ISC2 Exam CSSLP Topic 6 Question 49 Discussion

Actual exam question for ISC2's CSSLP exam

Question #: 49
Topic #: 6

Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering system vulnerabilities. For what purposes is ST&E used?

Each correct answer represents a complete solution. Choose all that apply.

ATo implement the design of system architecture

BTo determine the adequacy of security mechanisms, assurances, and other properties to
enforce the security policy

CTo assess the degree of consistency between the system documentation and its
implementation

DTo uncover design, implementation, and operational flaws that may allow the violation of
security policy

Show Suggested Answer

Suggested Answer: B, C, D

Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering system vulnerabilities. According to NIST SP

800-42 (Guideline on Network Security Testing), ST&E is used for the following purposes:

To assess the degree of consistency between the system documentation and its implementation

To determine the adequacy of security mechanisms, assurances, and other properties to enforce the security policy

To uncover design, implementation, and operational flaws that may allow the violation of security policy

Answer A is incorrect. ST&E is not used for the implementation of the system architecture.

by Audry at May 05, 2022, 11:27 PM

Limited Time Offer

25%

Off

Get Premium CSSLP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!