CISSP Question #1113: Real Exam Question with Answer & Explanation

The correct answer is C: Common criteria (CC). Common criteria (CC) is an international standard (ISO/IEC 15408) for evaluating the security properties and capabilities of information technology (IT) products and systems. CC defines a common framework and methodology for expressing security requirements, conducting security e

Submitted by tom_us· Mar 5, 2026Security Assessment and Testing

Question

Which security evaluation model assesses a product's Security Assurance Level (SAL) in comparison to similar solutions?

Options

APayment Card Industry Data Security Standard (PCI-DSS)
BInternational Organization for Standardization (ISO) 27001
CCommon criteria (CC)
DControl Objectives for Information and Related Technology (COBIT)

Explanation

Common criteria (CC) is an international standard (ISO/IEC 15408) for evaluating the security properties and capabilities of information technology (IT) products and systems. CC defines a common framework and methodology for expressing security requirements, conducting security evaluations, and certifying security assurance levels. CC allows vendors, customers, and evaluators to compare and contrast the security features and functions of different IT products and systems based on their security assurance levels (SALs). SALs range from EAL1 (functionally tested) to EAL7 (formally verified design and tested).

Topics

#Common Criteria#security evaluation#product certification#assurance levels

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions