CompTIA Security+ 5.5 Program Management/Oversight – Audits and Assessments

Posted by:

|

On:

|

0%

Audits and Assessments

1 / 20

During a security audit of a financial institution, the auditor discovers that the organization is not conducting regular security awareness training for its employees. Which of the following represents the MOST significant risk associated with this finding?

2 / 20

A security assessor is evaluating the effectiveness of an organization’s patch management process. Which of the following metrics would provide the MOST valuable insight into the overall security posture related to patch management?

3 / 20

A security assessor is evaluating the effectiveness of an organization’s vulnerability management program. Which of the following metrics would provide the MOST valuable insight into the program’s impact on reducing the organization’s overall risk posture?

4 / 20

A security assessor is evaluating the effectiveness of an organization’s network segmentation. Which of the following testing methods would provide the MOST comprehensive assessment of the segmentation implementation?

5 / 20

During a security audit of an organization’s identity and access management (IAM) practices, the auditor discovers that the company does not have a formal process for conducting regular access reviews. Which of the following represents the MOST significant risk associated with this finding?

6 / 20

An organization is preparing for a SOC 2 Type II audit. Which of the following is the MOST critical factor in ensuring a successful audit outcome?

7 / 20

During a security audit of a financial services company, the auditor discovers that the organization does not have a formal process for managing and monitoring third-party access to its systems and data. Which of the following represents the MOST significant risk associated with this finding?

8 / 20

A security assessor is evaluating the effectiveness of an organization’s data loss prevention (DLP) system. Which of the following testing methodologies would provide the MOST comprehensive assessment of the DLP’s capabilities?

9 / 20

A security assessor is evaluating the effectiveness of an organization’s security awareness training program. Which of the following testing methodologies would provide the MOST comprehensive assessment of the program’s impact on employee behavior?

10 / 20

A security assessor is evaluating the effectiveness of a company’s incident response plan. Which of the following methods would provide the MOST realistic assessment of the organization’s ability to respond to a security incident?

11 / 20

A security assessor is evaluating the effectiveness of an organization’s web application firewall (WAF). Which of the following testing methodologies would provide the MOST comprehensive assessment of the WAF’s capabilities?

12 / 20

During a security assessment of an organization’s cloud-based infrastructure, an auditor discovers that the company is not using a cloud access security broker (CASB) solution. Which of the following represents the MOST significant risk associated with this finding?

13 / 20

A security assessor is evaluating the effectiveness of an organization’s security information and event management (SIEM) system. Which of the following testing methods would provide the MOST comprehensive assessment of the SIEM’s capabilities?

14 / 20

During a network security assessment, an auditor discovers that a company’s web application firewall (WAF) is not blocking common SQL injection patterns. Which of the following testing methodologies would be MOST effective in identifying the full extent of this vulnerability?

15 / 20

During a security assessment of a cloud-based infrastructure, an auditor discovers that the organization is not using multi-factor authentication (MFA) for administrative access to cloud resources. Which of the following represents the MOST significant risk associated with this finding?

16 / 20

A security assessor is evaluating the effectiveness of an organization’s network segmentation strategy. Which of the following testing methodologies would provide the MOST comprehensive assessment of the segmentation implementation?

17 / 20

A security assessor is evaluating the effectiveness of an organization’s security awareness training program. Which of the following metrics would provide the MOST valuable insight into the program’s impact on the organization’s security posture?

18 / 20

A security assessor is evaluating the effectiveness of an organization’s vulnerability management program. Which of the following metrics would provide the MOST valuable insight into the program’s overall effectiveness?

19 / 20

An organization is preparing for a compliance audit against the Payment Card Industry Data Security Standard (PCI DSS). Which of the following is the MOST critical step in ensuring a successful audit outcome?

20 / 20

During a security audit of a cloud-based infrastructure, an assessor discovers that the organization is not using a formal process for managing and monitoring cloud resource configurations. Which of the following represents the MOST significant risk associated with this finding?

Your score is

Exit