ISC2 Exam ISSMP Topic 1 Question 46 Discussion

Actual exam question for ISC2's Information Systems Security Management Professional exam

Question #: 46
Topic #: 1

[All Information Systems Security Management Professional Questions]

Which of the following test methods has the objective to test the IT system from the viewpoint of a threat-source and to identify potential failures in the IT system protection schemes?

APenetration testing

BOn-site interviews

CSecurity Test and Evaluation (ST&E)

DAutomated vulnerability scanning tool

Show Suggested Answer

Suggested Answer: A

The goal of penetration testing is to examine the IT system from the perspective of a threat-source, and to identify potential failures in the IT system protection schemes. Penetration testing, when performed in the risk assessment process, is used to assess an IT system's capability to survive with the intended attempts to thwart system security.

Answer option C is incorrect. The objective of ST&E is to ensure that the applied controls meet the approved security specification for the software and hardware and implement the organization's security policy or meet industry standards.

by Ammie at May 04, 2022, 02:29 AM

Limited Time Offer

25%

Off

Get Premium ISSMP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!