what purposes is ST&E used?

seenagapeFebruary 20, 2013

Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering
system vulnerabilities. For what purposes is ST&E used? Each correct answer represents a
complete solution. Choose all that apply.

PrepAway - Latest Free Exam Questions & Answers

A.
To implement the design of system architecture

B.
To determine the adequacy of security mechanisms, assurances, and other properties to
enforce the security policy

C.
To assess the degree of consistency between the system documentation and its
implementation

D.
To uncover design, implementation, and operational flaws that may allow the violation of
security policy

Explanation:
Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful
in discovering system vulnerabilities. According to NIST SP 800-42 (Guideline on Network
Security Testing), ST&E is used for the following purposes: To assess the degree of consistency
between the system documentation and its implementation To determine the adequacy of security
mechanisms, assurances, and other properties to enforce the security policy To uncover design,
incorrect. ST&E is not used for the implementation of the system architecture.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISC Exam Questions

Free ISC2 Study Guide

what purposes is ST&E used?

Leave a Reply Cancel reply