Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 61

Which of the following IT-related activities is most commonly performed by the second line of defense?

Answer options

• A. Block unauthorized traffic.
• B. Encrypt data.
• C. Review disaster recovery test results.
• D. Provide independent assessment of IT security.

Correct answer: D

Explanation

The second line of defense is responsible for providing an independent assessment of IT security, which includes evaluating and ensuring the effectiveness of security controls. Options A, B, and C are typically tasks associated with other lines of defense, such as operational security measures and recovery processes, rather than independent assessment.