CISSP · Question #747
A vulnerability test on an Information System (IS) is conducted to
The correct answer is C. evaluate the effectiveness of security controls.. A vulnerability test on an Information System is conducted to evaluate how well the existing security controls protect against known weaknesses and threats. It identifies gaps in defenses rather than exploiting them for malicious purposes.
Question
A vulnerability test on an Information System (IS) is conducted to
Options
- Aexploit security weaknesses in the IS.
- Bmeasure system performance on systems with weak security controls.
- Cevaluate the effectiveness of security controls.
- Dprepare for Disaster Recovery (DR) planning.
How the community answered
(35 responses)- B6% (2)
- C91% (32)
- D3% (1)
Why each option
A vulnerability test on an Information System is conducted to evaluate how well the existing security controls protect against known weaknesses and threats. It identifies gaps in defenses rather than exploiting them for malicious purposes.
Exploiting security weaknesses is the objective of penetration testing, not a vulnerability test, which only identifies and assesses weaknesses without actively exploiting them.
Vulnerability testing focuses on security control gaps and risk exposure, not on benchmarking or measuring system performance metrics under weak security conditions.
A vulnerability test is a structured assessment designed to evaluate the effectiveness of security controls by identifying weaknesses, misconfigurations, or gaps in defenses within an Information System. The goal is to determine whether controls such as patching, access controls, and configurations are functioning as intended, providing actionable findings to improve the security posture without necessarily exploiting those vulnerabilities.
Disaster Recovery planning involves business continuity strategies and recovery time objectives, which are separate from vulnerability assessments that focus on security control evaluation.
Concept tested: Purpose and scope of vulnerability testing
Source: https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
Community Discussion
No community discussion yet for this question.