Weekly CISSP Exam Questions
Question: Which of the following is a primary objective of security assessment and testing?
A. Ensuring compliance with legal regulations
B. Identifying vulnerabilities and weaknesses
C. Establishing incident response procedures
D. Developing security policies and procedures
Correct Answer: B
Explanation:
Ensuring compliance with legal regulations: While compliance is important and often a byproduct of effective security measures, it's not the primary objective of security assessment and testing. Some assessments are geared towards compliance, but their primary function still revolves around identifying weaknesses and vulnerabilities that could affect compliance.
Identifying vulnerabilities and weaknesses: This is the core reason for security assessment and testing. The objective is to find any weaknesses before an attacker does, so they can be fixed to improve the overall security posture of an organization.
Establishing incident response procedures: Incident response is crucial for handling and recovering from security incidents, but it is not the primary objective of security assessment and testing. However, findings from such assessments can certainly inform and improve incident response procedures.
Developing security policies and procedures: While the insights gained from security assessment and testing could be used to develop or refine security policies and procedures, the primary objective remains the identification of vulnerabilities and weaknesses.
Podcasts
Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.
CISSP Cyber Training Academy
Tired of not knowing how to study for the CISSP Exam?
Check out the CISSP Cyber Training Academy to help you on your journey!
CISSP Cyber Training - YouTube
Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.
