Certified Information Security Manager (CISM) — Question 149

Which of the following activities provides the GREATEST insight into the level of threat exposure within an IT environment?

Answer options

• A. Executing an organization-wide security audit
• B. Performing penetration testing
• C. Performing technical vulnerability assessments
• D. Conducting a red team exercise

Correct answer: D

Explanation

Conducting a red team exercise simulates real-world attacks, providing the most realistic assessment of an organization's vulnerabilities and threat exposure. While security audits, penetration testing, and vulnerability assessments are important, they do not replicate the dynamic nature of actual threats as effectively as a red team exercise does.