nerdexam
EC-Council

312-50V9 · Question #150

Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

The correct answer is A. They provide a repeatable framework.. The primary advantage of formal security testing methodologies is that they provide a structured, repeatable framework ensuring consistent and comparable results across audits.

Introduction to Ethical Hacking

Question

Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

Options

  • AThey provide a repeatable framework.
  • BAnyone can run the command line scripts.
  • CThey are available at low cost.
  • DThey are subject to government regulation.

How the community answered

(30 responses)
  • A
    93% (28)
  • B
    3% (1)
  • D
    3% (1)

Why each option

The primary advantage of formal security testing methodologies is that they provide a structured, repeatable framework ensuring consistent and comparable results across audits.

AThey provide a repeatable framework.Correct

Security testing methodologies such as OWASP, PTES, or NIST SP 800-115 define documented, step-by-step processes that can be applied consistently across different engagements. This repeatability ensures that the same scope and controls are evaluated each time, makes results defensible to stakeholders, and allows organizations to measure security posture changes over time.

BAnyone can run the command line scripts.

Security testing tools and scripts often require significant technical expertise to configure and interpret correctly, meaning not just anyone can run them effectively.

CThey are available at low cost.

Many professional security testing methodologies and the tools or training associated with them carry substantial licensing and expertise costs, so low cost is not a reliable advantage.

DThey are subject to government regulation.

Security testing methodologies are generally industry-developed best practices, not instruments of government regulation, and compliance requirements are separate from the methodologies themselves.

Concept tested: Advantages of formal security testing methodologies

Source: https://csrc.nist.gov/publications/detail/sp/800-115/final

Topics

#security testing methodology#repeatable framework#security audit#penetration testing

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice