CAP · Question #156
Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering system vulnerabilities. For what purposes is ST&E used? Each correct answer represents a complete sol
The correct answer is B. To determine the adequacy of security mechanisms, assurances, and other properties to C. To assess the degree of consistency between the system documentation and its implement D. To uncover design, implementation, and operational flaws that may allow the violation of. ST&E is used to evaluate security adequacy, verify documentation-to-implementation consistency, and uncover flaws - not to perform system architecture implementation.
Question
Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering system vulnerabilities. For what purposes is ST&E used? Each correct answer represents a complete solution. Choose all that apply.
Options
- ATo implement the design of system architecture
- BTo determine the adequacy of security mechanisms, assurances, and other properties to
- CTo assess the degree of consistency between the system documentation and its implement
- DTo uncover design, implementation, and operational flaws that may allow the violation of
How the community answered
(42 responses)- A10% (4)
- B90% (38)
Why each option
ST&E is used to evaluate security adequacy, verify documentation-to-implementation consistency, and uncover flaws - not to perform system architecture implementation.
ST&E is an evaluation and testing discipline, not an implementation activity; implementing system architecture is performed during design and build phases, entirely separate from ST&E.
ST&E assesses whether security mechanisms, assurances, and properties are adequate to protect the system against identified threats, which is a primary evaluation objective of the process.
ST&E verifies that the implemented system is consistent with its documented security design and specifications, identifying gaps between stated controls and actual deployment.
ST&E uncovers design, implementation, and operational flaws that could allow unauthorized access or policy violations, enabling organizations to remediate vulnerabilities before exploitation.
Concept tested: Security Test and Evaluation purposes and objectives
Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Topics
Community Discussion
No community discussion yet for this question.