nerdexam
Exams312-50V10Questions#545
EC-Council

312-50V10 · Question #545

312-50V10 Question #545: Real Exam Question with Answer & Explanation

The correct answer is D: Legislative, contractual, standards based. The OSSTMM defines three types of compliance that security tests must account for: legislative, contractual, and standards based.

Question

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

Options

  • ALegal, performance, audit
  • BAudit, standards based, regulatory
  • CContractual, regulatory, industry
  • DLegislative, contractual, standards based

Explanation

The OSSTMM defines three types of compliance that security tests must account for: legislative, contractual, and standards based.

Common mistakes.

  • A. Performance and audit are not recognized compliance categories in the OSSTMM framework - performance is a quality metric and audit is a process, not a compliance type.
  • B. While regulatory is a related concept, OSSTMM specifically uses 'legislative' rather than 'regulatory,' and this option omits contractual compliance entirely.
  • C. Contractual and regulatory appear in this option, but OSSTMM does not use 'industry' as a compliance category - it uses 'standards based' as the specific third type.

Concept tested. OSSTMM three types of compliance categories

Reference. https://www.isecom.org/OSSTMM.3.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V10 Practice