Which of the following is NOT an assessment method used in NIST SP 800-115?

Prepare for the FISMA Interview Test. Get familiar with key topics and enhance your knowledge with flashcards and multiple-choice questions. Study effectively and be ready for your exam!

Multiple Choice

Which of the following is NOT an assessment method used in NIST SP 800-115?

Explanation:
NIST SP 800-115 defines four formal assessment methods used in security testing and assessment: interviews, examinations, tests, and sampling. A survey isn’t listed among these methods, because it’s a broad data-collection approach that gathers information from many respondents rather than the targeted evidence collection emphasized in the guide. In practice, interviews gather information from personnel, examinations review artifacts like documents and configurations, and tests involve actually executing controls to verify their effectiveness; sampling helps select representative items for review. Because a survey isn’t part of the official method set, it’s the one that doesn’t fit with how SP 800-115 structures assessment activities.

NIST SP 800-115 defines four formal assessment methods used in security testing and assessment: interviews, examinations, tests, and sampling. A survey isn’t listed among these methods, because it’s a broad data-collection approach that gathers information from many respondents rather than the targeted evidence collection emphasized in the guide. In practice, interviews gather information from personnel, examinations review artifacts like documents and configurations, and tests involve actually executing controls to verify their effectiveness; sampling helps select representative items for review. Because a survey isn’t part of the official method set, it’s the one that doesn’t fit with how SP 800-115 structures assessment activities.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy