What are the 3 forms of examination?

Prepare for the FISMA Interview Test. Get familiar with key topics and enhance your knowledge with flashcards and multiple-choice questions. Study effectively and be ready for your exam!

Multiple Choice

What are the 3 forms of examination?

Explanation:
When examining controls in a FISMA-related assessment, you want evidence from different angles: what the organization documents, how the process is actually carried out, and how people perform it in reality. The three forms that cover these angles are review, walk-through, and observation. Review means looking at policies, procedures, security plans, and other records to confirm that controls exist and are properly described. Walk-through takes a single process or transaction and traces it step by step from start to finish to verify that each control is in place and operates as designed. Observation is watching the actual execution of the process to see that procedures are followed and controls function during real operations. Together, these three approaches provide a comprehensive view of both the documented design and the lived reality of the controls. The other options mix in elements that aren’t part of the standard trio for examining controls in this context. Interview and Test are valid activities, but they don’t form the established three-form package used for examination here. And terms like Inspection or Audit describe broader activities rather than the specific three-method examination approach.

When examining controls in a FISMA-related assessment, you want evidence from different angles: what the organization documents, how the process is actually carried out, and how people perform it in reality. The three forms that cover these angles are review, walk-through, and observation.

Review means looking at policies, procedures, security plans, and other records to confirm that controls exist and are properly described. Walk-through takes a single process or transaction and traces it step by step from start to finish to verify that each control is in place and operates as designed. Observation is watching the actual execution of the process to see that procedures are followed and controls function during real operations. Together, these three approaches provide a comprehensive view of both the documented design and the lived reality of the controls.

The other options mix in elements that aren’t part of the standard trio for examining controls in this context. Interview and Test are valid activities, but they don’t form the established three-form package used for examination here. And terms like Inspection or Audit describe broader activities rather than the specific three-method examination approach.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy