CAP Continuous Monitoring Strategy

Question 1

What is the primary goal of continuous monitoring in the context of the RMF?

Accepted Answer

To maintain ongoing situational awareness of the security state of information systems and detect changes that affect risk

Answer

Continuous monitoring provides real-time or near real-time visibility into the security posture of systems so that risk can be managed dynamically.

Question 2

Which NIST publication provides the primary guidance for information security continuous monitoring (ISCM)?

Accepted Answer

NIST SP 800-137

Answer

NIST SP 800-137 provides guidance for developing a continuous monitoring strategy and program for federal information systems.

Question 3

What are the six steps of the ISCM process defined in NIST SP 800-137?

Accepted Answer

Define, Establish, Implement, Analyze/Report, Respond, Review/Update

Answer

NIST SP 800-137 defines the ISCM process as: Define strategy, Establish program, Implement program, Analyze/Report findings, Respond to findings, and Review/Update the program.

Question 4

What is a Security Information and Event Management (SIEM) system's primary role in continuous monitoring?

Accepted Answer

To aggregate, correlate, and analyze security event logs from across the enterprise in near real-time

Answer

A SIEM collects logs from multiple sources, correlates events, and generates alerts to enable rapid detection of security incidents.

Question 5

What is the purpose of defining monitoring frequencies in a continuous monitoring strategy?

Accepted Answer

To establish how often each control is assessed based on its volatility, importance, and available resources

Answer

Monitoring frequencies are tailored to each control based on how often it changes, its criticality, and the resources available to monitor it.

CAP - Certified Accreditation Professional Practice Test

CAP - Certified Accreditation Professional Practice Test

CAP Continuous Monitoring Strategy