Certified Administrative Professional (CAP) Practice Exam 2026 – Your All-in-One Guide to Exam Mastery!

The chosen answer is appropriate because NIST SP 800-115 specifically provides guidelines on conducting security assessment testing, which includes penetration testing. This document outlines the methodologies for performing assessments to identify vulnerabilities in information systems, applications, and networks. It takes a practical approach, offering techniques and recommendations for testing to see how effective security measures can withstand potential threats.

NIST SP 800-37 focuses on the Risk Management Framework for information systems, emphasizing risk assessment and management strategies rather than the specific methodologies for security testing. NIST SP 800-53 provides a catalog of security and privacy controls for federal information systems and organizations but does not concentrate on the technical implementation of security assessments. NIST SP 800-39 deals with an organizational risk management perspective, discussing risk management in a broader scope rather than detailing the specific technical assessment activities. Thus, B is indeed the most relevant document for guidance on security assessment testing and penetration testing products.