nerdexam
EC-Council

312-50V10 · Question #545

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

The correct answer is D. Legislative, contractual, standards based. The OSSTMM defines three types of compliance that security tests must account for: legislative, contractual, and standards based.

Information Security and Ethical Hacking Fundamentals

Question

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

Options

  • ALegal, performance, audit
  • BAudit, standards based, regulatory
  • CContractual, regulatory, industry
  • DLegislative, contractual, standards based

How the community answered

(37 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    5% (2)
  • D
    89% (33)

Why each option

The OSSTMM defines three types of compliance that security tests must account for: legislative, contractual, and standards based.

ALegal, performance, audit

Performance and audit are not recognized compliance categories in the OSSTMM framework - performance is a quality metric and audit is a process, not a compliance type.

BAudit, standards based, regulatory

While regulatory is a related concept, OSSTMM specifically uses 'legislative' rather than 'regulatory,' and this option omits contractual compliance entirely.

CContractual, regulatory, industry

Contractual and regulatory appear in this option, but OSSTMM does not use 'industry' as a compliance category - it uses 'standards based' as the specific third type.

DLegislative, contractual, standards basedCorrect

According to the OSSTMM, the three recognized compliance categories are legislative (laws and government mandates), contractual (obligations agreed upon between parties), and standards based (adherence to published industry or technical standards). These three categories encompass all external requirements an organization may face during security testing.

Concept tested: OSSTMM three types of compliance categories

Source: https://www.isecom.org/OSSTMM.3.pdf

Topics

#OSSTMM#compliance types#security methodology#legislative compliance

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice