CompTIA CASP+ (CAS-004) — Question 125

An organization wants to perform a scan of all its systems against best practice security configurations.
Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for full automation? (Choose two.)

Answer options

• A. ARF
• B. XCCDF
• C. CPE
• D. CVE
• E. CVSS
• F. OVAL

Correct answer: B, F

Explanation

The correct answer is B (XCCDF) and F (OVAL) because XCCDF provides a standardized format for specifying security checklists, while OVAL offers a language for encoding system vulnerabilities and configuration checks. The other options, such as ARF, CPE, CVE, and CVSS, serve different purposes within the SCAP framework and do not directly create automated checklists.