312-50V9 · Question #150
Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?
The correct answer is A. They provide a repeatable framework.. The primary advantage of formal security testing methodologies is that they provide a structured, repeatable framework ensuring consistent and comparable results across audits.
Question
Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?
Options
- AThey provide a repeatable framework.
- BAnyone can run the command line scripts.
- CThey are available at low cost.
- DThey are subject to government regulation.
How the community answered
(30 responses)- A93% (28)
- B3% (1)
- D3% (1)
Why each option
The primary advantage of formal security testing methodologies is that they provide a structured, repeatable framework ensuring consistent and comparable results across audits.
Security testing methodologies such as OWASP, PTES, or NIST SP 800-115 define documented, step-by-step processes that can be applied consistently across different engagements. This repeatability ensures that the same scope and controls are evaluated each time, makes results defensible to stakeholders, and allows organizations to measure security posture changes over time.
Security testing tools and scripts often require significant technical expertise to configure and interpret correctly, meaning not just anyone can run them effectively.
Many professional security testing methodologies and the tools or training associated with them carry substantial licensing and expertise costs, so low cost is not a reliable advantage.
Security testing methodologies are generally industry-developed best practices, not instruments of government regulation, and compliance requirements are separate from the methodologies themselves.
Concept tested: Advantages of formal security testing methodologies
Source: https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
Community Discussion
No community discussion yet for this question.