New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CSSLP Exam - Topic 6 Question 49 Discussion

Actual exam question for ISC2's CSSLP exam
Question #: 49
Topic #: 6
[All CSSLP Questions]

Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering system vulnerabilities. For what purposes is ST&E used?

Each correct answer represents a complete solution. Choose all that apply.

Show Suggested Answer Hide Answer
Suggested Answer: B, C, D

Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering system vulnerabilities. According to NIST SP

800-42 (Guideline on Network Security Testing), ST&E is used for the following purposes:

To assess the degree of consistency between the system documentation and its implementation

To determine the adequacy of security mechanisms, assurances, and other properties to enforce the security policy

To uncover design, implementation, and operational flaws that may allow the violation of security policy

Answer A is incorrect. ST&E is not used for the implementation of the system architecture.


by Audry at May 05, 2022, 11:27 PM

Limited Time Offer

25%

Off

Get Premium CSSLP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Thaddeus
4 months ago
Not sure if it really uncovers all flaws, though.
upvoted 0 times
...
Kaitlyn
4 months ago
Surprised that so many people overlook this part!
upvoted 0 times
...
Bo
4 months ago
I think it also checks if the docs match the system, right?
upvoted 0 times
...
Tamra
4 months ago
Totally agree, it's crucial for security!
upvoted 0 times
...
Lucina
5 months ago
ST&E helps find system vulnerabilities.
upvoted 0 times
...
Jamey
5 months ago
C sounds familiar too, but I'm not entirely sure if it's a primary purpose of ST&E. I guess it could relate to documentation consistency.
upvoted 0 times
...
Hollis
5 months ago
D seems right to me because uncovering flaws is a key part of what ST&E does. I feel like I saw a similar question in our practice tests.
upvoted 0 times
...
Gaston
5 months ago
I'm a bit unsure about A. I remember something about system architecture, but I can't recall if ST&E directly implements it.
upvoted 0 times
...
Shawn
5 months ago
I think ST&E is mainly about assessing security mechanisms, so maybe B is definitely one of the answers.
upvoted 0 times
...
Shaun
5 months ago
I'm pretty confident the answer is C. The question is asking what's not required, and configuring the RSVP-TE LSPs between the PE-ABR and ABR-ABR pairs seems like a necessary step for enabling LDP-over-RSVP, not something that's not required.
upvoted 0 times
...
Allene
5 months ago
The Architecture Roadmap seems like the most logical place to capture the actions from the Readiness Assessment. That's where you map out the transformation plan, right?
upvoted 0 times
...
Lilli
5 months ago
I think it's A - the payback method is really straightforward compared to other capital budgeting techniques.
upvoted 0 times
...

Save Cancel