nerdexam
Exams312-50V9Questions#419
EC-Council

312-50V9 · Question #419

312-50V9 Question #419: Real Exam Question with Answer & Explanation

The correct answer is D: Legislative, contractual, standards based. OSSTMM recognizes three types of compliance - legislative, contractual, and standards based - which together cover the legal, agreed-upon, and industry-framework dimensions of security obligations.

Question

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

Options

  • ALegal, performance, audit
  • BAudit, standards based, regulatory
  • CContractual, regulatory, industry
  • DLegislative, contractual, standards based

Explanation

OSSTMM recognizes three types of compliance - legislative, contractual, and standards based - which together cover the legal, agreed-upon, and industry-framework dimensions of security obligations.

Common mistakes.

  • A. "Performance" is not a compliance category recognized by OSSTMM; performance relates to operational metrics rather than a compliance obligation type.
  • B. "Audit" is a process used to verify compliance, not a type of compliance itself within the OSSTMM framework.
  • C. "Industry" is not a distinct OSSTMM compliance category; industry-specific requirements would fall under either legislative or standards-based compliance depending on their source.

Concept tested. OSSTMM three compliance types

Reference. https://www.isecom.org/OSSTMM.3.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice