Free ISC2 CISSP Actual Exam Questions - Question 1 Discussion

I think D can be ruled out because PPs are more like templates, and multiple Security Targets can claim compliance with one PP. That means it’s not a strict one-to-one relationship as D suggests.

Guessing A here too, since PPs are meant to be implementation-independent and cover consumer-driven security needs broadly, not tied to specific products or evaluations like in D.

A, because it’s about general security needs, not product-specific details.

I’m with the idea that A nails the core of a Protection Profile — it’s about laying out those security needs without getting into the nitty-gritty of how a product actually implements them. B feels more like the stage after you’ve got the PP, where you’re actually building or assessing a product using those requirements. Also, C’s off because PPs aren’t implementation dependent, and D confuses the relationship between PPs and Security Targets. Would the key difference be that PPs serve as a common standard for multiple products, rather than focusing on just one?

It’s A for me. A PP sets out security requirements without tying them to any specific product design, so it’s definitely implementation independent. B sounds more like a Security Target or something used during development, but a PP is more like a common baseline that multiple products can aim to meet, not the actual development guide. C and D don’t fit since the PP isn’t about evaluated products or only functional requirements.

A/B? A sounds right about it being implementation independent, but B also fits if it’s about using those requirements to develop a product. Not sure which is more “best.”