CompTIA Security+ (SY0-701) — Question 397

An organization is required to provide assurance that its controls are properly designed and operating effectively. Which of the following reports will best achieve the objective?

Answer options

• A. Red teaming
• B. Penetration testing
• C. Independent audit
• D. Vulnerability assessment

Correct answer: C

Explanation

The correct answer is C, as an Independent audit provides a thorough evaluation of the organization's controls, ensuring they are designed properly and working effectively. In contrast, Red teaming and Penetration testing focus on identifying vulnerabilities rather than assessing control design, while a Vulnerability assessment primarily identifies security weaknesses without evaluating control effectiveness.