5. Security Assessment and Testing

Question 1

SCAP

Answer 1

Security Automation Protocol

An effort by the security community, led by the National Institute of Standards and Technology (NIST) to create a standardized approach for communicating security-related information.

Question 2

CCE

Answer 2

Common Configuration Enumeration

Provides a standard nomenclature for discussing system configuration issues.

Question 3

CPE

Answer 3

Common Platform Enumeration

Provides a standard nomenclature for describing product names and versions.

Question 4

CVE

Answer 4

Common Vulnerabilities and Exposures

Provides a standard nomenclature for describing security-related software flaws.

Question 5

CVSS

Answer 5

Common Vulnerability Scoring System

Provides a standardized approach for measuring and describing the severity of security-related software flaws.

Question 6

XCCDF

Answer 6

Extensible Configuration Checklist Description Format

A language for specifying checklists and reporting checklist results.

Question 7

OVAL

Answer 7

Open Vulnerability and Assessment Language.

A language for specifying low-level testing procedures used by checklists.

Question 8

Static Testing

Answer 8

Analyzes code without executing it.

Question 9

Dynamic Testing

Answer 9

Executes code as part of the test.

Question 10

Interactive Testing

Answer 10

Combines Static and dynamic testing, analyzing the source code while testers interact with the application through exposed interfaces.