CISSP Security Assessment and Testing
What is the first step in the security assessment process?
Security audit
Which of the following is NOT a type of security testing?
Risk assessment
What is the purpose of security testing?
All of the above
Which of the following is NOT a security testing methodology?
Risk assessment
What is the goal of penetration testing?
To find vulnerabilities
Which of the following is a passive security testing technique?
Code review
What is the main difference between security assessment and security testing?
Purpose
Which of the following is NOT a security control category?
Risk assessment controls
What is the purpose of security auditing?
To assess security controls
Which of the following is a dynamic security testing technique?
Penetration testing
What are the three primary types of security tests used to evaluate the effectiveness of security controls?
The three primary types of security tests are vulnerability assessments, penetration testing, and security audits.
What is the purpose of conducting a security audit?
The purpose of conducting a security audit is to evaluate the security policies, procedures, and controls in place to ensure they are effective and comply with relevant regulations and standards.