CompTIA Security+ (SY0-701) — Question 468
The Chief Information Officer (CIO) asked a vendor to provide documentation detailing the specific objectives within the compliance framework that the vendor's services meet. The vendor provided a report and a signed letter stating that the services meet 17 of the 21 objectives. Which of the following did the vendor provide to the CIO?
Answer options
- A. Penetration test results
- B. Self-assessment findings
- C. Attestation of compliance
- D. Third-party audit report
Correct answer: C
Explanation
The vendor provided an attestation of compliance, which is a formal declaration confirming that their services meet specific compliance objectives. The other options, such as penetration test results and self-assessment findings, do not serve as formal attestations of compliance, while a third-party audit report would involve an external evaluation rather than a direct statement from the vendor.