Which artifact is commonly included as evidence to support control testing in the SAR?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the RMF Steps, Tasks, and Outcomes Test. Get ready for your exam with flashcards, multiple choice questions, and in-depth explanations. Master each step and outcome with ease!

Multiple Choice

Which artifact is commonly included as evidence to support control testing in the SAR?

Explanation:
In RMF, evidence for control testing in the System Assessment Report comes from a well-rounded set of artifacts that document both how the control was tested and what was found. A complete evidence package typically includes actual test results showing that the control works as intended, configuration snapshots that capture the system’s state at testing time, vulnerability scan outputs that identify and validate findings, interviews that corroborate procedures and daily practices, and other artifacts such as logs or remediation records. Together, these items provide objective verification and traceability of the control’s implementation and effectiveness. Relying on only interviews misses objective test outcomes; using only configuration baselines shows a snapshot without testing results; policy documents describe intended controls but not testing results.

In RMF, evidence for control testing in the System Assessment Report comes from a well-rounded set of artifacts that document both how the control was tested and what was found. A complete evidence package typically includes actual test results showing that the control works as intended, configuration snapshots that capture the system’s state at testing time, vulnerability scan outputs that identify and validate findings, interviews that corroborate procedures and daily practices, and other artifacts such as logs or remediation records. Together, these items provide objective verification and traceability of the control’s implementation and effectiveness. Relying on only interviews misses objective test outcomes; using only configuration baselines shows a snapshot without testing results; policy documents describe intended controls but not testing results.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy