Which of the following best aligns with the principles of the Open Source Security Testing Methodology Manual when planning and conducting security testing as part of an incident response?
You selected this option
Designing tests in a way that minimizes disruption to business operations while achieving thorough coverage
You selected this option
Performing security testing on live systems without any prior planning to ensure immediate results
You selected this option
Focusing only on high-profile assets, skipping documentation to save time during a critical incident
You selected this option
Replicating the attack vectors based solely on intuition to expedite the containment phase
The Open Source Security Testing Methodology Manual emphasizes the importance of educational property and integrity in the process of security testing. It is not just about finding vulnerabilities but also about ensuring that the learning from the process improves the overall security posture of the organization. By following a disciplined methodology, the incident response team verifies the comprehensiveness of testing while maintaining the integrity and confidentiality of the system being tested. Answer 'C' is correct because, according to OSS TMM, one should conduct tests without disrupting the organization's operational activities whenever possible. This approach prioritizes maintaining business continuity and minimizing impact during incident response activities, aligning with the concepts of OSS TMM.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Open Source Security Testing Methodology Manual (OSSTMM)?
Open an interactive chat with Bash
What are the principles of incident response in relation to security testing?
Open an interactive chat with Bash
Why is it important to minimize disruption to business operations during security testing?