Best Tools for Holistic Configuration Compliance Test
Question
A security controls assessor intends to perform a holistic configuration compliance test of networked assets.
The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: '<object object_ref=' />' and '<state state_ref=' / >'
Which of the following tools BEST supports the use of these definitions?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The XML format package handed to the security controls assessor likely contains definitions of security configuration baselines. A baseline is a standardized level of security controls that an organization uses to protect its assets.
The two common tags within the XML files are &lt;object object_ref= />and<state state_ref= /&gt;, which refer to the configuration settings for the networked assets being tested.
To perform a holistic configuration compliance test of networked assets, the assessor needs a tool that can interpret and evaluate the XML files' contents against the defined baselines.
The best tool for this purpose is a SCAP (Security Content Automation Protocol) scanner. SCAP is a protocol that defines how to standardize security assessment, measurement, and management. SCAP scanners can assess and evaluate the security configuration of networked assets, including servers, operating systems, and network devices.
SCAP scanners can consume the XML files' content, evaluate the defined baselines, and provide the assessor with a holistic compliance test report of the networked assets. The report would highlight areas where the networked assets are non-compliant with the baseline configuration, making it easier for the assessor to recommend remediation measures.
Therefore, option C, SCAP scanner, is the best tool that supports the use of the XML format package handed to the security controls assessor.
