A security consultant is selecting a framework to ensure each penetration test is performed using repeatable, peer-reviewed procedures that cover human, physical, wireless, telecommunications, and data-network channels and generate a Security Test Audit Report (STAR). Which description correctly summarizes the primary purpose of the Open Source Security Testing Methodology Manual (OSSTMM)?
It catalogs publicly disclosed vulnerabilities and exploits and maps them to affected products.
It provides a structured, peer-reviewed methodology for planning, executing, and reporting comprehensive security tests, ensuring consistent and repeatable results.
It defines an encryption protocol that secures HTTP traffic with end-to-end confidentiality.
It bundles open-source scripts that automatically harvest and correlate security logs for continuous network monitoring.
OSSTMM, maintained by ISECOM, is a peer-reviewed manual that supplies a scientific, repeatable methodology for planning, executing, and reporting security tests. It details how to scope engagements, evaluate controls across multiple channels, and produce the STAR report. It is not a toolset, vulnerability database, or encryption protocol, so those alternatives are incorrect.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the primary goal of the OSS TMM framework?
Open an interactive chat with Bash
How does OSS TMM differ from vulnerability databases like CVE?
Open an interactive chat with Bash
Who typically uses OSS TMM, and in what scenarios is it applied?