CompTIA Security+ (SY0-701) — Question 478

Which of the following should a company use to provide proof of external network security testing?

Answer options

• A. Business impact analysis
• B. Supply chain analysis
• C. Vulnerability assessment
• D. Third-party attestation

Correct answer: D

Explanation

The correct answer is D, as third-party attestation provides an independent verification of security controls and practices. Options A and B do not specifically address external testing, while C focuses on identifying vulnerabilities rather than providing proof of testing.