Which of the following is NOT one of the three assessment methods described in NIST SP 800-115?

Prepare for the FISMA Interview Test. Get familiar with key topics and enhance your knowledge with flashcards and multiple-choice questions. Study effectively and be ready for your exam!

Multiple Choice

Which of the following is NOT one of the three assessment methods described in NIST SP 800-115?

Explanation:
In NIST SP 800-115, the three assessment methods described are interviews, examinations, and testing. Scanning is not one of these; it’s a technique often used within testing to identify vulnerabilities or weaknesses, but it isn’t listed as a separate assessment method. Interviews gather information from people about how controls are implemented, examinations verify evidence by reviewing documents and configurations, and testing assesses the security controls through observed procedures and results. So scanning isn’t one of the three formal methods described.

In NIST SP 800-115, the three assessment methods described are interviews, examinations, and testing. Scanning is not one of these; it’s a technique often used within testing to identify vulnerabilities or weaknesses, but it isn’t listed as a separate assessment method. Interviews gather information from people about how controls are implemented, examinations verify evidence by reviewing documents and configurations, and testing assesses the security controls through observed procedures and results. So scanning isn’t one of the three formal methods described.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy