Which of the following is NOT an information input activity for risk assessment?

Enhance your preparation for the Federal IT Security Professional Test. Use quizzes, flashcards, and detailed explanations to ensure success. Stay ahead in the field of IT Security!

Multiple Choice

Which of the following is NOT an information input activity for risk assessment?

Explanation:
In risk assessment, information inputs are ways to gather data about the system, its environment, and potential risks. Document reviews provide existing policies, configurations, and prior assessments; questionnaires and surveys capture stakeholder perspectives and perceptions; on-site interviews gather detailed, contextual information directly from people involved. Penetration testing, on the other hand, is an active security test that simulates real attacker activity to expose exploitable weaknesses. While its findings can inform risk, the act of penetration testing itself is a testing activity, not an information input used to feed the risk model. Therefore, penetration testing is not an information input activity for risk assessment.

In risk assessment, information inputs are ways to gather data about the system, its environment, and potential risks. Document reviews provide existing policies, configurations, and prior assessments; questionnaires and surveys capture stakeholder perspectives and perceptions; on-site interviews gather detailed, contextual information directly from people involved. Penetration testing, on the other hand, is an active security test that simulates real attacker activity to expose exploitable weaknesses. While its findings can inform risk, the act of penetration testing itself is a testing activity, not an information input used to feed the risk model. Therefore, penetration testing is not an information input activity for risk assessment.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy