CISSP Question #803: Real Exam Question with Answer & Explanation

The correct answer is A: A document that expresses an implementation independent set of security requirements for an IT. A Protection Profile (PP) is a document that expresses an implementation independent set of security requirements for an IT product that meets specific consumer needs. A PP is based on the Common Criteria (CC) framework, which is an international standard for evaluating the secur

Submitted by fatima_kr· Mar 5, 2026Security Architecture and Engineering

Question

Which of the following BEST describes a Protection Profile (PP)?

Options

AA document that expresses an implementation independent set of security requirements for an IT
BA document that is used to develop an IT security product from its security requirements
CA document that expresses an implementation dependent set of security requirements which
DA document that represents evaluated products where there is a one-to-one correspondence

Explanation

A Protection Profile (PP) is a document that expresses an implementation independent set of security requirements for an IT product that meets specific consumer needs. A PP is based on the Common Criteria (CC) framework, which is an international standard for evaluating the security of IT products and systems. A PP defines the security objectives, threats, assumptions, and functional and assurance requirements for a product or a category of products.

Topics

#Protection Profile#Common Criteria#security requirements

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions