CompTIA SecurityX (CAS-005) — Question 171

A company has a requirement in customer contracts that states applications must undergo external audits to identify vulnerabilities. Which of the following is the best action for the company to complete before hiring an external auditor?

Answer options

• A. Gather evidence for the audit.
• B. Conduct an internal audit assessment.
• C. Identify lessons learned from the audit.
• D. Select samples for audit testing.

Correct answer: B

Explanation

The correct answer is B, as conducting an internal audit assessment allows the company to identify current vulnerabilities and areas for improvement before an external audit. Options A, C, and D are steps that could be part of the audit process but do not prepare the company as effectively as performing an internal audit first.