Juan is trying to perform a risk analysis of his network. He has chosen to use OCTAVE. What is OCTAVE primarily used for?
A.
A language for vulnerability assessment
B.
A comprehensive risk assessment model
C.
A threat assessment tool
D.
An impact analysis tool
Explanation:
OCTAVE, or Operationally Critical, Threat, Asset and Vulnerability Evaluation is a comprehensive risk assessment model. Answer option A is incorrect. OVAL, or Open Vulnerability Assessment Language is the language for vulnerability assessment. Answer options C and D are incorrect. Threat assessment and impact analysis are both part of OVAL, but only a part