Which of the following is NOT an Assessment Testing activity?

Enhance your preparation for the Federal IT Security Professional Test. Use quizzes, flashcards, and detailed explanations to ensure success. Stay ahead in the field of IT Security!

Multiple Choice

Which of the following is NOT an Assessment Testing activity?

Explanation:
Assessment testing involves actively evaluating security controls by probing the environment and gathering evidence of how well those controls work. Vulnerability scanning fits here because it uses automated tools to detect known weaknesses a system might have. Log review is also an assessment activity since examining security logs reveals events, anomalies, and potential incidents that indicate how well monitoring and response are functioning. Penetration testing goes even further by simulating real-world attacks to verify defenses and uncover exploitable weaknesses. Configuration management, in contrast, is about keeping systems in a consistent, secure state over time. It includes maintaining baselines, enforcing change control, and tracking configurations to prevent drift. While it supports security by ensuring predictable, hardened settings, it is not a testing activity itself. It’s a governance/engineering process rather than an assessment of how well security controls perform.

Assessment testing involves actively evaluating security controls by probing the environment and gathering evidence of how well those controls work. Vulnerability scanning fits here because it uses automated tools to detect known weaknesses a system might have. Log review is also an assessment activity since examining security logs reveals events, anomalies, and potential incidents that indicate how well monitoring and response are functioning. Penetration testing goes even further by simulating real-world attacks to verify defenses and uncover exploitable weaknesses.

Configuration management, in contrast, is about keeping systems in a consistent, secure state over time. It includes maintaining baselines, enforcing change control, and tracking configurations to prevent drift. While it supports security by ensuring predictable, hardened settings, it is not a testing activity itself. It’s a governance/engineering process rather than an assessment of how well security controls perform.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy