Certificate of Cloud Auditing Knowledge (CCAK) — Question 214

Which of the following activities is performed outside information security monitoring?

Answer options

• A. Management review of the information security framework
• B. Collection and review of security events before escalation
• C. Periodic review of risks, vulnerabilities, likelihoods, and threats
• D. Monitoring the effectiveness of implemented controls

Correct answer: A

Explanation

The correct answer is A because management review of the information security framework is a strategic activity that typically occurs outside the day-to-day monitoring processes. Options B, C, and D are all activities directly related to information security monitoring, as they involve the analysis and oversight of security events and controls.