CompTIA Security+ (SY0-701) — Question 218

A Chief Information Security Officer would like to conduct frequent, detailed reviews of systems and procedures to track compliance objectives. Which of the following will be the best method to achieve this objective?

Answer options

• A. Third-party attestation
• B. Penetration testing
• C. Internal auditing
• D. Vulnerability scans

Correct answer: C

Explanation

The correct answer is C, Internal auditing, as it involves a comprehensive review of an organization's systems and processes to ensure compliance with policies and regulations. Options A, B, and D focus on different aspects of security but do not provide the same level of detailed oversight and continuous monitoring for compliance objectives.