New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSMP Exam - Topic 1 Question 46 Discussion

Actual exam question for ISC2's ISSMP exam
Question #: 46
Topic #: 1
[All ISSMP Questions]

Which of the following test methods has the objective to test the IT system from the viewpoint of a threat-source and to identify potential failures in the IT system protection schemes?

Show Suggested Answer Hide Answer
Suggested Answer: A

The goal of penetration testing is to examine the IT system from the perspective of a threat-source, and to identify potential failures in the IT system protection schemes. Penetration testing, when performed in the risk assessment process, is used to assess an IT system's capability to survive with the intended attempts to thwart system security.

Answer option C is incorrect. The objective of ST&E is to ensure that the applied controls meet the approved security specification for the software and hardware and implement the organization's security policy or meet industry standards.


by Ammie at May 04, 2022, 02:29 AM

Limited Time Offer

25%

Off

Get Premium ISSMP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Viola
4 months ago
On-site interviews? Not sure how that fits in here.
upvoted 0 times
...
Veronika
4 months ago
I agree with A, but automated tools can help too!
upvoted 0 times
...
Annelle
4 months ago
Wait, is it really just A? Seems too simple.
upvoted 0 times
...
Jacqueline
4 months ago
I think C is more comprehensive, though.
upvoted 0 times
...
Dong
5 months ago
Definitely A, penetration testing is all about that threat perspective.
upvoted 0 times
...
Craig
5 months ago
On-site interviews seem more about gathering information than testing the system itself, so I doubt that's the answer.
upvoted 0 times
...
Kathrine
5 months ago
I practiced a similar question, and I feel like automated vulnerability scanning tools just identify issues but don’t really test from a threat-source perspective.
upvoted 0 times
...
Jina
5 months ago
I'm not entirely sure, but I remember something about Security Test and Evaluation being more about compliance than actual threat assessment.
upvoted 0 times
...
Cory
5 months ago
I think penetration testing is the right answer since it focuses on simulating attacks to find vulnerabilities.
upvoted 0 times
...
Marvel
5 months ago
I'm pretty confident about this one. The metadata contains the ABI array, which defines the interface to interact with the smart contract. It can also include the contract address when deployed.
upvoted 0 times
...
Gwenn
5 months ago
I'm leaning towards itsi_notable_audit. That index is designed to capture important audit events, which could include troubleshooting info.
upvoted 0 times
...
Louisa
5 months ago
I think the differences are most noticeable with fast-moving subjects, like vehicles, but I'm not entirely sure if it's only during playback or also live.
upvoted 0 times
...
Camellia
5 months ago
I'm not really sure about B though. Telling the customer to get more users seems a bit pushy.
upvoted 0 times
...
Ronny
5 months ago
I recall a practice question about shared resources in public clouds, and it seemed clear that an attack could impact multiple users. So, maybe it's True?
upvoted 0 times
...

Save Cancel