PrepAway - Latest Free Exam Questions & Answers

Common Criteria 15408 generally outlines assurance and …

Common Criteria 15408 generally outlines assurance and functional requirements through a security evaluation
process concept of ______________, ____________, __________ for Evaluated Assurance Levels (EALs) to
certify a product or system.

PrepAway - Latest Free Exam Questions & Answers

A.
EAL, Security Target, Target of Evaluation

B.
SFR, Protection Profile, Security Target

C.
Protection Profile, Target of Evaluation, Security Target

D.
SFR, Security Target, Target of Evaluation

Explanation:
Under the Common Criteria model, an evaluation is carried out on a product and it is assigned an Evaluation
Assurance Level (EAL). The thorough and stringent testing increases in detailed-oriented tasks as the
assurance levels increase. The Common Criteria has seven assurance levels. The range is from EAL1, where
functionality testing takes place, to EAL7, where thorough testing is performed and the system design is
verified.
The different components are shown in the exhibit below:

Incorrect Answers:
A: Evaluated Assurance Levels (EALs) determine the levels of evaluation required. EAL is not a common
criteria security evaluation process concept.
B: Security functional requirements (SFRs) are individual security functions which must be provided by a
product. An SFR is not a common criteria security evaluation process concept.
D: Security functional requirements (SFRs) are individual security functions which must be provided by a
product. An SFR is not a common criteria security evaluation process concept.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 403-405


Leave a Reply