Scenario: A system receives protection from controls developed by entities outside the system. This is an example of which concept?

Prepare for the FISMA Interview Test. Get familiar with key topics and enhance your knowledge with flashcards and multiple-choice questions. Study effectively and be ready for your exam!

Multiple Choice

Scenario: A system receives protection from controls developed by entities outside the system. This is an example of which concept?

Explanation:
Security control inheritance occurs when protection measures for a system come from outside the system itself. Instead of implementing all controls internally, the system relies on controls provided by another organization—such as a cloud service provider, an outsourcing partner, or a third‑party service. This means the system effectively inherits those external controls as part of its security posture. For example, a system hosted in a managed environment may depend on the vendor’s controls for physical security, network protection, vulnerability management, and incident response. The described scenario matches this idea: protection is provided by controls developed by entities outside the system. The other terms describe different concepts. An access control list governs who can access specific resources, not where protection comes from. Availability and integrity are objectives—ensuring the system is usable when needed and that data remains accurate and trustworthy—rather than the mechanism by which protection is supplied.

Security control inheritance occurs when protection measures for a system come from outside the system itself. Instead of implementing all controls internally, the system relies on controls provided by another organization—such as a cloud service provider, an outsourcing partner, or a third‑party service. This means the system effectively inherits those external controls as part of its security posture. For example, a system hosted in a managed environment may depend on the vendor’s controls for physical security, network protection, vulnerability management, and incident response. The described scenario matches this idea: protection is provided by controls developed by entities outside the system.

The other terms describe different concepts. An access control list governs who can access specific resources, not where protection comes from. Availability and integrity are objectives—ensuring the system is usable when needed and that data remains accurate and trustworthy—rather than the mechanism by which protection is supplied.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy