312-50V10 · Question #804
When a security analyst prepares for the formal security assessment, what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is
The correct answer is A. Data items and vulnerability scanning. Vulnerability scanning against a secure asset database identifies discrepancies and validates compliance with minimum security baselines during a formal assessment.
Question
When a security analyst prepares for the formal security assessment, what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?
Options
- AData items and vulnerability scanning
- BInterviewing employees and network engineers
- CReviewing the firewalls configuration
- DSource code review
How the community answered
(46 responses)- A93% (43)
- C2% (1)
- D4% (2)
Why each option
Vulnerability scanning against a secure asset database identifies discrepancies and validates compliance with minimum security baselines during a formal assessment.
Data items review combined with vulnerability scanning directly compares the current state of assets against the documented secure asset database, surfacing inconsistencies. Vulnerability scanning also maps discovered issues against the minimum security baseline to confirm or deny compliance. This two-pronged approach is the standard technical method used in formal security assessments for asset validation.
Interviewing employees and engineers is a qualitative information-gathering technique and does not produce the technical data needed to identify database inconsistencies or measure baseline compliance.
Reviewing firewall configurations addresses network access controls only and does not cover the broader set of assets or baseline requirements across the entire system.
Source code review is used to find software vulnerabilities in application logic, not to audit asset databases or verify system-wide security baseline compliance.
Concept tested: Vulnerability scanning and security baseline compliance verification
Source: https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
Community Discussion
No community discussion yet for this question.