System boundaries must be identified, and individual systems (and their owners and interfaces) must be ascertained.
https://aerstone.com/assess/fisma-compliance/
Can anyone explain how VCE got ‘A’ and why it is ‘A?’ I dont understand how value of the asset is any factor of consideration during the Assessment and Authorization process?
Answer D
A complete Security Assessment and Authorization (SA&A) effort in support of FISMA compliance includes several core deliverables, any of which can prove very challenging for a large organization:
Information System Inventory. System boundaries must be identified, and individual systems (and their owners and interfaces) must be ascertained.
https://aerstone.com/assess/fisma-compliance/