Certified Information Systems Security Professional (CISSP) — Question 234

In setting expectations when reviewing the results of a security test, which of the following statements is MOST important to convey to reviewers?

Answer options

• A. The accuracy of testing results can be greatly improved if the target(s) are properly hardened.
• B. The results of the tests represent a point-in-time assessment of the target(s).
• C. The deficiencies identified can be corrected immediately.
• D. The target's security posture cannot be further compromised.

Correct answer: B

Explanation

The correct answer, B, emphasizes that the results are relevant only for a specific moment and can change over time. Option A suggests that hardening improves accuracy, but it doesn't address the temporal nature of the assessment. Option C implies immediate fixes, which may not be realistic, while option D incorrectly suggests that the security posture is static.